[pkg-gnupg-maint] Bug#898085: gnupg: gpg --search-keys and parcimonie don't work: Tor misconfigured/keyserver EPERM

intrigeri intrigeri at debian.org
Sat Jun 30 15:48:30 BST 2018 

Control: reassign -1 parcimonie
Control: tag -1 + moreinfo

Hi,

I believe that for the time being, this problem cannot be fixed in
GnuPG but rather in parcimonie.

Cyril Brulebois:
> Ever since the dist-upgrade to stretch (last september), I'm unable to
> search keys, and parcimonie is failing on me:
> | kibi at armor:~$ gpg --search-keys some at mail.address
> | gpg: WARNING: Tor is not properly configured
> | gpg: error searching keyserver: Permission denied
> | gpg: keyserver search failed: Permission denied

May I assume that you have no tor service running?

parcimonie enables the use-tor option in ~/.gnupg/dirmngr.conf.
It's being debated on another bug report (filed against parcimonie)
whether it's a feature or a bug, and if the latter how to fix it.
Anyway: currently, as soon as parcimonie has been run once as a given
user, then any dirmngr network operation run as that user require
a working tor daemon.

Now, parcimonie merely "Recommends: tor" (since 2011). I don't recall
why I did not add a strict dependency back then; possibly I wanted to
be nice to Tor Browser users who don't want to run a system tor, and
instead use the tor that comes bundled with Tor Browser (there are
good reasons for setting things up like this, such as having a single
place to configure bridges etc. and being able to do so in a GUI).

So, in some way a Recommends is correct: one of the major use cases of
parcimonie works just fine without Debian's tor service (using
3rd-party software though). OTOH, parcimonie will simply be broken for
whoever has disabled installation of Recommends by default, unless
they know exactly that they want to run tor in a different way, and
how to do so. So there's a case to be made to turn this
"Recommends: tor" into "Depends: tor".

> How come gpg fails this badly in stable, with a default configuration?

I think the default gpg configuration in stable works fineā€¦ as long as
one is not unlucky enough to meet all these conditions:

 - having disabled installation of Recommends by default (or manually
   de-installed tor, or manually disabled the tor service)
 - not running Tor Browser
 - having installed parcimonie

Cheers,
-- 
intrigeri

More information about the pkg-gnupg-maint mailing list