Re: resolv.conf and gnupg2
Corinna Vinschen wrote: IIUC, that should be fixable by configuring gnupg with --disable-libdns. Yes, below is the message that I sent to Marco but which was rejected by this list because I wasn't subscribed at the time that I replied to all. -- -Chad On 2022-08-07 10:34, Marco Atzeri wrote: Any suggestion on how to solve the absence of /etc/resolv.conf ? I doubt gnupg2 is the proper package to do so. Looking into this, I'm reminded of how much I really dislike the design of gnupg2. dirmngr appears to have its own DNS client library that tries to do the resolv.conf parsing among other things. I believe this library gets compiled into the current cygwin package. I noticed this configuration option: --disable-libdnsdo not build with libdns support I just tested a build using this option and it seemed to fix the problem for me. I did not use the full end-to-end cygport process but I think the patch at the bottom of this message should do the trick. Could you give it a shot? Thanks... -- -Chad $ diff -u gnupg2.cygport.orig gnupg2.cygport --- gnupg2.cygport.orig 2022-08-08 14:00:18.562073400 -0400 +++ gnupg2.cygport 2022-08-08 14:00:53.14695 -0400 @@ -22,6 +22,6 @@ cygautoreconf sed -i -e '/^development_version=/s/yes/no/' configure cd ${B} - cygconf --enable-gpg-is-gpg2 + cygconf --enable-gpg-is-gpg2 --disable-libdns cygmake }
Re: resolv.conf and gnupg2
On Aug 8 21:13, Yasuhiro Kimura wrote: > From: Corinna Vinschen > Subject: Re: resolv.conf and gnupg2 > Date: Mon, 8 Aug 2022 09:30:47 +0200 > > > I can't believe (but may be wrong, of course) that gnupg2 tries to > > access /etc/resolv.conf by itself. I would rather guess that gnupg2 > > is linked against one or more libs provided by the bind package, > > and thus uses the resolver from the bind package. However, Cygwin > > provides its own resolver entry points, and those don't need > > /etc/resolv.conf, because they utilize the OS resolver. > > > > Is there a build option to avoid building against the bind lib? > > Alternatively it might be possible to inject an autoconf variable > > from cygport...? > > > > > > Corinna > > Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way. > > (Cygwin64)yasu@rolling[1007]% pwd > /cygdrive/c/Users/yasu/Work/gnupg > (Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf > NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657] > NEWS: * dirmngr: Now detects a changed /etc/resolv.conf. > dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf" > dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */ > dirmngr/dns-stuff.c:log_debug ("dns: resolv.conf changed - forcing > reload\n"); > dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf, > "/etc/resolv.conf"))) { > dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of > dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in > resolv.conf. */ > dirmngr/dns.c: * is the intersection of the /etc/resolv.conf > families and > dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type > dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] = > "/etc/resolv.conf"; > dirmngr/dns.c: { "show-resconf", _resconf, "show > resolv.conf data" }, > dirmngr/dns.c: " -c PATH Path to resolv.conf\n" > (Cygwin64)yasu@rolling[1009]% IIUC, that should be fixable by configuring gnupg with --disable-libdns. Corinna
Re: resolv.conf and gnupg2
From: Corinna Vinschen Subject: Re: resolv.conf and gnupg2 Date: Mon, 8 Aug 2022 09:30:47 +0200 > I can't believe (but may be wrong, of course) that gnupg2 tries to > access /etc/resolv.conf by itself. I would rather guess that gnupg2 > is linked against one or more libs provided by the bind package, > and thus uses the resolver from the bind package. However, Cygwin > provides its own resolver entry points, and those don't need > /etc/resolv.conf, because they utilize the OS resolver. > > Is there a build option to avoid building against the bind lib? > Alternatively it might be possible to inject an autoconf variable > from cygport...? > > > Corinna Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way. (Cygwin64)yasu@rolling[1007]% pwd /cygdrive/c/Users/yasu/Work/gnupg (Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657] NEWS: * dirmngr: Now detects a changed /etc/resolv.conf. dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf" dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */ dirmngr/dns-stuff.c:log_debug ("dns: resolv.conf changed - forcing reload\n"); dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf, "/etc/resolv.conf"))) { dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in resolv.conf. */ dirmngr/dns.c: * is the intersection of the /etc/resolv.conf families and dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] = "/etc/resolv.conf"; dirmngr/dns.c: { "show-resconf", _resconf, "show resolv.conf data" }, dirmngr/dns.c: " -c PATH Path to resolv.conf\n" (Cygwin64)yasu@rolling[1009]% --- Yasuhiro Kimura
Re: resolv.conf and gnupg2
On Aug 8 09:30, Corinna Vinschen wrote: > On Aug 7 16:34, Marco Atzeri wrote: > > Hi, > > > > currently as default Gnupg 2.x is unable to contact keyservers and recover > > any key. Gnupg 1.x has not such problem > > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver > > receive failed: No such file or directory > > > > The cryptic message is due to the absence of a /etc/resolv.conf > > as adding a simple one with a public DNS server overcomes the issue > > > > $ cat /etc/resolv.conf > > ; /etc/resolv.conf file for dnsmaster > > ; > > domain .com > > nameserver 0.0.0.0 > > nameserver 8.8.8.8 > > > > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 > > gpg: key D17BF2305981E818: 1 duplicate signature removed > > gpg: key D17BF2305981E818: "Andrew Makhorin " not chan > > gpg: Total number processed: 1 > > gpg: unchanged: 1 > > > > > > I would expect BIND to be a package that creates/manages resolv.conf as > > it provides a library to parser it, but I do not see any place where this is > > done. > > > > $ cygcheck -p resolv.conf > > Found 7 matches for resolv.conf > > .. > > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library > > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages > > > > Any suggestion on how to solve the absence of /etc/resolv.conf ? > > I doubt gnupg2 is the proper package to do so. > > I can't believe (but may be wrong, of course) that gnupg2 tries to > access /etc/resolv.conf by itself. I would rather guess that gnupg2 > is linked against one or more libs provided by the bind package, > and thus uses the resolver from the bind package. However, Cygwin > provides its own resolver entry points, and those don't need > /etc/resolv.conf, because they utilize the OS resolver. > > Is there a build option to avoid building against the bind lib? > Alternatively it might be possible to inject an autoconf variable > from cygport...? Having said that, Cygwin provides libresolv.a by itself anyway. How gets gnupg2 around that? How does it resolve? Corinna
Re: resolv.conf and gnupg2
On Aug 8 11:15, ASSI wrote: > Mark Geisert writes: > > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to > > public DNS server(s)? Some users might object to Google's public DNS > > (e.g. 8.8.8.8) though. > > No, this would be the job for any software that configures the DNS > resolver. However, I'd prefer if no resolver libraries ever looked at > /etc/resolv.conf as it doesn't really make sense for Cygwin to muck > about with the DNS configuration independently of what Windows provides. I agree, actually. Right now, Cygwin's resolver checks for /etc/resolv.conf, too, but uses the OS stuff if /etc/resolv.conf isn't available. So I wonder, just as you do, if we shouldn't drop support for /etc/resolv.conf and let this be handled by the OS only. In theory, we have two scenarios: - Either a user is also admin and can change the OS settings anyway, - or the user is not admin and the admins very likely don't like the user to change the resolver settings on the company machine... Corinna
Re: resolv.conf and gnupg2
Mark Geisert writes: > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to > public DNS server(s)? Some users might object to Google's public DNS > (e.g. 8.8.8.8) though. No, this would be the job for any software that configures the DNS resolver. However, I'd prefer if no resolver libraries ever looked at /etc/resolv.conf as it doesn't really make sense for Cygwin to muck about with the DNS configuration independently of what Windows provides. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
Re: resolv.conf and gnupg2
On Aug 7 16:34, Marco Atzeri wrote: > Hi, > > currently as default Gnupg 2.x is unable to contact keyservers and recover > any key. Gnupg 1.x has not such problem > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver > receive failed: No such file or directory > > The cryptic message is due to the absence of a /etc/resolv.conf > as adding a simple one with a public DNS server overcomes the issue > > $ cat /etc/resolv.conf > ; /etc/resolv.conf file for dnsmaster > ; > domain .com > nameserver 0.0.0.0 > nameserver 8.8.8.8 > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 > gpg: key D17BF2305981E818: 1 duplicate signature removed > gpg: key D17BF2305981E818: "Andrew Makhorin " not chan > gpg: Total number processed: 1 > gpg: unchanged: 1 > > > I would expect BIND to be a package that creates/manages resolv.conf as > it provides a library to parser it, but I do not see any place where this is > done. > > $ cygcheck -p resolv.conf > Found 7 matches for resolv.conf > .. > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages > > Any suggestion on how to solve the absence of /etc/resolv.conf ? > I doubt gnupg2 is the proper package to do so. I can't believe (but may be wrong, of course) that gnupg2 tries to access /etc/resolv.conf by itself. I would rather guess that gnupg2 is linked against one or more libs provided by the bind package, and thus uses the resolver from the bind package. However, Cygwin provides its own resolver entry points, and those don't need /etc/resolv.conf, because they utilize the OS resolver. Is there a build option to avoid building against the bind lib? Alternatively it might be possible to inject an autoconf variable from cygport...? Corinna