What Linux kernel configuration options are required by GPG for --refresh-keys?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 15 16:36:40 CEST 2015


On Fri 2015-05-15 07:43:12 -0400, Werner Koch wrote:
> On Thu, 14 May 2015 04:41, dbdaniel42 at gmail.com said:
>
>> #  gpg --homedir /etc/pacman.d/gnupg --refresh-keys
>> gpg: refreshing 80 keys from hkp://pool.sks-keyservers.net
>> gpg: keyserver refresh failed: Address family not supported by protocol
>
> DNS tells that there are v6 keyservers but your kernel seems to support
> only legacy IP.  Change your resolver not to return AAAA records.

shouldn't dirmngr know enough to stop trying v6 addresses when v6 isn't
available?

> I won't consider this a bug but I suspect that we will have a bug the
> other way around (No legacy IP but DNS returned A records).

shouldn't dirmngr know enough to stop trying v4 addresses when v4 isn't
available?

These seem like parallel problems to me, but maybe i'm missing
something.  Can you explain why the situations are different?

And just to clarify, which of the following best characterizes the bug
(or something else?):

 0) dirmngr can't talk to keyservers on networks it does not have access
    to.

 1) dirmngr tries to access keyservers on networks it does not have
    access to.

 2) dirmngr reports errors when trying to access keyservers on networks
    it does not have access to.

 3) dirmngr fails to try other addresses on networks it does have access
    to when some addresses fail.


        --dkg



More information about the Gnupg-users mailing list