Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-08 Thread shirish शिरीष 
at bottom :-

On 08/01/2017, intrigeri  wrote:
> shirish शिरीष:
>> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197
>
>> gpg: keyserver receive failed: No keyserver available
>
>> Tried it multiple times but get the above failure.
>
> [...]
>
>> Any ideas what I need to do next ?
>
> Add a "debug-all" line in ~/.gnupg/dirmngr.conf, restart
> dirmngr.socket, try again and look at the logs (on my system they are
> in the systemd Journal).
>
> Cheers,
> --
> intrigeri
>

Umm.. there was no ~/.gnupg/dirmngr.conf hence had to make one

$ touch ~/.gnupg/dirmngr.conf

$ cd ~/.gnupg/

$ nano dirmngr.conf

and just added debug-all

┌─[shirish@debian] - [~/.gnupg] - [10017]
└─[$] cat dirmngr.conf

debug-all



Did the remaining bits.

And this is the result.

$ journalctl --since "1 hour ago"

While I have shared all the entries, the most pertinent might be -

Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> # Home:
/home/shirish/.gnupg
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> # Config:
/home/shirish/.gnupg/dirmngr.conf
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK Dirmngr 2.1.17
at your service
Jan 08 14:46:40 debian dirmngr[1203]: connection from process 1370 (1000:1000)
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- GETINFO version
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> D 2.1.17
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- KEYSERVER --clear
hkp://pgp.mit.edu
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK
Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- KS_GET -- 0xDAD95197
Jan 08 14:46:40 debian dirmngr[1203]: DBG: dns: libdns initialized
Jan 08 14:46:50 debian dirmngr[1203]: DBG: dns:
getsrv(_hkp._tcp.pgp.mit.edu): Server indicated a failure
Jan 08 14:46:50 debian dirmngr[1203]: command 'KS_GET' failed: Server
indicated a failure 
Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 -> ERR 219 Server
indicated a failure 
Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 <- BYE
Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 -> OK closing connection
Jan 08 14:46:50 debian dirmngr[1203]: handler for fd 5 terminated

Please go through the attached logs and let me know if any
improvements can be made.

All any any advice would be useful.

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Trying to enqueue job 
dirmngr.socket/restart/replace
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Installed new job 
dirmngr.service/restart as 219
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Installed new job 
dirmngr.socket/restart as 216
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Enqueued job 
dirmngr.socket/restart as 216
..
..
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Changed running -> 
stop-sigterm
Jan 08 14:46:21 debian dirmngr[7477]: SIGTERM received - shutting down ...
Jan 08 14:46:21 debian dirmngr[7477]: dirmngr (GnuPG) 2.1.17 stopped
...
...
Jan 08 14:46:21 debian systemd[1]: Got cgroup empty notification for: 
/user.slice/user-1000.slice/user@1000.service/dirmngr.service
Jan 08 14:46:21 debian systemd[2360]: Received SIGCHLD from PID 7477 (dirmngr).
Jan 08 14:46:21 debian systemd[2360]: Child 7477 (dirmngr) died (code=exited, 
status=0/SUCCESS)
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Child 7477 belongs to 
dirmngr.service
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Main process exited, 
code=exited, status=0/SUCCESS
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Changed stop-sigterm -> 
dead
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Job 
dirmngr.service/restart finished, result=done
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Converting job 
dirmngr.service/restart -> dirmngr.service/start
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: cgroup is empty
.
..
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Changed running -> dead
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Job 
dirmngr.socket/restart finished, result=done
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Converting job 
dirmngr.socket/restart -> dirmngr.socket/start
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Changed dead -> listening
Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Job dirmngr.socket/start 
finished, result=done
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Failed to set pids.max: 
No such file or directory
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Passing 1 fds to service
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: About to execute: 
/usr/bin/dirmngr --supervised
Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Forked /usr/bin/dirmngr

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-08 Thread intrigeri 
shirish शिरीष:
> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197

> gpg: keyserver receive failed: No keyserver available

> Tried it multiple times but get the above failure.

[...]

> Any ideas what I need to do next ?

Add a "debug-all" line in ~/.gnupg/dirmngr.conf, restart
dirmngr.socket, try again and look at the logs (on my system they are
in the systemd Journal).

Cheers,
-- 
intrigeri

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-08 Thread shirish शिरीष 
at bottom :-

On 08/01/2017, intrigeri  wrote:
> shirish शिरीष:
>> in-line :-
>
>> On 07/01/2017, Daniel Kahn Gillmor  wrote:
>>> Have you restarted dirmngr since the upgrade?
>
>> how do I restart it ?
>
> systemctl --user restart dirmngr.socket
>
> :)
>

Did that and get the following -

─[$] systemctl --user restart dirmngr.socket

─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197

gpg: keyserver receive failed: No keyserver available

Tried it multiple times but get the above failure.

http://isup.me/pgp.mit.edu/ says it's up.

traceroute conks out at -

18  backbone-rtr-1-dmz-rtr-1.mit.edu (18.192.1.2)  292.026 ms  295.082
ms  291.067 ms
19  oc11-rtr-1-backbone-rtr-1.mit.edu (18.168.69.2)  300.451 ms
299.278 ms  306.400 ms
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Any ideas what I need to do next ?

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-07 Thread intrigeri 
shirish शिरीष:
> in-line :-

> On 07/01/2017, Daniel Kahn Gillmor  wrote:
>> Have you restarted dirmngr since the upgrade?

> how do I restart it ?

systemctl --user restart dirmngr.socket 

:)

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-07 Thread shirish शिरीष 
in-line :-

On 07/01/2017, Daniel Kahn Gillmor  wrote:
> On Fri 2017-01-06 17:49:04 -0500, shirish शिरीष wrote:
>> But issue is still continuing -
>>
>> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197
>>
>> [4:22:18]
>> gpg: keyserver receive failed: No keyserver available
>>
>> I tried multiple times with various other keys but didn't succeed.
>
> Have you restarted dirmngr since the upgrade?

how do I restart it ?

dirmngr.service isn't even found :(

─[$] dpkg -L dirmngr | grep dirmngr.service
/usr/lib/systemd/user/dirmngr.service

─[$] ll -h /usr/lib/systemd/user/dirmngr.service

-rw-r--r-- 1 root root 250 2016-11-18 19:53
/usr/lib/systemd/user/dirmngr.service

and trying to see if it works got me nothing :(


[$] sudo systemctl status dirmngr.service

[sudo] password for shirish:
Unit dirmngr.service could not be found.


I did do a cat and saw this -

─[$] cat /usr/lib/systemd/user/dirmngr.service

[4:57:44]
[Unit]
Description=GnuPG network certificate management daemon
Documentation=man:dirmngr(8)
Requires=dirmngr.socket
After=dirmngr.socket
## This is a socket-activated service:
RefuseManualStart=true

[Service]
ExecStart=/usr/bin/dirmngr --supervised

Can you help ?


>are you using tor?  if
> you're using tor, have you removed all the ipv6 entries ?

I actually have this in grub for few years now

─[$] cat /etc/default/grub | grep ipv6

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1"

Maybe this goves a clue, dunno

> what does:
>
>gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye
>
> show you?
>
>  --dkg
>
└─[$] gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye

gpg-connect-agent: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg-connect-agent: waiting for the dirmngr to come up ... (5s)
gpg-connect-agent: connection to the dirmngr established
S # hosttable (idx, ipv6, ipv4, dead, name, time):


Look forward to guidance.
-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-07 Thread Daniel Kahn Gillmor 
On Fri 2017-01-06 17:49:04 -0500, shirish शिरीष wrote:
> But issue is still continuing -
>
> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197
>
> [4:22:18]
> gpg: keyserver receive failed: No keyserver available
>
> I tried multiple times with various other keys but didn't succeed.

Have you restarted dirmngr since the upgrade?  are you using tor?  if
you're using tor, have you removed all the ipv6 entries ?

what does:

   gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye

show you?

 --dkg

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-06 Thread shirish शिरीष 
Hi all,

I was able to get the new version -

─[$] sudo aptitude install gnupg=2.1.17-3 dirmngr=2.1.17-3
gpgv=2.1.17-3 gnupg-agent=2.1.17-3 gpgsm=2.1.17-3 scdaemon=2.1.17-3 -y

Installed it perfectly

─[$] apt-cache policy gnupg

[4:19:09]
gnupg:
  Installed: 2.1.17-3
  Candidate: 2.1.17-3
  Version table:
 *** 2.1.17-3 100
  1 http://httpredir.debian.org/debian unstable/main amd64 Packages
100 /var/lib/dpkg/status
 2.1.17-2 600
600 http://httpredir.debian.org/debian stretch/main amd64 Packages

I did see the changelog entry

┌─[shirish@debian] - [/usr/share/doc/gnupg] - [10069]
└─[$] zless changelog.Debian.gz

gnupg2 (2.1.17-3) unstable; urgency=medium

  * more bugfixes from upstream (improving but not yet closing: #849845)

 -- Daniel Kahn Gillmor   Tue, 03 Jan 2017 15:39:52 
-0500

But issue is still continuing -

─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197

[4:22:18]
gpg: keyserver receive failed: No keyserver available

I tried multiple times with various other keys but didn't succeed.

So there's still work[TM] to be done .

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-06 Thread Daniel Kahn Gillmor 
On Fri 2017-01-06 14:47:46 -0500, shirish शिरीष wrote:
> I can confirm Jaden's findings. Perhaps the content hasn't reached his
> mirror yet. It's same thing at my end. I just updated to see if the
> new version has come up at my end. (not even in sid/unstable)
>
> [$] apt-cache policy gpgv
>  [1:14:58]
> gpgv:
>   Installed: 2.1.17-2
>   Candidate: 2.1.17-2
>   Version table:
>  *** 2.1.17-2 600
> 600 http://httpredir.debian.org/debian stretch/main amd64 Packages
>   1 http://httpredir.debian.org/debian unstable/main amd64 Packages
> 100 /var/lib/dpkg/status
>
> Timing is in IST. My last apt update run was about 5 minutes ago and I
> do know that the update mirrors are hit every 4 hours or more, so
> maybe in the next 4-8 hours the new binary might be available.

1 dkg@alice:~$ rmadison -a amd64 gpgv
gpgv   | 1.4.12-7+deb7u7 | oldstable   | amd64
gpgv   | 1.4.18-7+deb8u3 | stable  | amd64
gpgv   | 2.1.17-2| testing | amd64
gpgv   | 2.1.17-3| buildd-unstable | amd64
gpgv   | 2.1.17-3| unstable| amd64
0 dkg@alice:~$ 

I'm not sure what to make of this confusion, but it seems to be related
to the mirror network, not to the gnupg2 source package.  If it's still
a confusion or a problem for you in the next day, this might need to be
kicked over to the mirror network or the archive managers.

   --dkg

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-06 Thread shirish शिरीष 
at bottom :-

On 07/01/2017, Daniel Kahn Gillmor  wrote:
> On Fri 2017-01-06 12:49:32 -0500, Jaden Peterson wrote:
>> I have no place in the topic of this bug, but I installed the patches
>> you provided on January 5th onto my Debian Testing system. I would like
>> to notify you that gpgv2 depends on gpgv version 2.1.17-3 or greater,
>> which is not provided, and results in mixed versions.
>
> I'm sorry, i don't understand!  2.1.17-3 was only released this morning
> (shortly before you sent this mail) and is still in unstable.  if you
> used only patches i pointed to, then you wouldn't have had 2.1.17-3
> anywhere.
>
> can you explain more about the state of your system?
>
> --dkg
>
> --
> To unsubscribe, send mail to 849845-unsubscr...@bugs.debian.org.
>

Dear Daniel,

I can confirm Jaden's findings. Perhaps the content hasn't reached his
mirror yet. It's same thing at my end. I just updated to see if the
new version has come up at my end. (not even in sid/unstable)

[$] apt-cache policy gpgv
 [1:14:58]
gpgv:
  Installed: 2.1.17-2
  Candidate: 2.1.17-2
  Version table:
 *** 2.1.17-2 600
600 http://httpredir.debian.org/debian stretch/main amd64 Packages
  1 http://httpredir.debian.org/debian unstable/main amd64 Packages
100 /var/lib/dpkg/status

Timing is in IST. My last apt update run was about 5 minutes ago and I
do know that the update mirrors are hit every 4 hours or more, so
maybe in the next 4-8 hours the new binary might be available.

-- 
  Regards,
  Shirish Agarwal  शिरीष अग्रवाल
  My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-06 Thread Daniel Kahn Gillmor 
On Fri 2017-01-06 12:49:32 -0500, Jaden Peterson wrote:
> I have no place in the topic of this bug, but I installed the patches 
> you provided on January 5th onto my Debian Testing system. I would like 
> to notify you that gpgv2 depends on gpgv version 2.1.17-3 or greater, 
> which is not provided, and results in mixed versions.

I'm sorry, i don't understand!  2.1.17-3 was only released this morning
(shortly before you sent this mail) and is still in unstable.  if you
used only patches i pointed to, then you wouldn't have had 2.1.17-3
anywhere.

can you explain more about the state of your system?

--dkg

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-02 Thread intrigeri 
Hi,

Werner Koch:
> On Mon,  2 Jan 2017 13:46, intrig...@debian.org said:
>> ... which is expected if querying 127.0.0.1, that doesn't support
>> SRV records.

> The question is whether we should gracefully handle this failure and
> return 0 records found (as done < 2.1.17)?

I lack the background that would allow me to have any informed opinion
on this topic. Today I'm merely a user whose GnuPG got broken by an
upgrade :)

>>   Jan 02 13:37:57 dirmngr[8281]: DBG: dns: 
>> resolve_dns_name(hkps.pool.sks-keyservers.net): Success
>>   Jan 02 13:37:57 dirmngr[8281]: can't connect to 
>> 'hkps.pool.sks-keyservers.net': no IP address for host

> I can't replicate this [...]

Ouch. I see this consistently after I've seen the previous
(SRV) failure.

> What options do you have in your dirmngr.conf ?

I only have:

  debug-all
  use-tor

Cheers,
-- 
intrigeri

Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

2017-01-02 Thread Werner Koch 
On Mon,  2 Jan 2017 13:46, intrig...@debian.org said:

> ... which is expected if querying 127.0.0.1, that doesn't support
> SRV records.

The question is whether we should gracefully handle this failure and
return 0 records found (as done < 2.1.17)?

>   Jan 02 13:37:57 dirmngr[8281]: DBG: dns: 
> resolve_dns_name(hkps.pool.sks-keyservers.net): Success
>   Jan 02 13:37:57 dirmngr[8281]: can't connect to 
> 'hkps.pool.sks-keyservers.net': no IP address for host

I can't replicate this neither when running dirmnagr as

  dirmngr --options /dev/null --debug ipc,dns -v \
  --log-file socket:// --daemon

nor when bypassing the new libdns:

  dirmngr --options /dev/null --debug ipc,dns -v \
  --log-file socket:// --daemon --standard-resolver

What options do you have in your dirmngr.conf ?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp__tobb90N5.pgp
Description: PGP signature