[pkg-gnupg-maint] Bug#990686: dirmngr: any keyserver operations fail because of dirmngr using Tor

Christoph Anton Mitterer calestyo at scientia.net
Sun Jul 4 19:07:21 BST 2021 

Package: dirmngr
Version: 2.2.27-2
Severity: normal


Hi.

It seesm with a default configuration of gnupg (and Tor) any keyserver operations
like --refresh-keys --search-keys --recv-keys fail with errors like:
gpg: keyserver refresh failed: Permission denied

Debug mode shows dirmngr is the reason:
gpg: DBG: chan_3 <- ERR 167804929 Permission denied <Dirmngr>
gpg: keyserver refresh failed: Permission denied


and it seems to turn out that this uses Tor by default and apparently in an improper
manner:
Tor[2100]: Your application (using socks5 to port 53) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://2019.www.torproject.org/docs/faq.html.en#WarningsAboutSOCKSandDNSInformationLeaks. Rejecting.


Not sure whether it would be a good workaround to simply disable tor per default.
Can't dirmngr switch to sock 4a?


Thanks,
Chris.


-- System Information:
Debian Release: 11.0
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dirmngr depends on:
ii  adduser              3.118
ii  gpgconf              2.2.27-2
ii  init-system-helpers  1.60
ii  libassuan0           2.5.4-1
ii  libc6                2.31-12
ii  libgcrypt20          1.8.7-6
ii  libgnutls30          3.7.1-5
ii  libgpg-error0        1.38-2
ii  libksba8             1.5.0-3
ii  libldap-2.4-2        2.4.57+dfsg-3
ii  libnpth0             1.6-3
ii  lsb-base             11.1.0

Versions of packages dirmngr recommends:
ii  gnupg  2.2.27-2

Versions of packages dirmngr suggests:
ii  dbus-user-session  1.12.20-2
ii  libpam-systemd     247.3-5
ii  pinentry-gnome3    1.1.0-4
ii  tor                0.4.5.9-1

-- no debconf information

More information about the pkg-gnupg-maint mailing list