From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: No gpg keyservers available on GuixSD out-of-the-box
Date: Mon, 4 Jan 2016 13:26:44 -0500
Message-ID: <20160104182644.GA21705@jasmine>
References: <248e633448b6c92fc7a134fec5ccc2ac@riseup.net>
	<87wprwzw5v.fsf@gnu.org> <20151230103420.GB6614@debian.fritz.box>
	<63106df769447a6c6151e46c6ac9e4d1@riseup.net>
	<87si2jocwb.fsf@gnu.org>
	<c84aa8714c0ab2178913788d51b4c0e8@riseup.net>
	<a62bfce07506b65e3fe40faafcc53459@riseup.net>
	<5a0ee8cb769420a6b660e2d91c590e6b@riseup.net>
	<87k2npbd1a.fsf@gnu.org> <877fjp2src.fsf@grrlz.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49973)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aG9qF-0001kE-G1
	for help-guix@gnu.org; Mon, 04 Jan 2016 13:26:52 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aG9qA-0002mD-C6
	for help-guix@gnu.org; Mon, 04 Jan 2016 13:26:50 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:32953)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1aG9q9-0002lu-MI
	for help-guix@gnu.org; Mon, 04 Jan 2016 13:26:46 -0500
Content-Disposition: inline
In-Reply-To: <877fjp2src.fsf@grrlz.net>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
To: Ni* <niasterisk@grrlz.net>
Cc: help-guix <help-guix@gnu.org>

On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote:
> ludo@gnu.org (Ludovic Courtès) writes:
> 
> > swedebugia@riseup.net skribis:
> >
> >> On 2016-01-01 19:21, swedebugia@riseup.net wrote:
> >>> On 2015-12-30 22:16, ludo@gnu.org wrote:
> >>>> Which version of GnuPG is it, per “gpg2 --version”?
> >>> ~$ gpg2 --version
> >>> gpg (GnuPG) 2.1.10
> >>> libgcrypt 1.6.3
> >>
> >> I now tested with the 2.0 version and the result was that it only
> >> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
> >>
> >> So to sum it up (i'm on an i686 platform):
> >> (with default config-files)
> >> gpg 2.1.10 - keyservers are not reachable at all
> >> gpg 2.0.29 - keyservers are only reachable when using --keyserver
> >> URL-to-keyserver on the commandline omplains about wrong keyserver URI
> >> when not specifying --keyserver URL-to-keyserver).
> >
> > I confirm that 2.1 behaves differently:
> >
> > $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> > gpg: key "3D9AEBB5 #EA52ECF4" not found
> > gpg: (check argument of option '--hidden-encrypt-to')
> > $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 3D9AEBB5
> > gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> > gpg: key 3D9AEBB5: "Ludovic Courtès <ludo@gnu.org>" not changed
> > gpg:       Nombro traktita entute: 1
> > gpg:                   neŝanĝitaj: 1
> >
> > I would suggest reaching out to the GnuPG mailing lists.
> >
> > Ludo’.
> >
> 
> Hi,
> 
> I thought I figured out my mistake from 12 months ago when GnuPG broke
> (and I faded out using it), the question here got me motivated to look
> into 2.1 issues again.
> 
> I got it to the point where it works again, meaning searching for
> keys (although I am unsure wether it uses hkp or hkps protocol), etc.
> 
> ~/.gnupg$ tree
> .
> ├── crls.d
> │   └── DIR.txt
> ├── dirmngr.conf
> ├── gpg-agent.conf
> ├── gpg.conf
> ├── openpgp-revocs.d
> 
> ├── private-keys-v1.d
> 
> ├── pubring.kbx
> ├── pubring.kbx~
> ├── random_seed
> ├── S.dirmngr
> ├── S.gpg-agent
> └── trustdb.gpg
> 
> What I did was start from scratch with GnuPG 2.1:
> 
> cat gpg.conf 
> keyserver-options no-honor-keyserver-url include-revoked
> fixed-list-mode
> keyid-format 0xlong
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 BZIP2 ZLIB ZIP Uncompressed
> use-agent
> verify-options show-uid-validity
> list-options show-uid-validity
> cert-digest-algo SHA512
> no-comments
> with-fingerprint
> no-emit-version
> 
> cat dirmngr.conf 
> keyserver hkp://hkps.pool.sks-keyservers.net
> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
> 
> cat gpg-agent.conf 
> pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
> default-cache-ttl 86400
> 
> 
> I noticed that gpg-agent needs at least those 2 entries to work with.
> 
> Related question:
> is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?

I'm using the Debian provided pinentry, but it looks like our pinentry
provides a GTK interface and a console (ncurses?) interface, at least
based on the package definition in gnupg.scm.

> 
> 
> -- 
> Ni* -- http://www.libertad.pw
> Email is public. Talk to me in private:
> https://psyced.org:34443/~niasterisk
> privacy respecting, secure communication:
> BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
> (bitmessage)
>