[Bug 1625848] Re: gnupg2 appears to ignore http_proxy, fails to retrieve keys
Launchpad Bug Tracker
1625848 at bugs.launchpad.net
Wed Feb 21 21:49:39 UTC 2018
This bug was fixed in the package gnupg2 - 2.2.4-1ubuntu1
---------------
gnupg2 (2.2.4-1ubuntu1) bionic; urgency=medium
* Merge from Debian unstable, remaining changes:
- debian/gnupg2.udev:
- Add udev rules to give gpg access to some smartcard readers;
Debian #543217.
- udev rules to set ACLs on SCM smartcard readers.
- Add breaks for software-properties-common at 0.96.24.3 or lower.
- Honor http_proxy= environment variables by default in the systemd
user session dirmngr service. LP: #1625848
- Export GPG_AGENT_INFO in the systemd-environment-generator too.
* Dropped changes:
- Removed user session upstart support.
- Removed gpg-agent.service changes, use Debian's environment generator instead.
- Patch to set GNUPGHOME for tests, fixed in debian/upstream.
gnupg2 (2.2.4-1) unstable; urgency=medium
* New upstream release
* do not use uupdate (we use gbp-import-orig)
* dirmngr: cannot avoid idling in current arrangement
* adjusting fixes to gpgsm defaults
* prefer SHA-512 specifically on personal-digest-preferences.
* refresh patches
* Standards-Version: bump to 4.1.3 (no changes needed)
* drop unnecessary lintian override
* reflect actual requirement for libassuan
* import bugfixes from upstream
gnupg2 (2.2.3-1) unstable; urgency=medium
* New upstream release
* refreshed patches
gnupg2 (2.2.2-1) unstable; urgency=medium
* new upstream release.
* avoid testsuite delays from excess socket waiting
* clean up trailing whitespace in debian/{rules,changelog}
* drop patches already upstream
* refresh remaining patches
gnupg2 (2.2.1-5) unstable; urgency=medium
* block ptrace on scdaemon as well as gpg-agent (Closes: #878952)
gnupg2 (2.2.1-4) unstable; urgency=medium
* restore lintian override, because ftp-master isn't yet running lintian
2.5.55 (see #877999 for more details)
gnupg2 (2.2.1-3) unstable; urgency=medium
* bugfix for multiple keyrings (Closes: #878812)
* drop an unnecessary lintian override
gnupg2 (2.2.1-2) unstable; urgency=medium
* adopt bugfixes and documentation improvements from upstream
* reorganize debian/patches for simpler maintenance
* move gnupg-l10n to Section: localization
* Standards-Version: bump to 4.1.1 (no changes needed)
gnupg2 (2.2.1-1) unstable; urgency=medium
* New upstream release
* drop patches already applied upstream
gnupg2 (2.2.0-3) unstable; urgency=medium
* avoid FTBFS when TZ=UTC-12 (Closes: #874617)
gnupg2 (2.2.0-2) unstable; urgency=medium
* dirmngr and gpgv-static are Multi-arch: foreign (Closes: #874111)
* update to stronger cryptographic defaults.
* use upstream gpg-agent-browser.socket systemd user service
* publish SSH_AUTH_SOCK for wayland users (Closes: #855868)
gnupg2 (2.2.0-1) unstable; urgency=medium
* New upstream release.
* drop patches already upstream
* scdaemon: bugfix from upstream for large ECC keys
* Standards-Version: bump to 4.1.0 (no changes needed)
gnupg2 (2.1.23-2) unstable; urgency=medium
* add openssh-client to build-deps for testing
gnupg2 (2.1.23-1) unstable; urgency=medium
* New upstream release
* move to unstable
* refresh patches
* keep default --no-auto-key-retrieve
* Standards-Version: 4.0.1 (Priority: extra -> optional)
* run tests in parallel
gnupg2 (2.1.22-1) experimental; urgency=medium
* New upstream release
* refreshed patches
* pulled a few bugfix patches from upstream
* simplify systemd user units
gnupg2 (2.1.21-4) experimental; urgency=medium
* package reorganization:
- new package 'gpg' is just for public key operations
- 'gnupg' package is the full suite
- 'gnupg-agent' package is renamed to 'gpg-agent'
- 'gpgconf' is a base package, other packages depend on it
- 'gnupg-utils' are a grab-bag of helper tools that may be useful
* scdaemon: add AppStream metainfo about supported smartcards
gnupg2 (2.1.21-3) experimental; urgency=medium
* include upstream bugfixes and improvements (Closes: #863221)
* build gpgcompose, ship new gpgcompose binary package
* upgrade to debhelper 10
* upgrade to Standards-Version 4.0.0 (no changes needed)
gnupg2 (2.1.21-2) experimental; urgency=medium
[ Stefan Bühler ]
* Create WKS server and client packages
[ Daniel Kahn Gillmor ]
* minor packaging cleanups
* more upstream bugfix and cleanup patches
* rename WKS packages to match the tool names
gnupg2 (2.1.21-1) experimental; urgency=medium
* new upstream release
* drop patches alread yupstream, refresh patches
* import post-release bugfixes from upstream
gnupg2 (2.1.20-4) experimental; urgency=medium
* avoid shipping or trying to use .skel files
* more bugfixes from upstream
* skip missing signing keys (Closes: #834922)
* prefer available smartcard
gnupg2 (2.1.20-3) experimental; urgency=medium
* more upstream bugfixes (Closes: #858400)
gnupg2 (2.1.20-2) experimental; urgency=medium
* more bugfix patches from upstream
gnupg2 (2.1.20-1) experimental; urgency=medium
* new upstream release
* drop patches already upstream, refresh patches
* import post-release bugfixes from upstream
gnupg2 (2.1.19-3) experimental; urgency=medium
* more patches from usptream
- test suite should now use /tmp and not require /run/user/
gnupg2 (2.1.19-2) experimental; urgency=medium
* more patches from upstream (Closes: #854829)
* add verbose=3 to the test suite as requested by upstream
gnupg2 (2.1.19-1) experimental; urgency=medium
* New upstream release (Closes: #854359)
* many post-release bugfixes from upstream
* add logcheck filters for gpg-agent (Closes: #856438)
* Upload to experimental due to the freeze
gnupg2 (2.1.18-6) unstable; urgency=medium
[ NIIBE Yutaka ]
* scdaemon: Fix duplicated entries (Closes: #855056).
gnupg2 (2.1.18-5) unstable; urgency=medium
[ Daniel Kahn Gillmor ]
* Xsession.d/90gpg-agent: use simpler and more direct gpgconf
invocations for socket names.
[ NIIBE Yutaka ]
* scdaemon.udev: Add Yubikey and Nitrokey (Closes: #648331, 734889).
* scdaemon fix for PC/SC (Closes: #852702, #854005, #854595, #854616).
gnupg2 (2.1.18-4) unstable; urgency=medium
[ Daniel Kahn Gillmor ]
* document that debian disables --allow-version-check
* docs, debugging, and bugfix patches from upstream (Closes: #852979)
[ NIIBE Yutaka ]
* scdaemon bugfixes
gnupg2 (2.1.18-3) unstable; urgency=medium
* fix searches for keys with raw addr-spec
gnupg2 (2.1.18-2) unstable; urgency=medium
* pull fixes from upstream (including a double-free in gpg-agent)
gnupg2 (2.1.18-1) unstable; urgency=medium
* New upstream release.
gnupg2 (2.1.17-6) unstable; urgency=medium
* Upstream patches, fixing unnecessary delay in gpg-agent (Closes: #851298)
* gpg-agent: avoid race in shutdown (Closes: #841143)
* improve dirmngr, gpg-agent README.Debian (Closes: #850982)
* clean up gpg-agent-idling patch
gnupg2 (2.1.17-5) unstable; urgency=medium
* more fixes from upstream (improving but not yet closing: #849845)
* gpg-agent: actively poll when shutdown is pending. Thanks, NIIBE
Yutaka! (addresses but does not close #841143)
gnupg2 (2.1.17-4) unstable; urgency=medium
* more patches from upstream, including dirmngr debugging
improvements
* resolve ambiguity in aliased options and commands (Closes: #850475)
* auto-enable gpg-agent and dirmngr for systemd user sessions
* enable easy reloads from systemd
gnupg2 (2.1.17-3) unstable; urgency=medium
* more bugfixes from upstream (improving but not yet closing: #849845)
gnupg2 (2.1.17-2) unstable; urgency=medium
* include patches from upstream to avoid build failures on 32-bit
arches.
gnupg2 (2.1.17-1) unstable; urgency=medium
* new upstream release.
gnupg2 (2.1.16-3) unstable; urgency=medium
* remove -pie from hppa, kfreebsd-amd64, and x32 builds of
gpgv-static (Closes: #846889)
* import several upstream bugfix patches (Closes: #846834, #846168)
* link gnupg-agent and scdaemon with Enhances/Suggests (Closes: #833518)
gnupg2 (2.1.16-2) unstable; urgency=medium
* avoid using adns, due to lack of security support (Closes: #845078)
gnupg2 (2.1.16-1) unstable; urgency=medium
* New upstream version
* dropped many patches already incorporated upstream
gnupg2 (2.1.15-9) unstable; urgency=medium
* Introduce gpgv-static package (Closes: #806940)
* more patches from upstream
* use adns for better DNS resolution in dirmngr
* add some import-options to
migrate-pubring-from-classic-gpg for better migration
* reorganize patches to distinguish debian variations from upstream
* set simple and easy defaults for keyservers
* help dirmngr and gpg-agent idle better in the default case
gnupg2 (2.1.15-8) unstable; urgency=medium
* rename gpg-agent-restricted.socket to gpg-agent-extra.socket
(for symmetry with option names and actual sockets created)
gnupg2 (2.1.15-7) unstable; urgency=medium
* more upstream patches
* dirmngr systemd user service is now socket-activated.
gnupg2 (2.1.15-6) unstable; urgency=medium
* more upstream patches (Closes: #841437, #840680)
gnupg2 (2.1.15-5) unstable; urgency=medium
* added udev rules for Fujitsu Siemens cardreader (Closes: #840312)
* mark transitional packages Multi-Arch: Foreign (closes: #840258)
* make gnupg2 binNMU-safe
* more patches from upstream
* track upstream decision-making about gpg-agent socket names
gnupg2 (2.1.15-4) unstable; urgency=medium
* update debian/tests/gpgv-win32
* more patches from upstream (Closes: #838153)
* tighten dependencies between gnupg and dirmngr (Closes: #834602)
* updated systemd user gpg-agent units for socket activation
gnupg2 (2.1.15-3) unstable; urgency=medium
* Use upstream fix to avoid touching homedir during test suite
* backward compatibility for preset-passphrase and protect-tool
* add Breaks: for python3-apt too (thanks, Harald Jenny!)
* Avoid network access during tests (Closes: #836259)
* more patches from upstream
- gpgv --output now works
- fingerprint display doesn't vary with --keyid-format
- minor cleanup to scdaemon dealing with removed cards
gnupg2 (2.1.15-2) unstable; urgency=medium
* restore keyid output in gpgv (Closes: #836144)
* avoid test suite failures when HOME does not exist
-- Dimitri John Ledkov <xnox at ubuntu.com> Thu, 11 Jan 2018 13:33:17
+0000
** Changed in: gnupg2 (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/1625848
Title:
gnupg2 appears to ignore http_proxy, fails to retrieve keys
Status in GnuPG2:
Fix Released
Status in gnupg2 package in Ubuntu:
Fix Released
Status in gnupg2 source package in Yakkety:
Won't Fix
Bug description:
As seen in the LXC autopkgtest results:
http://autopkgtest.ubuntu.com/packages/lxc
The source of those failures is that pool.sks-keyserver.net isn't
allowed from within the autopkgtest environment. For that reason, LXC
will switch to the http transport on port 80 when http_proxy is set in
the environment.
Under gpgv1, this was causing gpg to grab keys through the specified
proxy as required in the autopkgtest environment and in a lot of
corporate environments where internet access is only available through
proxy.
In gpgv2, it looks like dirmngr just entirely ignores any proxy variable and just attempts to fetch the key directly rather than through the proxy, leading to a failure.
### Xenial
iptables -I OUTPUT -p tcp --dport 80 -j REJECT
ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT
root at xenial:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net
?: p80.pool.sks-keyservers.net: Connection refused
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: keyserver communications error: keyserver unreachable
gpg: keyserver communications error: public key not found
gpg: keyserver receive failed: public key not found
root at xenial:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net
gpg: key 22F6E216: "LXC pre-built images <lxc-devel at lists.linuxcontainers.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
### Yakkety
root at yakkety:~# iptables -I OUTPUT -p tcp --dport 80 -j REJECT
root at yakkety:~# ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT
root at yakkety:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: keyserver receive failed: Connection refused
root at yakkety:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216
gpg: keyserver receive failed: Connection refused
To manage notifications about this bug go to:
https://bugs.launchpad.net/gnupg2/+bug/1625848/+subscriptions
More information about the foundations-bugs
mailing list