Date: Tue, 23 Feb 2016 15:28:20 +0000 From: "Mire, John" <jmire@lsuhsc.edu> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: GnuPG(2.1.11) update problems Message-ID: <0B62814C161EBA4BB69C995965D04C7070D6667D@SH-ExchMB2.master.lsuhsc.edu>
next in thread | raw e-mail | index | archive | help
Running FreeBSD 10.2-RELEASE-p12 #1 r295138
IPv4 connectivity only
NO IPv6
Updated (GnuPG) 2.0.29 --> (GnuPG) 2.1.11 from ports
Modified ~/.gnupg/gpg.conf as follows:
##
## gpg.conf
##
no-greeting
comment ""
default-key 500026E6
default-recipient-self
force-v3-sigs
charset utf-8
keyserver hkp://hkps.pool.sks-keyservers.net
#moved options to
#keyserver-options ca-cert-file=3D/usr/local/share/gnupg/certs/sks-keyserve=
rs.netCA.pem
#keyserver-options ca-cert-path=3D/usr/local/share/gnupg/certs
use-agent
utf8-strings
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5=
ZLIB BZIP2 ZIP Uncompressed
##EOF
Added ~/.gnupg/dirmngr.conf as follows:
##
## dirmngr.conf
##
#keyserver hkp://jirk5u4osbsr34t5.onion
keyserver hkps://hkps.pool.sks-keyservers.net
# --hkp-cacert FILENAME
#
# For the "hkps" scheme (keyserver access over TLS), Dirmngr needs to
# know the root certificates for verification of the TLS certificates
# used for the connection. Enter the full name of a file with the
# root certificates here. If that file is in PEM format a ".pem"
# suffix is expected. This option may be given multiple times to add
# more root certificates. Tilde expansion is supported.
hkp-cacert /etc/ssl/sks-keyservers.netCA.pem
hkp-cacert /etc/ssl/cert.pem
##EOF
GnuPG(1.4.20) works fine with just HKP :
% gpg --search-keys 0x500026E6
gpg: searching for "0x500026E6" from hkp server hkps.pool.sks-keyservers.ne=
t
(1) John Mire <jmire@lsuhsc.edu>
4096 bit RSA key 500026E6, created: 2011-09-11
Keys 1-1 of 1 for "0x500026E6". Enter number(s), N)ext, or Q)uit > q
GnuPG(2.1.11) gives the following:
% gpg2 --search-keys 0x500026E6
gpg: error searching keyserver: No route to host
gpg: keyserver search failed: No route to host
closer examination of dirmngr
unless it decides to use an IPv6 server address, it can resolve:
% dirmngr
dirmngr[61610.0]: permanently loaded certificates: 0
dirmngr[61610.0]: runtime cached certificates: 0
# Home: ~/.gnupg
# Config: /home/jmire/.gnupg/dirmngr.conf
OK Dirmngr 2.1.11 at your service
ks_search 0x500026E6
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4c=
kbone.de'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks=
.spodhuis.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key=
server.nbg-ha.de'
S PROGRESS tick ? 0 0
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20=
01:ba8:1f1:f2d4::2]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[26=
04:a880:800:10::163:b001]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon=
e.digitalis.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf=
u.ki.iif.hu'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a=
00:1280:8000:4::3]'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'zim=
merman.mayfirst.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key=
s02.fedoraproject.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks=
.spodhuis.org' [already known]
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key=
server.nbg-ha.de' [already known]
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf=
u.ki.iif.hu' [already known]
S PROGRESS tick ? 0 0
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kro=
necker.scientia.net'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1=
.adeti.org'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ote=
iza.siccegge.de'
dirmngr[61610.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cry=
ptonomicon.mit.edu'
dirmngr[61610.0]: can't connect to 'oteiza.siccegge.de': no IP address for =
host
dirmngr[61610.0]: error connecting to 'https://oteiza.siccegge.de:443': Unk=
nown host
dirmngr[61610.0]: marking host 'oteiza.siccegge.de' as dead
S PROGRESS tick ? 0 0
S SOURCE https://cryptonomicon.mit.edu:443
D info:1:1%0Apub:2F69495FFA0850CDD83771E0E3DF4A51500026E6:1:4096:1315778755=
::%0Auid:John Mire <jmire@lsuhsc.edu>:1315778755::%0A%0D%0A
OK
ks_search 0x4F25E3B6
S PROGRESS tick ? 0 0
S SOURCE https://cryptonomicon.mit.edu:443
D info:1:1%0Apub:D8692123C4065DEA5E0F3AB5249B39D24F25E3B6:1:2048:1294830465=
:1577790083:%0Auid:Werner Koch (dist sig):1294830465::%0A%0D%0A
OK
Bye
% dirmngr
dirmngr[62413.0]: permanently loaded certificates: 0
dirmngr[62413.0]: runtime cached certificates: 0
# Home: ~/.gnupg
# Config: /home/jmire/.gnupg/dirmngr.conf
OK Dirmngr 2.1.11 at your service
ks_search jmire dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyse=
rvers.net': 'b4ckbone.de'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20=
01:ba8:1f1:f2d4::2]'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'a.k=
eyserver.pki.scientia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a=
01:4a0:59:1000:223:9eff:fe00:100f]'
S PROGRESS tick ? 0 0
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon=
e.digitalis.org'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf=
u.ki.iif.hu'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[20=
01:41d0:8:1856::1:1]'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'pro=
d00.keyserver.dca.witopia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'bon=
e.digitalis.org' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ip-=
209-135-211-141.ragingwire.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'b4c=
kbone.de' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'kro=
necker.scientia.net'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'cry=
ptonomicon.mit.edu'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'sks=
.srv.dumain.com'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'ote=
iza.siccegge.de'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'key=
s02.fedoraproject.org'
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'huf=
u.ki.iif.hu' [already known]
dirmngr[62413.0]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': 'mx1=
.adeti.org'
dirmngr[62413.0]: can't connect to '2a01:4a0:59:1000:223:9eff:fe00:100f': N=
o route to host
dirmngr[62413.0]: error connecting to 'https://[2a01:4a0:59:1000:223:9eff:f=
e00:100f]:443': No route to host
dirmngr[62413.0]: command 'KS_SEARCH' failed: No route to host
ERR 167804970 No route to host <Dirmngr>
How can I let dirmngr know that IPv6 isn't available???
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0B62814C161EBA4BB69C995965D04C7070D6667D>