?: keys.gnupg.net: Host not found
Yuri Kanivetsky
yuri.kanivetsky at gmail.com
Sat Oct 10 12:09:55 CEST 2015
>
> It is a pool. keys.gnupg.net is just an alias for the SKS server
> pool[1], IIRC. I host a server in this pool and it is set to drop all
> IPv4 ICMP packets, so will not respond to a ping even though the server
> is online. It will respond to ICMPv6 pings however.
> I am also NOT able to reproduce this error on XUbuntu 14.04 x64:
Okay, let us do this the other way around. That's what I'm getting on host
machine:
$ dig +noall +answer keys.gnupg.net | awk '$4 == "A" { print $5 }' |
while IFS= read -r; do echo "### $REPLY"; gpg --keyserver "hkp://$REPLY"
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3; done
### 62.210.74.32
gpg: keyserver receive failed: No keyserver available
### 78.157.209.9
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
### 132.248.241.99
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
### 154.127.60.51
gpg: keyserver receive failed: No keyserver available
### 176.9.100.87
gpg: keyserver receive failed: No data
### 178.33.187.175
gpg: keyserver receive failed: No keyserver available
### 206.176.170.195
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
### 209.135.211.141
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
### 212.71.252.8
gpg: keyserver receive failed: No keyserver available
### 5.9.143.170
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis at gmail.com>" not
changed
gpg: Total number processed: 1
gpg: unchanged: 1
> Inclusion in the pool is voluntary, so there aren't any "official"
> servers, so to speak, but there are criteria for being included in the
> main pool. [...] As far as uptime, if the server did not
> respond during the last check of the pool, it will not be included. So,
> in rare cases, there may be one or two servers in the pool that are not
> currently responding, but did so during the last check of the pool. If
> they do not respond at the next check, they are removed from the main pool.
Correct me if I'm wrong. Anybody can add a machine to a pool on condition
that it meets some specific criteria.
Speaking of official servers, I meant this. There's also
keyserver.ubuntu.com, keyring.debian.org. Surely there's no official
servers among those in the keys.gnupg.net pool. I meant, is keys.gnupg.net pool
an official source of keys? Can you recommend where to submit a key?
> both of these are using curl-shim, what happens if you try the full
> curl version (how to do that is distro-specific, iirc debian et al
> have a separate gnupg-curl package)?
>
After installing gnupg-curl:
$ gpg --version
gpg (GnuPG) 1.4.18
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ gpg --keyserver-options verbose,debug --keyserver hkp://keys.gnupg.net
--recv-key 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: curl version = libcurl/7.38.0 GnuTLS/3.3.8 zlib/1.2.8
libidn/1.28 librtmp/2.3
* Hostname was NOT found in DNS cache
* Could not resolve host: keys.gnupg.net
* Closing connection 0
gpgkeys: HTTP fetch error 6: Could not resolve host: keys.gnupg.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Tell me, if you need output of `gnupg-2.0.29` as well.
What are the known schematas listed for:
> $ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
>
$ echo "KEYSERVER --help" | gpg-connect-agent --dirmngr
gpg-connect-agent: no running Dirmngr - starting
'/usr/local/bin/dirmngr'
gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
gpg-connect-agent: connection to the dirmngr established
S # Known schemata:
S # hkp
S # http
S # finger
S # kdns
S # (Use an URL for engine specific help.)
OK
How was this 2.1 version built?
>
`./configure && make && sudo make install` in the previous email, and
`./configure CFLAGS='-g -O0' CXXFLAGS='-g -O0' && make && sudo make
install` in this one.
AFAICS, it's the dirmngr who does the request. Can I reproduce it with
dirmngr alone, not involving gpg binary?
Regards,
Yuri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151010/875435fa/attachment-0001.html>
More information about the Gnupg-users
mailing list