--search-keys: "gpg: error searching keyserver: No inquire callback in IPC"

Sat Jul 31 19:56:34 CEST 2021

Am 31.07.21 um 17:40 schrieb Werner Koch:
> On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:
> 
>> If you built gnupg from its default configuration, it does not
>> automatically look in /etc/ssl/certs for CA certificates. You may want
> 
> On Unix and unless gnupg was build with --with-default-trust-store-file
> the following collections of certificates are used for TLS:
> 
>     { "/etc/ssl/ca-bundle.pem" },
>     { "/etc/ssl/certs/ca-certificates.crt" },
>     { "/etc/pki/tls/cert.pem" },
>     { "/usr/local/share/certs/ca-root-nss.crt" },
>     { "/etc/ssl/cert.pem" }
> 
Thanks. None of those files is on my system. So it's probably no wonder
that "--search-keys" didn't work.

Either I messed up big or LFS/BLFS uses a setup for the certificates
that is not what gnupg expects. In the latter case
	--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt
may indeed be the way to go for LFS/BLFS systems.

I'll cc this to blfs-support so that the editors can draw their own
conclusions. Or castigate me for being too stupid to follow the
instructions somewhere. ;)

>> to add a soft link from /etc/gnupg/trusted-certs to /etc/ssl/certs so
>> that dirmngr looks in the Mozilla certificate library.
> 
> Not a too good idea becuase these certificates are used for a different
> purpose.  
> 
> 
> FWIW, here is the list of internal certificate classes used:
> 
>   CERTTRUST_CLASS_SYSTEM  = 1, /* From the system's list of trusted certs. */
>   CERTTRUST_CLASS_CONFIG  = 2, /* From dirmngr's config files.         */
>   CERTTRUST_CLASS_HKP     = 4, /* From --hkp-cacert                    */
>   CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> 