[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: No gpg keyservers available on GuixSD out-of-the-box
From: |
Ni* |
Subject: |
Re: No gpg keyservers available on GuixSD out-of-the-box |
Date: |
Mon, 04 Jan 2016 17:50:47 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
address@hidden (Ludovic Courtès) writes:
> address@hidden skribis:
>
>> On 2016-01-01 19:21, address@hidden wrote:
>>> On 2015-12-30 22:16, address@hidden wrote:
>>>> Which version of GnuPG is it, per “gpg2 --version”?
>>> ~$ gpg2 --version
>>> gpg (GnuPG) 2.1.10
>>> libgcrypt 1.6.3
>>
>> I now tested with the 2.0 version and the result was that it only
>> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
>>
>> So to sum it up (i'm on an i686 platform):
>> (with default config-files)
>> gpg 2.1.10 - keyservers are not reachable at all
>> gpg 2.0.29 - keyservers are only reachable when using --keyserver
>> URL-to-keyserver on the commandline omplains about wrong keyserver URI
>> when not specifying --keyserver URL-to-keyserver).
>
> I confirm that 2.1 behaves differently:
>
> $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys
> 3D9AEBB5
> gpg: key "3D9AEBB5 #EA52ECF4" not found
> gpg: (check argument of option '--hidden-encrypt-to')
> $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys
> 3D9AEBB5
> gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> gpg: key 3D9AEBB5: "Ludovic Courtès <address@hidden>" not changed
> gpg: Nombro traktita entute: 1
> gpg: neŝanĝitaj: 1
>
> I would suggest reaching out to the GnuPG mailing lists.
>
> Ludo’.
>
Hi,
I thought I figured out my mistake from 12 months ago when GnuPG broke
(and I faded out using it), the question here got me motivated to look
into 2.1 issues again.
I got it to the point where it works again, meaning searching for
keys (although I am unsure wether it uses hkp or hkps protocol), etc.
~/.gnupg$ tree
.
├── crls.d
│ └── DIR.txt
├── dirmngr.conf
├── gpg-agent.conf
├── gpg.conf
├── openpgp-revocs.d
├── private-keys-v1.d
├── pubring.kbx
├── pubring.kbx~
├── random_seed
├── S.dirmngr
├── S.gpg-agent
└── trustdb.gpg
What I did was start from scratch with GnuPG 2.1:
cat gpg.conf
keyserver-options no-honor-keyserver-url include-revoked
fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5
BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
cert-digest-algo SHA512
no-comments
with-fingerprint
no-emit-version
cat dirmngr.conf
keyserver hkp://hkps.pool.sks-keyservers.net
hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
cat gpg-agent.conf
pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
default-cache-ttl 86400
I noticed that gpg-agent needs at least those 2 entries to work with.
Related question:
is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?
--
Ni* -- http://www.libertad.pw
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)