dirmngr not picking up new config?

Peter Lebbing peter at digitalbrains.com
Wed Jul 3 16:43:40 CEST 2019 

On 03/07/2019 15:06, Werner Koch wrote:
> Check that you do not have a keyserver entry in your gpg.conf or
> Enigmail is calling gpg with that options.  The keyserver specified by
> gpg overrides whatever dirmngr has been configured to.
> 
>   debug ipc
>   log-file /some/file
> 
> in dirmngr.conf should shows what is going on.

There hasn't been a keyserver line in my gpg.conf in a long time; I
checked this before I created dirmngr.conf. And I was testing on the
command line, using --refresh-keys.

My guess is: dirmngr reloads existing configuration files but fails to
check for new ones.

Here's a reproduction:

--8<---------------cut here---------------start------------->8---
$ pwd
/home/peter
$ rm .gnupg/dirmngr.conf 
$ gpgconf --kill all
$ gpg --refresh-keys ac46efe6de500b3e
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: key AC46EFE6DE500B3E: 2 signatures not checked due to missing keys
gpg: key AC46EFE6DE500B3E: "Peter Lebbing <peter at digitalbrains.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ cat >.gnupg/dirmngr.conf <<EOF
keyserver hkps://keys.openpgp.org/
debug ipc
log-file /home/peter/dirmngr.log
EOF
$ gpgconf --reload dirmngr
$ systemctl status --user dirmngr.service
● dirmngr.service - GnuPG network certificate management daemon
   Loaded: loaded (/usr/lib/systemd/user/dirmngr.service; static; vendor preset: enabled)
   Active: active (running) since Wed 2019-07-03 16:29:12 CEST; 18s ago
     Docs: man:dirmngr(8)
 Main PID: 13160 (dirmngr)
   CGroup: /user.slice/user-1000.slice/user at 1000.service/dirmngr.service
           └─13160 /usr/bin/dirmngr --supervised

Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:67c:26b4::99:0]'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:67c:26b4::98:0]'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '209.244.105.201'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '192.146.137.99'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '192.146.137.98'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '51.38.91.189'
Jul 03 16:29:12 terrence dirmngr[13160]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '37.191.231.105'
Jul 03 16:29:26 terrence dirmngr[13160]: SIGHUP received - re-reading configuration and flushing caches
Jul 03 16:29:26 terrence dirmngr[13160]: permanently loaded certificates: 0
Jul 03 16:29:26 terrence dirmngr[13160]:     runtime cached certificates: 0
$ gpg --refresh-keys ac46efe6de500b3e
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: key AC46EFE6DE500B3E: 2 signatures not checked due to missing keys
gpg: key AC46EFE6DE500B3E: "Peter Lebbing <peter at digitalbrains.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ stat dirmngr.log
stat: cannot stat 'dirmngr.log': No such file or directory
$ gpgconf --kill dirmngr
$ gpg --refresh-keys ac46efe6de500b3e
gpg: refreshing 1 key from hkps://keys.openpgp.org/
gpg: key AC46EFE6DE500B3E: "Peter Lebbing <peter at digitalbrains.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
$ cat dirmngr.log
2019-07-03 16:30:01 dirmngr[13185.0] permanently loaded certificates: 0
2019-07-03 16:30:01 dirmngr[13185.0]     runtime cached certificates: 0
2019-07-03 16:30:01 dirmngr[13185.6] handler for fd 6 started
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> # Home: /home/peter/.gnupg
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> # Config: /home/peter/.gnupg/dirmngr.conf
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> OK Dirmngr 2.1.18 at your service
2019-07-03 16:30:01 dirmngr[13185.6] connection from process 13184 (1000:1000)
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 <- GETINFO version
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> D 2.1.18
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> OK
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 <- KEYSERVER
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> S KEYSERVER hkps://keys.openpgp.org/
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> OK
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 <- KS_GET -- 0x8FA94E79AD6AB56EE38CE5CBAC46EFE6DE500B3E
2019-07-03 16:30:01 dirmngr[13185.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2019-07-03 16:30:01 dirmngr[13185.6] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known]
2019-07-03 16:30:01 dirmngr[13185.6] number of system provided CAs: 152
2019-07-03 16:30:01 dirmngr[13185.6] DBG: chan_6 -> S SOURCE https://keys.openpgp.org:443
2019-07-03 16:30:02 dirmngr[13185.6] DBG: (16329 bytes sent via D lines not shown)
2019-07-03 16:30:02 dirmngr[13185.6] DBG: chan_6 -> OK
2019-07-03 16:30:02 dirmngr[13185.6] DBG: chan_6 <- BYE
2019-07-03 16:30:02 dirmngr[13185.6] DBG: chan_6 -> OK closing connection
2019-07-03 16:30:02 dirmngr[13185.6] handler for fd 6 terminated
--8<---------------cut here---------------end--------------->8---

Here's the stuff my Debian stable reports about my GnuPG:

--8<---------------cut here---------------start------------->8---
Package: gnupg
Version: 2.1.18-8~deb9u4

-- System Information:
Debian Release: 9.9
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable'), (610, 'testing'), (600, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 5.0.15 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg depends on:
ii  gnupg-agent    2.1.18-8~deb9u4
ii  libassuan0     2.4.3-2
ii  libbz2-1.0     1.0.6-8.1
ii  libc6          2.24-11+deb9u4
ii  libgcrypt20    1.7.6-2+deb9u3
ii  libgpg-error0  1.26-2
ii  libksba8       1.3.5-2
ii  libreadline7   7.0-3
ii  libsqlite3-0   3.16.2-5+deb9u1
ii  zlib1g         1:1.2.8.dfsg-5

Versions of packages gnupg recommends:
ii  dirmngr     2.1.18-8~deb9u4
ii  gnupg-l10n  2.1.18-8~deb9u4

Versions of packages gnupg suggests:
pn  parcimonie  <none>
pn  xloadimage  <none>

-- no debconf information
--8<---------------cut here---------------end--------------->8---

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/dcab6673/attachment-0001.sig>

More information about the Gnupg-users mailing list