Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
at bottom :- On 08/01/2017, intrigeriwrote: > shirish शिरीष: >> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 > >> gpg: keyserver receive failed: No keyserver available > >> Tried it multiple times but get the above failure. > > [...] > >> Any ideas what I need to do next ? > > Add a "debug-all" line in ~/.gnupg/dirmngr.conf, restart > dirmngr.socket, try again and look at the logs (on my system they are > in the systemd Journal). > > Cheers, > -- > intrigeri > Umm.. there was no ~/.gnupg/dirmngr.conf hence had to make one $ touch ~/.gnupg/dirmngr.conf $ cd ~/.gnupg/ $ nano dirmngr.conf and just added debug-all ┌─[shirish@debian] - [~/.gnupg] - [10017] └─[$] cat dirmngr.conf debug-all Did the remaining bits. And this is the result. $ journalctl --since "1 hour ago" While I have shared all the entries, the most pertinent might be - Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> # Home: /home/shirish/.gnupg Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> # Config: /home/shirish/.gnupg/dirmngr.conf Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK Dirmngr 2.1.17 at your service Jan 08 14:46:40 debian dirmngr[1203]: connection from process 1370 (1000:1000) Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- GETINFO version Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> D 2.1.17 Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- KEYSERVER --clear hkp://pgp.mit.edu Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 -> OK Jan 08 14:46:40 debian dirmngr[1203]: DBG: chan_5 <- KS_GET -- 0xDAD95197 Jan 08 14:46:40 debian dirmngr[1203]: DBG: dns: libdns initialized Jan 08 14:46:50 debian dirmngr[1203]: DBG: dns: getsrv(_hkp._tcp.pgp.mit.edu): Server indicated a failure Jan 08 14:46:50 debian dirmngr[1203]: command 'KS_GET' failed: Server indicated a failure Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 -> ERR 219 Server indicated a failure Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 <- BYE Jan 08 14:46:50 debian dirmngr[1203]: DBG: chan_5 -> OK closing connection Jan 08 14:46:50 debian dirmngr[1203]: handler for fd 5 terminated Please go through the attached logs and let me know if any improvements can be made. All any any advice would be useful. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Trying to enqueue job dirmngr.socket/restart/replace Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Installed new job dirmngr.service/restart as 219 Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Installed new job dirmngr.socket/restart as 216 Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Enqueued job dirmngr.socket/restart as 216 .. .. Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Changed running -> stop-sigterm Jan 08 14:46:21 debian dirmngr[7477]: SIGTERM received - shutting down ... Jan 08 14:46:21 debian dirmngr[7477]: dirmngr (GnuPG) 2.1.17 stopped ... ... Jan 08 14:46:21 debian systemd[1]: Got cgroup empty notification for: /user.slice/user-1000.slice/user@1000.service/dirmngr.service Jan 08 14:46:21 debian systemd[2360]: Received SIGCHLD from PID 7477 (dirmngr). Jan 08 14:46:21 debian systemd[2360]: Child 7477 (dirmngr) died (code=exited, status=0/SUCCESS) Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Child 7477 belongs to dirmngr.service Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Main process exited, code=exited, status=0/SUCCESS Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Changed stop-sigterm -> dead Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Job dirmngr.service/restart finished, result=done Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Converting job dirmngr.service/restart -> dirmngr.service/start Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: cgroup is empty . .. Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Changed running -> dead Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Job dirmngr.socket/restart finished, result=done Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Converting job dirmngr.socket/restart -> dirmngr.socket/start Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Changed dead -> listening Jan 08 14:46:21 debian systemd[2360]: dirmngr.socket: Job dirmngr.socket/start finished, result=done Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Failed to set pids.max: No such file or directory Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Passing 1 fds to service Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: About to execute: /usr/bin/dirmngr --supervised Jan 08 14:46:21 debian systemd[2360]: dirmngr.service: Forked /usr/bin/dirmngr
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
shirish शिरीष: > ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 > gpg: keyserver receive failed: No keyserver available > Tried it multiple times but get the above failure. [...] > Any ideas what I need to do next ? Add a "debug-all" line in ~/.gnupg/dirmngr.conf, restart dirmngr.socket, try again and look at the logs (on my system they are in the systemd Journal). Cheers, -- intrigeri
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
at bottom :- On 08/01/2017, intrigeriwrote: > shirish शिरीष: >> in-line :- > >> On 07/01/2017, Daniel Kahn Gillmor wrote: >>> Have you restarted dirmngr since the upgrade? > >> how do I restart it ? > > systemctl --user restart dirmngr.socket > > :) > Did that and get the following - ─[$] systemctl --user restart dirmngr.socket ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 gpg: keyserver receive failed: No keyserver available Tried it multiple times but get the above failure. http://isup.me/pgp.mit.edu/ says it's up. traceroute conks out at - 18 backbone-rtr-1-dmz-rtr-1.mit.edu (18.192.1.2) 292.026 ms 295.082 ms 291.067 ms 19 oc11-rtr-1-backbone-rtr-1.mit.edu (18.168.69.2) 300.451 ms 299.278 ms 306.400 ms 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Any ideas what I need to do next ? -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
shirish शिरीष: > in-line :- > On 07/01/2017, Daniel Kahn Gillmorwrote: >> Have you restarted dirmngr since the upgrade? > how do I restart it ? systemctl --user restart dirmngr.socket :)
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
in-line :- On 07/01/2017, Daniel Kahn Gillmorwrote: > On Fri 2017-01-06 17:49:04 -0500, shirish शिरीष wrote: >> But issue is still continuing - >> >> ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 >> >> [4:22:18] >> gpg: keyserver receive failed: No keyserver available >> >> I tried multiple times with various other keys but didn't succeed. > > Have you restarted dirmngr since the upgrade? how do I restart it ? dirmngr.service isn't even found :( ─[$] dpkg -L dirmngr | grep dirmngr.service /usr/lib/systemd/user/dirmngr.service ─[$] ll -h /usr/lib/systemd/user/dirmngr.service -rw-r--r-- 1 root root 250 2016-11-18 19:53 /usr/lib/systemd/user/dirmngr.service and trying to see if it works got me nothing :( [$] sudo systemctl status dirmngr.service [sudo] password for shirish: Unit dirmngr.service could not be found. I did do a cat and saw this - ─[$] cat /usr/lib/systemd/user/dirmngr.service [4:57:44] [Unit] Description=GnuPG network certificate management daemon Documentation=man:dirmngr(8) Requires=dirmngr.socket After=dirmngr.socket ## This is a socket-activated service: RefuseManualStart=true [Service] ExecStart=/usr/bin/dirmngr --supervised Can you help ? >are you using tor? if > you're using tor, have you removed all the ipv6 entries ? I actually have this in grub for few years now ─[$] cat /etc/default/grub | grep ipv6 GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1" Maybe this goves a clue, dunno > what does: > >gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye > > show you? > > --dkg > └─[$] gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye gpg-connect-agent: no running Dirmngr - starting '/usr/bin/dirmngr' gpg-connect-agent: waiting for the dirmngr to come up ... (5s) gpg-connect-agent: connection to the dirmngr established S # hosttable (idx, ipv6, ipv4, dead, name, time): Look forward to guidance. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
On Fri 2017-01-06 17:49:04 -0500, shirish शिरीष wrote: > But issue is still continuing - > > ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 > > [4:22:18] > gpg: keyserver receive failed: No keyserver available > > I tried multiple times with various other keys but didn't succeed. Have you restarted dirmngr since the upgrade? are you using tor? if you're using tor, have you removed all the ipv6 entries ? what does: gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye show you? --dkg
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
Hi all, I was able to get the new version - ─[$] sudo aptitude install gnupg=2.1.17-3 dirmngr=2.1.17-3 gpgv=2.1.17-3 gnupg-agent=2.1.17-3 gpgsm=2.1.17-3 scdaemon=2.1.17-3 -y Installed it perfectly ─[$] apt-cache policy gnupg [4:19:09] gnupg: Installed: 2.1.17-3 Candidate: 2.1.17-3 Version table: *** 2.1.17-3 100 1 http://httpredir.debian.org/debian unstable/main amd64 Packages 100 /var/lib/dpkg/status 2.1.17-2 600 600 http://httpredir.debian.org/debian stretch/main amd64 Packages I did see the changelog entry ┌─[shirish@debian] - [/usr/share/doc/gnupg] - [10069] └─[$] zless changelog.Debian.gz gnupg2 (2.1.17-3) unstable; urgency=medium * more bugfixes from upstream (improving but not yet closing: #849845) -- Daniel Kahn GillmorTue, 03 Jan 2017 15:39:52 -0500 But issue is still continuing - ─[$] gpg --keyserver pgp.mit.edu --recv-keys DAD95197 [4:22:18] gpg: keyserver receive failed: No keyserver available I tried multiple times with various other keys but didn't succeed. So there's still work[TM] to be done . -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
On Fri 2017-01-06 14:47:46 -0500, shirish शिरीष wrote: > I can confirm Jaden's findings. Perhaps the content hasn't reached his > mirror yet. It's same thing at my end. I just updated to see if the > new version has come up at my end. (not even in sid/unstable) > > [$] apt-cache policy gpgv > [1:14:58] > gpgv: > Installed: 2.1.17-2 > Candidate: 2.1.17-2 > Version table: > *** 2.1.17-2 600 > 600 http://httpredir.debian.org/debian stretch/main amd64 Packages > 1 http://httpredir.debian.org/debian unstable/main amd64 Packages > 100 /var/lib/dpkg/status > > Timing is in IST. My last apt update run was about 5 minutes ago and I > do know that the update mirrors are hit every 4 hours or more, so > maybe in the next 4-8 hours the new binary might be available. 1 dkg@alice:~$ rmadison -a amd64 gpgv gpgv | 1.4.12-7+deb7u7 | oldstable | amd64 gpgv | 1.4.18-7+deb8u3 | stable | amd64 gpgv | 2.1.17-2| testing | amd64 gpgv | 2.1.17-3| buildd-unstable | amd64 gpgv | 2.1.17-3| unstable| amd64 0 dkg@alice:~$ I'm not sure what to make of this confusion, but it seems to be related to the mirror network, not to the gnupg2 source package. If it's still a confusion or a problem for you in the next day, this might need to be kicked over to the mirror network or the archive managers. --dkg
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
at bottom :- On 07/01/2017, Daniel Kahn Gillmorwrote: > On Fri 2017-01-06 12:49:32 -0500, Jaden Peterson wrote: >> I have no place in the topic of this bug, but I installed the patches >> you provided on January 5th onto my Debian Testing system. I would like >> to notify you that gpgv2 depends on gpgv version 2.1.17-3 or greater, >> which is not provided, and results in mixed versions. > > I'm sorry, i don't understand! 2.1.17-3 was only released this morning > (shortly before you sent this mail) and is still in unstable. if you > used only patches i pointed to, then you wouldn't have had 2.1.17-3 > anywhere. > > can you explain more about the state of your system? > > --dkg > > -- > To unsubscribe, send mail to 849845-unsubscr...@bugs.debian.org. > Dear Daniel, I can confirm Jaden's findings. Perhaps the content hasn't reached his mirror yet. It's same thing at my end. I just updated to see if the new version has come up at my end. (not even in sid/unstable) [$] apt-cache policy gpgv [1:14:58] gpgv: Installed: 2.1.17-2 Candidate: 2.1.17-2 Version table: *** 2.1.17-2 600 600 http://httpredir.debian.org/debian stretch/main amd64 Packages 1 http://httpredir.debian.org/debian unstable/main amd64 Packages 100 /var/lib/dpkg/status Timing is in IST. My last apt update run was about 5 minutes ago and I do know that the update mirrors are hit every 4 hours or more, so maybe in the next 4-8 hours the new binary might be available. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
On Fri 2017-01-06 12:49:32 -0500, Jaden Peterson wrote: > I have no place in the topic of this bug, but I installed the patches > you provided on January 5th onto my Debian Testing system. I would like > to notify you that gpgv2 depends on gpgv version 2.1.17-3 or greater, > which is not provided, and results in mixed versions. I'm sorry, i don't understand! 2.1.17-3 was only released this morning (shortly before you sent this mail) and is still in unstable. if you used only patches i pointed to, then you wouldn't have had 2.1.17-3 anywhere. can you explain more about the state of your system? --dkg
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
Hi, Werner Koch: > On Mon, 2 Jan 2017 13:46, intrig...@debian.org said: >> ... which is expected if querying 127.0.0.1, that doesn't support >> SRV records. > The question is whether we should gracefully handle this failure and > return 0 records found (as done < 2.1.17)? I lack the background that would allow me to have any informed opinion on this topic. Today I'm merely a user whose GnuPG got broken by an upgrade :) >> Jan 02 13:37:57 dirmngr[8281]: DBG: dns: >> resolve_dns_name(hkps.pool.sks-keyservers.net): Success >> Jan 02 13:37:57 dirmngr[8281]: can't connect to >> 'hkps.pool.sks-keyservers.net': no IP address for host > I can't replicate this [...] Ouch. I see this consistently after I've seen the previous (SRV) failure. > What options do you have in your dirmngr.conf ? I only have: debug-all use-tor Cheers, -- intrigeri
Bug#849845: [pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore
On Mon, 2 Jan 2017 13:46, intrig...@debian.org said: > ... which is expected if querying 127.0.0.1, that doesn't support > SRV records. The question is whether we should gracefully handle this failure and return 0 records found (as done < 2.1.17)? > Jan 02 13:37:57 dirmngr[8281]: DBG: dns: > resolve_dns_name(hkps.pool.sks-keyservers.net): Success > Jan 02 13:37:57 dirmngr[8281]: can't connect to > 'hkps.pool.sks-keyservers.net': no IP address for host I can't replicate this neither when running dirmnagr as dirmngr --options /dev/null --debug ipc,dns -v \ --log-file socket:// --daemon nor when bypassing the new libdns: dirmngr --options /dev/null --debug ipc,dns -v \ --log-file socket:// --daemon --standard-resolver What options do you have in your dirmngr.conf ? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgp__tobb90N5.pgp Description: PGP signature