From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ni* <niasterisk@grrlz.net>
Subject: Re: No gpg keyservers available on GuixSD out-of-the-box
Date: Mon, 04 Jan 2016 17:50:47 +0100
Message-ID: <877fjp2src.fsf@grrlz.net>
References: <248e633448b6c92fc7a134fec5ccc2ac@riseup.net>
	<87wprwzw5v.fsf@gnu.org> <20151230103420.GB6614@debian.fritz.box>
	<63106df769447a6c6151e46c6ac9e4d1@riseup.net> <87si2jocwb.fsf@gnu.org>
	<c84aa8714c0ab2178913788d51b4c0e8@riseup.net>
	<a62bfce07506b65e3fe40faafcc53459@riseup.net>
	<5a0ee8cb769420a6b660e2d91c590e6b@riseup.net> <87k2npbd1a.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48029)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <niasterisk@grrlz.net>) id 1aG8LO-0000gs-Fe
	for help-guix@gnu.org; Mon, 04 Jan 2016 11:50:55 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <niasterisk@grrlz.net>) id 1aG8LL-0005dl-Ny
	for help-guix@gnu.org; Mon, 04 Jan 2016 11:50:54 -0500
In-Reply-To: <87k2npbd1a.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
	=?utf-8?Q?s?= message of "Mon, 04 Jan 2016 16:05:37 +0100")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: help-guix <help-guix@gnu.org>

ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> swedebugia@riseup.net skribis:
>
>> On 2016-01-01 19:21, swedebugia@riseup.net wrote:
>>> On 2015-12-30 22:16, ludo@gnu.org wrote:
>>>> Which version of GnuPG is it, per =E2=80=9Cgpg2 --version=E2=80=9D?
>>> ~$ gpg2 --version
>>> gpg (GnuPG) 2.1.10
>>> libgcrypt 1.6.3
>>
>> I now tested with the 2.0 version and the result was that it only
>> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
>>
>> So to sum it up (i'm on an i686 platform):
>> (with default config-files)
>> gpg 2.1.10 - keyservers are not reachable at all
>> gpg 2.0.29 - keyservers are only reachable when using --keyserver
>> URL-to-keyserver on the commandline omplains about wrong keyserver URI
>> when not specifying --keyserver URL-to-keyserver).
>
> I confirm that 2.1 behaves differently:
>
> $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D=
9AEBB5
> gpg: key "3D9AEBB5 #EA52ECF4" not found
> gpg: (check argument of option '--hidden-encrypt-to')
> $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D=
9AEBB5
> gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> gpg: key 3D9AEBB5: "Ludovic Court=C3=A8s <ludo@gnu.org>" not changed
> gpg:       Nombro traktita entute: 1
> gpg:                   ne=C5=9Dan=C4=9Ditaj: 1
>
> I would suggest reaching out to the GnuPG mailing lists.
>
> Ludo=E2=80=99.
>

Hi,

I thought I figured out my mistake from 12 months ago when GnuPG broke
(and I faded out using it), the question here got me motivated to look
into 2.1 issues again.

I got it to the point where it works again, meaning searching for
keys (although I am unsure wether it uses hkp or hkps protocol), etc.

~/.gnupg$ tree
.
=E2=94=9C=E2=94=80=E2=94=80 crls.d
=E2=94=82=C2=A0=C2=A0 =E2=94=94=E2=94=80=E2=94=80 DIR.txt
=E2=94=9C=E2=94=80=E2=94=80 dirmngr.conf
=E2=94=9C=E2=94=80=E2=94=80 gpg-agent.conf
=E2=94=9C=E2=94=80=E2=94=80 gpg.conf
=E2=94=9C=E2=94=80=E2=94=80 openpgp-revocs.d

=E2=94=9C=E2=94=80=E2=94=80 private-keys-v1.d

=E2=94=9C=E2=94=80=E2=94=80 pubring.kbx
=E2=94=9C=E2=94=80=E2=94=80 pubring.kbx~
=E2=94=9C=E2=94=80=E2=94=80 random_seed
=E2=94=9C=E2=94=80=E2=94=80 S.dirmngr
=E2=94=9C=E2=94=80=E2=94=80 S.gpg-agent
=E2=94=94=E2=94=80=E2=94=80 trustdb.gpg

What I did was start from scratch with GnuPG 2.1:

cat gpg.conf=20
keyserver-options no-honor-keyserver-url include-revoked
fixed-list-mode
keyid-format 0xlong
personal-digest-preferences SHA512 SHA384 SHA256 SHA224
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5=
 BZIP2 ZLIB ZIP Uncompressed
use-agent
verify-options show-uid-validity
list-options show-uid-validity
cert-digest-algo SHA512
no-comments
with-fingerprint
no-emit-version

cat dirmngr.conf=20
keyserver hkp://hkps.pool.sks-keyservers.net
hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem

cat gpg-agent.conf=20
pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
default-cache-ttl 86400


I noticed that gpg-agent needs at least those 2 entries to work with.

Related question:
is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?


--=20
Ni* -- http://www.libertad.pw
Email is public. Talk to me in private:
https://psyced.org:34443/~niasterisk
privacy respecting, secure communication:
BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
(bitmessage)