1224816 – gpg2 does not support hkps

Bug 1224816 - gpg2 does not support hkps

Summary: gpg2 does not support hkps

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnupg2
Sub Component:
Version:	22
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1241984 1287052 (view as bug list)
Depends On:	1225062
Blocks:
TreeView+	depends on / blocked

Reported:	2015-05-25 22:27 UTC by George Tankersley
Modified:	2015-12-01 12:09 UTC (History)
CC List:	8 users (show)
Fixed In Version:	gnupg2-2.1.4-2.fc23
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-26 16:22:20 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description George Tankersley 2015-05-25 22:27:22 UTC

Description of problem:

Dirmngr does not report HKPS support and `gpg2 --refresh-keys` fails when using a HKPS keyserver.

Version-Release number of selected component (if applicable):

Name        : gnupg2
Arch        : x86_64
Epoch       : 0
Version     : 2.1.4
Release     : 1.fc22
Size        : 6.9 M
Repo        : @System
From repo   : updates-testing

How reproducible:

Configure gpg2 to use an HKPS server and attempt to refresh keys.


Steps to Reproduce:
1. Configure gpg2 to use an HKPS server. Instructions: https://sks-keyservers.net/overview-of-pools.php#pool_hkps
2. Attempt to refresh your keyring: `gpg2 --refresh-keys`


Actual results:

$ gpg2 --refresh-keys
gpg: refreshing 8 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No keyserver available

$ dirmngr
dirmngr[574.0]: error opening '/home/gtank/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[574.0]: permanently loaded certificates: 0
dirmngr[574.0]:     runtime cached certificates: 0
# Home: ~/.gnupg
# Config: /home/gtank/.gnupg/dirmngr.conf
OK Dirmngr 2.1.4 at your service
KEYSERVER --help
S # Known schemata:
S #   hkp
S #   http
S #   finger
S #   kdns
S #   ldap
S # (Use an URL for engine specific help.)
OK


Expected results:

gpg2 should be able to contact keyserver and dirmngr should report an hkps schema.

Additional info:

This is possibly because dirmngr was not compiled with gnutls support. See http://www.gossamer-threads.com/lists/gnupg/users/69755#69755

Comment 1 Tomas Mraz 2015-05-26 16:22:20 UTC

Unfortunately this cannot be added to Fedora 22 as the gnutls would pull trousers, systemd and multiple other packages into mock buildroot and other limited root installs.

Comment 2 Steven Haigh 2015-06-11 04:45:33 UTC

After spending the best part of a day trying to figure out why HKPS support wouldn't work - and finally coming across this bug report, I'm a bit confused at the closing reason.

Are you saying that this can't be built in mock due to dependencies? or its too hard? or something else?

Comment 3 Tomas Mraz 2015-06-11 07:32:11 UTC

Yes, this can't be built in mock due to dependencies. The trousers package would first have to be split in already released Fedora 22 and that is something we do not want to do as it could cause unwanted dependency issues for people that use trousers.

So you will have to wait to Fedora 23 for the HKPS support.

Comment 4 Tomas Mraz 2015-07-13 07:47:33 UTC

*** Bug 1241984 has been marked as a duplicate of this bug. ***

Comment 5 Tomas Mraz 2015-12-01 12:09:02 UTC

*** Bug 1287052 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.