help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: No gpg keyservers available on GuixSD out-of-the-box

From: Leo Famulari
Subject: Re: No gpg keyservers available on GuixSD out-of-the-box
Date: Mon, 4 Jan 2016 13:26:44 -0500
User-agent: Mutt/1.5.24 (2015-08-30) 
On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote:
> address@hidden (Ludovic Courtès) writes:
> 
> > address@hidden skribis:
> >
> >> On 2016-01-01 19:21, address@hidden wrote:
> >>> On 2015-12-30 22:16, address@hidden wrote:
> >>>> Which version of GnuPG is it, per “gpg2 --version”?
> >>> ~$ gpg2 --version
> >>> gpg (GnuPG) 2.1.10
> >>> libgcrypt 1.6.3
> >>
> >> I now tested with the 2.0 version and the result was that it only
> >> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
> >>
> >> So to sum it up (i'm on an i686 platform):
> >> (with default config-files)
> >> gpg 2.1.10 - keyservers are not reachable at all
> >> gpg 2.0.29 - keyservers are only reachable when using --keyserver
> >> URL-to-keyserver on the commandline omplains about wrong keyserver URI
> >> when not specifying --keyserver URL-to-keyserver).
> >
> > I confirm that 2.1 behaves differently:
> >
> > $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 
> > 3D9AEBB5
> > gpg: key "3D9AEBB5 #EA52ECF4" not found
> > gpg: (check argument of option '--hidden-encrypt-to')
> > $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 
> > 3D9AEBB5
> > gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> > gpg: key 3D9AEBB5: "Ludovic Courtès <address@hidden>" not changed
> > gpg:       Nombro traktita entute: 1
> > gpg:                   neŝanĝitaj: 1
> >
> > I would suggest reaching out to the GnuPG mailing lists.
> >
> > Ludo’.
> >
> 
> Hi,
> 
> I thought I figured out my mistake from 12 months ago when GnuPG broke
> (and I faded out using it), the question here got me motivated to look
> into 2.1 issues again.
> 
> I got it to the point where it works again, meaning searching for
> keys (although I am unsure wether it uses hkp or hkps protocol), etc.
> 
> ~/.gnupg$ tree
> .
> ├── crls.d
> │   └── DIR.txt
> ├── dirmngr.conf
> ├── gpg-agent.conf
> ├── gpg.conf
> ├── openpgp-revocs.d
> 
> ├── private-keys-v1.d
> 
> ├── pubring.kbx
> ├── pubring.kbx~
> ├── random_seed
> ├── S.dirmngr
> ├── S.gpg-agent
> └── trustdb.gpg
> 
> What I did was start from scratch with GnuPG 2.1:
> 
> cat gpg.conf 
> keyserver-options no-honor-keyserver-url include-revoked
> fixed-list-mode
> keyid-format 0xlong
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 
> BZIP2 ZLIB ZIP Uncompressed
> use-agent
> verify-options show-uid-validity
> list-options show-uid-validity
> cert-digest-algo SHA512
> no-comments
> with-fingerprint
> no-emit-version
> 
> cat dirmngr.conf 
> keyserver hkp://hkps.pool.sks-keyservers.net
> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
> 
> cat gpg-agent.conf 
> pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
> default-cache-ttl 86400
> 
> 
> I noticed that gpg-agent needs at least those 2 entries to work with.
> 
> Related question:
> is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?

I'm using the Debian provided pinentry, but it looks like our pinentry
provides a GTK interface and a console (ncurses?) interface, at least
based on the package definition in gnupg.scm.

> 
> 
> -- 
> Ni* -- http://www.libertad.pw
> Email is public. Talk to me in private:
> https://psyced.org:34443/~niasterisk
> privacy respecting, secure communication:
> BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
> (bitmessage)
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]