[Bug 1625848] Re: gnupg2 appears to ignore http_proxy, fails to retrieve keys
Dimitri John Ledkov
launchpad at surgut.co.uk
Thu Dec 8 16:49:27 UTC 2016
** Also affects: gnupg2 (Ubuntu Yakkety)
Importance: Undecided
Status: New
** Changed in: gnupg2 (Ubuntu Yakkety)
Assignee: (unassigned) => Dimitri John Ledkov (xnox)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1625848
Title:
gnupg2 appears to ignore http_proxy, fails to retrieve keys
Status in GnuPG2:
Fix Released
Status in gnupg2 package in Ubuntu:
Triaged
Status in gnupg2 source package in Yakkety:
New
Bug description:
As seen in the LXC autopkgtest results:
http://autopkgtest.ubuntu.com/packages/lxc
The source of those failures is that pool.sks-keyserver.net isn't
allowed from within the autopkgtest environment. For that reason, LXC
will switch to the http transport on port 80 when http_proxy is set in
the environment.
Under gpgv1, this was causing gpg to grab keys through the specified
proxy as required in the autopkgtest environment and in a lot of
corporate environments where internet access is only available through
proxy.
In gpgv2, it looks like dirmngr just entirely ignores any proxy variable and just attempts to fetch the key directly rather than through the proxy, leading to a failure.
### Xenial
iptables -I OUTPUT -p tcp --dport 80 -j REJECT
ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT
root at xenial:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net
?: p80.pool.sks-keyservers.net: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver unreachable
gpg: keyserver communications error: public key not found
gpg: keyserver receive failed: public key not found
root at xenial:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net
gpg: key 22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
### Yakkety
root at yakkety:~# iptables -I OUTPUT -p tcp --dport 80 -j REJECT
root at yakkety:~# ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT
root at yakkety:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: keyserver receive failed: Connection refused
root at yakkety:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: keyserver receive failed: Connection refused
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg2/+bug/1625848/+subscriptions
More information about the foundations-bugs
mailing list