[pkg-gnupg-maint] Bug#850606: dirmngr: can't resolve ipv6 addresses when use-tor is enabled

Ximin Luo infinity0 at debian.org
Sun Jan 8 12:31:11 UTC 2017 

Package: dirmngr
Version: 2.1.17-3
Severity: important

Dear Maintainer,

---- Failure case:
$ gpg --recv-keys 0xXXXX
gpg: keyserver receive failed: Invalid argument
----
2017-01-08 13:26:07 dirmngr[5394] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2017-01-08 13:26:07 dirmngr[5395.0] permanently loaded certificates: 0
2017-01-08 13:26:07 dirmngr[5395.0]     runtime cached certificates: 0
2017-01-08 13:26:08 dirmngr[5395.6] handler for fd 6 started
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 -> # Home: /home/infinity0/.gnupg
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 -> # Config: /home/infinity0/.gnupg/dirmngr.conf
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 -> OK Dirmngr 2.1.17 at your service
2017-01-08 13:26:08 dirmngr[5395.6] connection from process 5390 (1000:1000)
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 <- GETINFO version
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 -> D 2.1.17
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 -> OK
2017-01-08 13:26:08 dirmngr[5395.6] DBG: chan_6 <- KS_GET -- 0xXXXX
2017-01-08 13:26:08 dirmngr[5395.6] DBG: dns: libdns initialized (tor mode)
2017-01-08 13:26:11 dirmngr[5395.6] DBG: dns: getsrv(_hkp._tcp.pool.sks-keyservers.net) -> 0 records
2017-01-08 13:26:11 dirmngr[5395.6] DBG: dns: libdns initialized (tor mode)
2017-01-08 13:26:12 dirmngr[5395.6] DBG: dns: resolve_dns_name(pool.sks-keyservers.net): Success
2017-01-08 13:26:12 dirmngr[5395.6] resolve_dns_addr for 'pool.sks-keyservers.net': ...
2017-01-08 13:26:12 dirmngr[5395.6] resolve_dns_addr for 'pool.sks-keyservers.net': '[2a01:4f8:161:4283:1000::203]'
2017-01-08 13:26:12 dirmngr[5395.6] resolve_dns_addr for 'pool.sks-keyservers.net': ...
2017-01-08 13:26:12 dirmngr[5395.6] number of system provided CAs: 173
2017-01-08 13:26:12 dirmngr[5395.6] DBG: dns: resolve_dns_name(2a01:4f8:161:4283:1000::203): Success
2017-01-08 13:26:12 dirmngr[5395.6] can't connect to '2a01:4f8:161:4283:1000::203': Invalid argument
2017-01-08 13:26:12 dirmngr[5395.6] error connecting to 'http://[2a01:4f8:161:4283:1000::203]:11371': Invalid argument
2017-01-08 13:26:12 dirmngr[5395.6] command 'KS_GET' failed: Invalid argument
2017-01-08 13:26:12 dirmngr[5395.6] DBG: chan_6 -> ERR 167804976 Invalid argument <Dirmngr>
2017-01-08 13:26:12 dirmngr[5395.6] DBG: chan_6 <- BYE
2017-01-08 13:26:12 dirmngr[5395.6] DBG: chan_6 -> OK closing connection
2017-01-08 13:26:12 dirmngr[5395.6] handler for fd 6 terminated
----

---- Success case:
$ gpg --recv-keys 0xXXXX
gpg: key XXXX: XXXX
gpg: Total number processed: 1
gpg:              unchanged: 1
----
2017-01-08 13:25:53 dirmngr[5312] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2017-01-08 13:25:53 dirmngr[5313.0] permanently loaded certificates: 0
2017-01-08 13:25:53 dirmngr[5313.0]     runtime cached certificates: 0
2017-01-08 13:25:54 dirmngr[5313.6] handler for fd 6 started
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 -> # Home: /home/infinity0/.gnupg
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 -> # Config: /home/infinity0/.gnupg/dirmngr.conf
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 -> OK Dirmngr 2.1.17 at your service
2017-01-08 13:25:54 dirmngr[5313.6] connection from process 5309 (1000:1000)
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 <- GETINFO version
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 -> D 2.1.17
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 -> OK
2017-01-08 13:25:54 dirmngr[5313.6] DBG: chan_6 <- KS_GET -- 0xXXXX
2017-01-08 13:25:54 dirmngr[5313.6] DBG: dns: libdns initialized (tor mode)
2017-01-08 13:25:57 dirmngr[5313.6] DBG: dns: getsrv(_hkp._tcp.pool.sks-keyservers.net) -> 0 records
2017-01-08 13:25:57 dirmngr[5313.6] DBG: dns: libdns initialized (tor mode)
2017-01-08 13:25:59 dirmngr[5313.6] DBG: dns: resolve_dns_name(pool.sks-keyservers.net): Success
2017-01-08 13:25:59 dirmngr[5313.6] resolve_dns_addr for 'pool.sks-keyservers.net': ...
2017-01-08 13:25:59 dirmngr[5313.6] resolve_dns_addr for 'pool.sks-keyservers.net': '212.51.156.78'
2017-01-08 13:25:59 dirmngr[5313.6] resolve_dns_addr for 'pool.sks-keyservers.net': ...
2017-01-08 13:25:59 dirmngr[5313.6] number of system provided CAs: 173
2017-01-08 13:25:59 dirmngr[5313.6] DBG: dns: resolve_dns_name(212.51.156.78): Success
2017-01-08 13:26:00 dirmngr[5313.6] DBG: chan_6 -> S SOURCE http://212.51.156.78:11371
2017-01-08 13:26:00 dirmngr[5313.6] DBG: (22081 bytes sent via D lines not shown)
2017-01-08 13:26:00 dirmngr[5313.6] DBG: chan_6 -> OK
2017-01-08 13:26:00 dirmngr[5313.6] DBG: chan_6 <- BYE
2017-01-08 13:26:00 dirmngr[5313.6] DBG: chan_6 -> OK closing connection
2017-01-08 13:26:00 dirmngr[5313.6] handler for fd 6 terminated
----

Since dirmngr is very stupid in how it deals with DNS pools, one workaround
that users can do, is to keep killing dirmngr and retrying the keyserver lookup
until dirmngr selects an IPv4 address and suceeeds.

X

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (300, 'unstable'), (200, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dirmngr depends on:
ii  adduser        3.115
ii  libassuan0     2.4.3-2
ii  libc6          2.24-8
ii  libgcrypt20    1.7.5-2
ii  libgnutls30    3.5.7-3
ii  libgpg-error0  1.26-1
ii  libksba8       1.3.5-2
ii  libldap-2.4-2  2.4.44+dfsg-2
ii  libnpth0       1.3-1
ii  lsb-base       9.20161125

Versions of packages dirmngr recommends:
ii  gnupg  2.1.17-3

Versions of packages dirmngr suggests:
ii  tor  0.2.9.8-2

-- no debconf information

More information about the pkg-gnupg-maint mailing list