Re: resolv.conf and gnupg2
On 08.08.2022 16:13, Corinna Vinschen wrote: On Aug 8 21:13, Yasuhiro Kimura wrote: From: Corinna Vinschen IIUC, that should be fixable by configuring gnupg with --disable-libdns. Corinna Thanks Corinna, I will upload shortly a version "2.2.35-2" implementing this configuration Regards Marco
Re: resolv.conf and gnupg2
Corinna Vinschen wrote:
IIUC, that should be fixable by configuring gnupg with --disable-libdns.
Yes, below is the message that I sent to Marco but which was rejected by
this list because I wasn't subscribed at the time that I replied to all.
--
-Chad
On 2022-08-07 10:34, Marco Atzeri wrote:
Any suggestion on how to solve the absence of /etc/resolv.conf ?
I doubt gnupg2 is the proper package to do so.
Looking into this, I'm reminded of how much I really dislike the design
of gnupg2.
dirmngr appears to have its own DNS client library that tries to do the
resolv.conf parsing among other things. I believe this library gets
compiled into the current cygwin package.
I noticed this configuration option:
--disable-libdnsdo not build with libdns support
I just tested a build using this option and it seemed to fix the problem
for me.
I did not use the full end-to-end cygport process but I think the patch
at the bottom of this message should do the trick. Could you give it a
shot?
Thanks...
--
-Chad
$ diff -u gnupg2.cygport.orig gnupg2.cygport
--- gnupg2.cygport.orig 2022-08-08 14:00:18.562073400 -0400
+++ gnupg2.cygport 2022-08-08 14:00:53.14695 -0400
@@ -22,6 +22,6 @@
cygautoreconf
sed -i -e '/^development_version=/s/yes/no/' configure
cd ${B}
- cygconf --enable-gpg-is-gpg2
+ cygconf --enable-gpg-is-gpg2 --disable-libdns
cygmake
}
Re: resolv.conf and gnupg2
On Aug 8 21:13, Yasuhiro Kimura wrote:
> From: Corinna Vinschen
> Subject: Re: resolv.conf and gnupg2
> Date: Mon, 8 Aug 2022 09:30:47 +0200
>
> > I can't believe (but may be wrong, of course) that gnupg2 tries to
> > access /etc/resolv.conf by itself. I would rather guess that gnupg2
> > is linked against one or more libs provided by the bind package,
> > and thus uses the resolver from the bind package. However, Cygwin
> > provides its own resolver entry points, and those don't need
> > /etc/resolv.conf, because they utilize the OS resolver.
> >
> > Is there a build option to avoid building against the bind lib?
> > Alternatively it might be possible to inject an autoconf variable
> > from cygport...?
> >
> >
> > Corinna
>
> Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.
>
> (Cygwin64)yasu@rolling[1007]% pwd
> /cygdrive/c/Users/yasu/Work/gnupg
> (Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
> NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657]
> NEWS: * dirmngr: Now detects a changed /etc/resolv.conf.
> dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
> dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */
> dirmngr/dns-stuff.c:log_debug ("dns: resolv.conf changed - forcing
> reload\n");
> dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf,
> "/etc/resolv.conf"))) {
> dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of
> dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in
> resolv.conf. */
> dirmngr/dns.c: * is the intersection of the /etc/resolv.conf
> families and
> dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type
> dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] =
> "/etc/resolv.conf";
> dirmngr/dns.c: { "show-resconf", _resconf, "show
> resolv.conf data" },
> dirmngr/dns.c: " -c PATH Path to resolv.conf\n"
> (Cygwin64)yasu@rolling[1009]%
IIUC, that should be fixable by configuring gnupg with --disable-libdns.
Corinna
Re: resolv.conf and gnupg2
From: Corinna Vinschen
Subject: Re: resolv.conf and gnupg2
Date: Mon, 8 Aug 2022 09:30:47 +0200
> I can't believe (but may be wrong, of course) that gnupg2 tries to
> access /etc/resolv.conf by itself. I would rather guess that gnupg2
> is linked against one or more libs provided by the bind package,
> and thus uses the resolver from the bind package. However, Cygwin
> provides its own resolver entry points, and those don't need
> /etc/resolv.conf, because they utilize the OS resolver.
>
> Is there a build option to avoid building against the bind lib?
> Alternatively it might be possible to inject an autoconf variable
> from cygport...?
>
>
> Corinna
Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.
(Cygwin64)yasu@rolling[1007]% pwd
/cygdrive/c/Users/yasu/Work/gnupg
(Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657]
NEWS: * dirmngr: Now detects a changed /etc/resolv.conf.
dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */
dirmngr/dns-stuff.c:log_debug ("dns: resolv.conf changed - forcing
reload\n");
dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf,
"/etc/resolv.conf"))) {
dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of
dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in
resolv.conf. */
dirmngr/dns.c: * is the intersection of the /etc/resolv.conf families
and
dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type
dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] =
"/etc/resolv.conf";
dirmngr/dns.c: { "show-resconf", _resconf, "show
resolv.conf data" },
dirmngr/dns.c: " -c PATH Path to resolv.conf\n"
(Cygwin64)yasu@rolling[1009]%
---
Yasuhiro Kimura
Re: resolv.conf and gnupg2
On Aug 8 09:30, Corinna Vinschen wrote: > On Aug 7 16:34, Marco Atzeri wrote: > > Hi, > > > > currently as default Gnupg 2.x is unable to contact keyservers and recover > > any key. Gnupg 1.x has not such problem > > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver > > receive failed: No such file or directory > > > > The cryptic message is due to the absence of a /etc/resolv.conf > > as adding a simple one with a public DNS server overcomes the issue > > > > $ cat /etc/resolv.conf > > ; /etc/resolv.conf file for dnsmaster > > ; > > domain .com > > nameserver 0.0.0.0 > > nameserver 8.8.8.8 > > > > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 > > gpg: key D17BF2305981E818: 1 duplicate signature removed > > gpg: key D17BF2305981E818: "Andrew Makhorin " not chan > > gpg: Total number processed: 1 > > gpg: unchanged: 1 > > > > > > I would expect BIND to be a package that creates/manages resolv.conf as > > it provides a library to parser it, but I do not see any place where this is > > done. > > > > $ cygcheck -p resolv.conf > > Found 7 matches for resolv.conf > > .. > > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library > > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages > > > > Any suggestion on how to solve the absence of /etc/resolv.conf ? > > I doubt gnupg2 is the proper package to do so. > > I can't believe (but may be wrong, of course) that gnupg2 tries to > access /etc/resolv.conf by itself. I would rather guess that gnupg2 > is linked against one or more libs provided by the bind package, > and thus uses the resolver from the bind package. However, Cygwin > provides its own resolver entry points, and those don't need > /etc/resolv.conf, because they utilize the OS resolver. > > Is there a build option to avoid building against the bind lib? > Alternatively it might be possible to inject an autoconf variable > from cygport...? Having said that, Cygwin provides libresolv.a by itself anyway. How gets gnupg2 around that? How does it resolve? Corinna
Re: resolv.conf and gnupg2
On Aug 8 11:15, ASSI wrote: > Mark Geisert writes: > > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to > > public DNS server(s)? Some users might object to Google's public DNS > > (e.g. 8.8.8.8) though. > > No, this would be the job for any software that configures the DNS > resolver. However, I'd prefer if no resolver libraries ever looked at > /etc/resolv.conf as it doesn't really make sense for Cygwin to muck > about with the DNS configuration independently of what Windows provides. I agree, actually. Right now, Cygwin's resolver checks for /etc/resolv.conf, too, but uses the OS stuff if /etc/resolv.conf isn't available. So I wonder, just as you do, if we shouldn't drop support for /etc/resolv.conf and let this be handled by the OS only. In theory, we have two scenarios: - Either a user is also admin and can change the OS settings anyway, - or the user is not admin and the admins very likely don't like the user to change the resolver settings on the company machine... Corinna
Re: resolv.conf and gnupg2
Mark Geisert writes: > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to > public DNS server(s)? Some users might object to Google's public DNS > (e.g. 8.8.8.8) though. No, this would be the job for any software that configures the DNS resolver. However, I'd prefer if no resolver libraries ever looked at /etc/resolv.conf as it doesn't really make sense for Cygwin to muck about with the DNS configuration independently of what Windows provides. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Factory and User Sound Singles for Waldorf rackAttack: http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
Re: resolv.conf and gnupg2
On Aug 7 16:34, Marco Atzeri wrote: > Hi, > > currently as default Gnupg 2.x is unable to contact keyservers and recover > any key. Gnupg 1.x has not such problem > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver > receive failed: No such file or directory > > The cryptic message is due to the absence of a /etc/resolv.conf > as adding a simple one with a public DNS server overcomes the issue > > $ cat /etc/resolv.conf > ; /etc/resolv.conf file for dnsmaster > ; > domain .com > nameserver 0.0.0.0 > nameserver 8.8.8.8 > > > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 > gpg: key D17BF2305981E818: 1 duplicate signature removed > gpg: key D17BF2305981E818: "Andrew Makhorin " not chan > gpg: Total number processed: 1 > gpg: unchanged: 1 > > > I would expect BIND to be a package that creates/manages resolv.conf as > it provides a library to parser it, but I do not see any place where this is > done. > > $ cygcheck -p resolv.conf > Found 7 matches for resolv.conf > .. > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages > > Any suggestion on how to solve the absence of /etc/resolv.conf ? > I doubt gnupg2 is the proper package to do so. I can't believe (but may be wrong, of course) that gnupg2 tries to access /etc/resolv.conf by itself. I would rather guess that gnupg2 is linked against one or more libs provided by the bind package, and thus uses the resolver from the bind package. However, Cygwin provides its own resolver entry points, and those don't need /etc/resolv.conf, because they utilize the OS resolver. Is there a build option to avoid building against the bind lib? Alternatively it might be possible to inject an autoconf variable from cygport...? Corinna
Re: resolv.conf and gnupg2
Marco Atzeri wrote: Hi, currently as default Gnupg 2.x is unable to contact keyservers and recover any key. Gnupg 1.x has not such problem $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver receive failed: No such file or directory The cryptic message is due to the absence of a /etc/resolv.conf as adding a simple one with a public DNS server overcomes the issue $ cat /etc/resolv.conf ; /etc/resolv.conf file for dnsmaster ; domain .com nameserver 0.0.0.0 nameserver 8.8.8.8 $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: key D17BF2305981E818: 1 duplicate signature removed gpg: key D17BF2305981E818: "Andrew Makhorin " not chan gpg: Total number processed: 1 gpg: unchanged: 1 I would expect BIND to be a package that creates/manages resolv.conf as it provides a library to parser it, but I do not see any place where this is done. $ cygcheck -p resolv.conf Found 7 matches for resolv.conf .. libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages Any suggestion on how to solve the absence of /etc/resolv.conf ? I doubt gnupg2 is the proper package to do so. Could Cygwin itself provide a minimal /etc/resolv.conf pointing to public DNS server(s)? Some users might object to Google's public DNS (e.g. 8.8.8.8) though. Or perhaps a new package 'resolv.conf' with either the public DNS pointers or a postinstall script that massages the system's 'ipconfig /all' to obtain Windows' current settings. ..mark
