Ubuntu
gnupg2 package

  1. Bug #1788190
  2. Activity log

Activity log for bug #1788190

Date Who What changed Old value New value Message
2018-08-21 14:20:30 wheelerlaw bug added bug
2018-08-21 14:23:57 wheelerlaw description I discovered this while running the following apt-key command: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 I was hoping apt-key would pick up the http_proxy environment variable, however it did not. So I had to pass it into gpg manually: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options http-proxy=$http_proxy --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 However, that still didn't work. So I messed around with running gnupg manually and found that the dirmngr has a bug in the implementation of its HTTP client. Essentially, dirmngr does not handle the http_proxy quite right, as it is still trying to resolve the hostname of the keyserver instead of just proxying the request through the HTTP proxy defined with the http-proxy argument. I configured dirmngr to show all debugging output: $ cat ~/.gnupg/dirmngr.conf log-file /home/wlaw/.gnupg/dirmngr.log verbose debug all Output of running gpg manually: $ gpg --debug-level guru --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options http-proxy=$http_proxy --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: chan_3 <- # Home: /home/wlaw/.gnupg gpg: DBG: chan_3 <- # Config: /home/wlaw/.gnupg/dirmngr.conf gpg: DBG: chan_3 <- OK Dirmngr 2.2.4 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_3 -> GETINFO version gpg: DBG: chan_3 <- D 2.2.4 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION http-proxy=http://localhost:3128/ gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.ubuntu.com:80 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KS_GET -- 0x2EE0EA64E40A89B84B2DF73499E82A75642AC823 gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr> gpg: keyserver receive failed: No keyserver available gpg: DBG: chan_3 -> BYE gpg: DBG: [not enabled in the source] stop gpg: keydb: handles=0 locks=0 parse=0 get=0 gpg: build=0 update=0 insert=0 delete=0 gpg: reset=0 found=0 not=0 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 gpg: secmem usage: 0/65536 bytes in 0 blocks Output of dirmngr.log: $ cat ~/.gnupg/dirmngr.log 2018-08-21 10:18:41 dirmngr[22513.0] permanently loaded certificates: 139 2018-08-21 10:18:41 dirmngr[22513.0] runtime cached certificates: 0 2018-08-21 10:18:41 dirmngr[22513.0] trusted certificates: 139 (138,0,0,1) 2018-08-21 10:18:41 dirmngr[22513.6] handler for fd 6 started 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> # Home: /home/wlaw/.gnupg 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> # Config: /home/wlaw/.gnupg/dirmngr.conf 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK Dirmngr 2.2.4 at your service 2018-08-21 10:18:41 dirmngr[22513.6] connection from process 22512 (1000:1000) 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- GETINFO version 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> D 2.2.4 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- OPTION http-proxy=http://localhost:3128/ 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- KEYSERVER --clear hkp://keyserver.ubuntu.com:80 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- KS_GET -- 0x2EE0EA64E40A89B84B2DF73499E82A75642AC823 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: libdns initialized 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(keyserver.ubuntu.com): No name 2018-08-21 10:18:41 dirmngr[22513.6] resolving 'keyserver.ubuntu.com' failed: No name 2018-08-21 10:18:41 dirmngr[22513.6] number of system provided CAs: 138 2018-08-21 10:18:41 dirmngr[22513.6] DBG: http.c:connect_server: trying name='localhost' port=3128 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(localhost): Success 2018-08-21 10:18:41 dirmngr[22513.6] can't connect to 'localhost': no IP address for host 2018-08-21 10:18:41 dirmngr[22513.6] error connecting to 'http://keyserver.ubuntu.com:80': Unknown host 2018-08-21 10:18:41 dirmngr[22513.6] marking host 'keyserver.ubuntu.com' as dead 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(keyserver.ubuntu.com): No name 2018-08-21 10:18:41 dirmngr[22513.6] resolving 'keyserver.ubuntu.com' failed: No name 2018-08-21 10:18:41 dirmngr[22513.6] host 'keyserver.ubuntu.com' marked as dead 2018-08-21 10:18:41 dirmngr[22513.6] command 'KS_GET' failed: No keyserver available 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> ERR 167772346 No keyserver available <Dirmngr> 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- BYE 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK closing connection 2018-08-21 10:18:41 dirmngr[22513.6] handler for fd 6 terminated This is only a problem when you're on a network that does not resolve DNS of internet hostnames (i.e. some sort of split-horizon setup). However, that shouldn't matter, because dirmngr should not be trying to resolve the address on its own if a proxy server has been defined and provided as an argument. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnupg2 2.2.4-1ubuntu1.1 ProcVersionSignature: Ubuntu 4.15.0-30.32-generic 4.15.18 Uname: Linux 4.15.0-30-generic x86_64 NonfreeKernelModules: talpa_vfshook talpa_pedconnector talpa_pedevice talpa_vcdevice talpa_core talpa_linux talpa_syscallhook wl nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Aug 21 10:04:02 2018 InstallationDate: Installed on 2018-04-06 (136 days ago) InstallationMedia: Ubuntu 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228) PackageArchitecture: all ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: gnupg2 UpgradeStatus: Upgraded to bionic on 2018-05-11 (101 days ago) I discovered this while running the following apt-key command: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 I was hoping apt-key would pick up the http_proxy environment variable, however it did not. So I had to pass it into gpg manually: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options http-proxy=$http_proxy --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 However, that still didn't work. So I messed around with running gnupg manually and found that the dirmngr has a bug in the implementation of its HTTP client. Essentially, dirmngr does not handle the http_proxy quite right, as it is still trying to resolve the hostname of the keyserver instead of just proxying the request through the HTTP proxy defined with the http-proxy argument. I configured dirmngr to show all debugging output: $ cat ~/.gnupg/dirmngr.conf log-file /home/wlaw/.gnupg/dirmngr.log verbose debug all Output of running gpg manually: $ gpg --debug-level guru --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options http-proxy=$http_proxy --recv 2EE0EA64E40A89B84B2DF73499E82A75642AC823 gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: chan_3 <- # Home: /home/wlaw/.gnupg gpg: DBG: chan_3 <- # Config: /home/wlaw/.gnupg/dirmngr.conf gpg: DBG: chan_3 <- OK Dirmngr 2.2.4 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_3 -> GETINFO version gpg: DBG: chan_3 <- D 2.2.4 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> OPTION http-proxy=http://localhost:3128/ gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.ubuntu.com:80 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KS_GET -- 0x2EE0EA64E40A89B84B2DF73499E82A75642AC823 gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr> gpg: keyserver receive failed: No keyserver available gpg: DBG: chan_3 -> BYE gpg: DBG: [not enabled in the source] stop gpg: keydb: handles=0 locks=0 parse=0 get=0 gpg: build=0 update=0 insert=0 delete=0 gpg: reset=0 found=0 not=0 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0               outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 gpg: secmem usage: 0/65536 bytes in 0 blocks Output of dirmngr.log: $ cat ~/.gnupg/dirmngr.log 2018-08-21 10:18:41 dirmngr[22513.0] permanently loaded certificates: 139 2018-08-21 10:18:41 dirmngr[22513.0] runtime cached certificates: 0 2018-08-21 10:18:41 dirmngr[22513.0] trusted certificates: 139 (138,0,0,1) 2018-08-21 10:18:41 dirmngr[22513.6] handler for fd 6 started 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> # Home: /home/wlaw/.gnupg 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> # Config: /home/wlaw/.gnupg/dirmngr.conf 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK Dirmngr 2.2.4 at your service 2018-08-21 10:18:41 dirmngr[22513.6] connection from process 22512 (1000:1000) 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- GETINFO version 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> D 2.2.4 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- OPTION http-proxy=http://localhost:3128/ 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- KEYSERVER --clear hkp://keyserver.ubuntu.com:80 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- KS_GET -- 0x2EE0EA64E40A89B84B2DF73499E82A75642AC823 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: libdns initialized 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(keyserver.ubuntu.com): No name 2018-08-21 10:18:41 dirmngr[22513.6] resolving 'keyserver.ubuntu.com' failed: No name 2018-08-21 10:18:41 dirmngr[22513.6] number of system provided CAs: 138 2018-08-21 10:18:41 dirmngr[22513.6] DBG: http.c:connect_server: trying name='localhost' port=3128 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(localhost): Success 2018-08-21 10:18:41 dirmngr[22513.6] can't connect to 'localhost': no IP address for host 2018-08-21 10:18:41 dirmngr[22513.6] error connecting to 'http://keyserver.ubuntu.com:80': Unknown host 2018-08-21 10:18:41 dirmngr[22513.6] marking host 'keyserver.ubuntu.com' as dead 2018-08-21 10:18:41 dirmngr[22513.6] DBG: dns: resolve_dns_name(keyserver.ubuntu.com): No name 2018-08-21 10:18:41 dirmngr[22513.6] resolving 'keyserver.ubuntu.com' failed: No name 2018-08-21 10:18:41 dirmngr[22513.6] host 'keyserver.ubuntu.com' marked as dead 2018-08-21 10:18:41 dirmngr[22513.6] command 'KS_GET' failed: No keyserver available 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> ERR 167772346 No keyserver available <Dirmngr> 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 <- BYE 2018-08-21 10:18:41 dirmngr[22513.6] DBG: chan_6 -> OK closing connection 2018-08-21 10:18:41 dirmngr[22513.6] handler for fd 6 terminated This is only a problem when you're on a network that does not resolve DNS of internet hostnames (i.e. some sort of split-horizon setup). However, that shouldn't matter, because dirmngr should not be trying to resolve the address on its own if a proxy server has been defined and provided as an argument. I can curl the hostname just fine using the HTTP proxy: $ curl keyserver.ubuntu.com -o keyserver -vvv * Rebuilt URL to: keyserver.ubuntu.com/ % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 127.0.0.1... * TCP_NODELAY set * Connected to localhost (127.0.0.1) port 3128 (#0) > GET http://keyserver.ubuntu.com/ HTTP/1.1 > Host: keyserver.ubuntu.com > User-Agent: curl/7.58.0 > Accept: */* > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 OK < Date: Tue, 21 Aug 2018 12:15:44 GMT < Server: sks_www/1.1.6 < Content-Length: 5004 < Content-Type: text/html; charset=UTF-8 < Access-Control-Allow-Origin: * < Vary: Accept-Encoding < Warning: 110 squid/3.5.12 "Response is stale" < X-Cache: HIT from cassava.canonical.com < X-Cache-Lookup: HIT from cassava.canonical.com:3128 < Via: 1.1 cassava.canonical.com (squid/3.5.12) < Proxy-Connection: Keep-Alive < Connection: Keep-Alive < Age: 7534 < { [3595 bytes data] 100 5004 100 5004 0 0 56224 0 --:--:-- --:--:-- --:--:-- 56224 * Connection #0 to host localhost left intact ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: gnupg2 2.2.4-1ubuntu1.1 ProcVersionSignature: Ubuntu 4.15.0-30.32-generic 4.15.18 Uname: Linux 4.15.0-30-generic x86_64 NonfreeKernelModules: talpa_vfshook talpa_pedconnector talpa_pedevice talpa_vcdevice talpa_core talpa_linux talpa_syscallhook wl nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.2 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Aug 21 10:04:02 2018 InstallationDate: Installed on 2018-04-06 (136 days ago) InstallationMedia: Ubuntu 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228) PackageArchitecture: all ProcEnviron:  TERM=xterm-256color  PATH=(custom, no user)  XDG_RUNTIME_DIR=<set>  LANG=en_US.UTF-8  SHELL=/bin/bash SourcePackage: gnupg2 UpgradeStatus: Upgraded to bionic on 2018-05-11 (101 days ago)
2018-08-28 00:45:00 Bryan Quigley bug added subscriber Bryan Quigley