[pkg-gnupg-maint] Bug#849845: Bug#849845: dirmngr: Can't resolve keyserver hostname anymore

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 4 14:04:46 UTC 2017 

Control: severity 849845 grave

Hi all--

I've been able to replicate the problems described by intrigeri in
https://bugs.debian.org/849845; i'm preparing an update to gpg with
cherry-picked patches that resolves most of them for me.  This issue is
bad enough that it basically makes dirmngr unusable, afaict.

The remaining problem for me ws that when i use tor, if i get back AAAA
records, the connections fail, but the IPv6 records are not marked as
dead, so they fail repeatedly.

here's an example:


Jan 03 15:48:37 alice dirmngr[11194]: DBG: chan_5 <- KS_GET -- 0x4FA73DE89ADE75998AC24E97B8C1D523FE7AAA84
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a02:898:31:0:48:4558:73:6b73]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2a00:14b0:4200:3000:27::27]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2606:1c00:2802::b]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:bc8:4700:2300::10:f15]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:738:0:600:216:3eff:fe02:42]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:720:418:caf1::8]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:610:1108:5011::70]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '[2001:470:1:116::6]'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '216.66.15.2'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '212.12.48.27'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '193.224.163.43'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '192.94.109.73'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '131.155.141.70'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '130.206.1.8'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '94.142.242.225'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '51.15.53.138'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '37.191.238.78'
Jan 03 15:48:42 alice dirmngr[11194]: resolve_dns_addr for 'hkps.pool.sks-keyservers.net': '18.9.60.141'
Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L3: ASSERT: mpi.c[_gnutls_x509_read_uint]:246
Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Allocating epoch #0
Jan 03 15:48:42 alice dirmngr[11194]: can't connect to '2a02:898:31:0:48:4558:73:6b73': Invalid argument
Jan 03 15:48:42 alice dirmngr[11194]: error connecting to 'https://[2a02:898:31:0:48:4558:73:6b73]:443': Invalid argument
Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Start of epoch cleanup
Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: End of epoch cleanup
Jan 03 15:48:42 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d240086b0]: Epoch #0 freed
Jan 03 15:48:42 alice dirmngr[11194]: command 'KS_GET' failed: Invalid argument
Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 -> ERR 167804976 Invalid argument <Dirmngr>
Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 <- BYE
Jan 03 15:48:42 alice dirmngr[11194]: DBG: chan_5 -> OK closing connection
Jan 03 15:48:42 alice dirmngr[11194]: handler for fd 5 terminated
Jan 03 15:49:11 alice dirmngr[11194]: handler for fd 5 started
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> # Home: /home/dkg/.gnupg
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> # Config: /home/dkg/.gnupg/dirmngr.conf
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK Dirmngr 2.1.17 at your service
Jan 03 15:49:11 alice dirmngr[11194]: connection from process 11200 (1000:1000)
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- GETINFO version
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> D 2.1.17
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- KS_GET -- 0x4FA73DE89ADE75998AC24E97B8C1D523FE7AAA84
Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L3: ASSERT: mpi.c[_gnutls_x509_read_uint]:246
Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Allocating epoch #0
Jan 03 15:49:11 alice dirmngr[11194]: can't connect to '2a02:898:31:0:48:4558:73:6b73': Invalid argument
Jan 03 15:49:11 alice dirmngr[11194]: error connecting to 'https://[2a02:898:31:0:48:4558:73:6b73]:443': Invalid argument
Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Start of epoch cleanup
Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: End of epoch cleanup
Jan 03 15:49:11 alice dirmngr[11194]: DBG: gnutls:L5: REC[0x7f6d2400c090]: Epoch #0 freed
Jan 03 15:49:11 alice dirmngr[11194]: command 'KS_GET' failed: Invalid argument
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> ERR 167804976 Invalid argument <Dirmngr>
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 <- BYE
Jan 03 15:49:11 alice dirmngr[11194]: DBG: chan_5 -> OK closing connection
Jan 03 15:49:11 alice dirmngr[11194]: handler for fd 5 terminated
Jan 03 15:49:14 alice dirmngr[11194]: handler for fd 5 started


If i connect to dirmngr directly with 'gpg-connect-agent --dirmngr' and
manually do "keyserver --dead [2a02:898:31:0:48:4558:73:6b73]", etc, for
all AAAA addresses, then dirmngr works again by falling through to the
IPv4 addresses.

     --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170104/b16e3edf/attachment.sig>

More information about the pkg-gnupg-maint mailing list