* resolv.conf and gnupg2
@ 2022-08-07 14:34 Marco Atzeri
2022-08-07 22:33 ` Mark Geisert
2022-08-08 7:30 ` Corinna Vinschen
0 siblings, 2 replies; 10+ messages in thread
From: Marco Atzeri @ 2022-08-07 14:34 UTC (permalink / raw)
To: cygwin-apps; +Cc: Chad Dougherty
Hi,
currently as default Gnupg 2.x is unable to contact keyservers and
recover any key. Gnupg 1.x has not such problem
$ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
gpg: keyserver receive failed: No such file or directory
The cryptic message is due to the absence of a /etc/resolv.conf
as adding a simple one with a public DNS server overcomes the issue
$ cat /etc/resolv.conf
; /etc/resolv.conf file for dnsmaster
;
domain .com
nameserver 0.0.0.0
nameserver 8.8.8.8
$ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
gpg: key D17BF2305981E818: 1 duplicate signature removed
gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
gpg: Total number processed: 1
gpg: unchanged: 1
I would expect BIND to be a package that creates/manages resolv.conf as
it provides a library to parser it, but I do not see any place where
this is done.
$ cygcheck -p resolv.conf
Found 7 matches for resolv.conf
..
libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
Any suggestion on how to solve the absence of /etc/resolv.conf ?
I doubt gnupg2 is the proper package to do so.
Regards
Marco
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-07 14:34 resolv.conf and gnupg2 Marco Atzeri
@ 2022-08-07 22:33 ` Mark Geisert
2022-08-08 9:15 ` ASSI
2022-08-08 7:30 ` Corinna Vinschen
1 sibling, 1 reply; 10+ messages in thread
From: Mark Geisert @ 2022-08-07 22:33 UTC (permalink / raw)
To: Cygwin-Apps; +Cc: Chad Dougherty
Marco Atzeri wrote:
> Hi,
>
> currently as default Gnupg 2.x is unable to contact keyservers and recover any
> key. Gnupg 1.x has not such problem
>
> $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver
> receive failed: No such file or directory
>
> The cryptic message is due to the absence of a /etc/resolv.conf
> as adding a simple one with a public DNS server overcomes the issue
>
> $ cat /etc/resolv.conf
> ; /etc/resolv.conf file for dnsmaster
> ;
> domain .com
> nameserver 0.0.0.0
> nameserver 8.8.8.8
>
>
> $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> gpg: key D17BF2305981E818: 1 duplicate signature removed
> gpg: key D17BF2305981E818: "Andrew Makhorin
> <mao-egIpddyTbSMmeSKuKGS7mg@public.gmane.org>" not chan
> gpg: Total number processed: 1
> gpg: unchanged: 1
>
>
> I would expect BIND to be a package that creates/manages resolv.conf as
> it provides a library to parser it, but I do not see any place where this is done.
>
> $ cygcheck -p resolv.conf
> Found 7 matches for resolv.conf
> ..
> libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
>
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt gnupg2 is the proper package to do so.
Could Cygwin itself provide a minimal /etc/resolv.conf pointing to public DNS
server(s)? Some users might object to Google's public DNS (e.g. 8.8.8.8) though.
Or perhaps a new package 'resolv.conf' with either the public DNS pointers or a
postinstall script that massages the system's 'ipconfig /all' to obtain Windows'
current settings.
..mark
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-07 22:33 ` Mark Geisert
@ 2022-08-08 9:15 ` ASSI
2022-08-08 11:50 ` Corinna Vinschen
0 siblings, 1 reply; 10+ messages in thread
From: ASSI @ 2022-08-08 9:15 UTC (permalink / raw)
To: cygwin-apps
Mark Geisert writes:
> Could Cygwin itself provide a minimal /etc/resolv.conf pointing to
> public DNS server(s)? Some users might object to Google's public DNS
> (e.g. 8.8.8.8) though.
No, this would be the job for any software that configures the DNS
resolver. However, I'd prefer if no resolver libraries ever looked at
/etc/resolv.conf as it doesn't really make sense for Cygwin to muck
about with the DNS configuration independently of what Windows provides.
Regards,
Achim.
--
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 9:15 ` ASSI
@ 2022-08-08 11:50 ` Corinna Vinschen
0 siblings, 0 replies; 10+ messages in thread
From: Corinna Vinschen @ 2022-08-08 11:50 UTC (permalink / raw)
To: cygwin-apps
On Aug 8 11:15, ASSI wrote:
> Mark Geisert writes:
> > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to
> > public DNS server(s)? Some users might object to Google's public DNS
> > (e.g. 8.8.8.8) though.
>
> No, this would be the job for any software that configures the DNS
> resolver. However, I'd prefer if no resolver libraries ever looked at
> /etc/resolv.conf as it doesn't really make sense for Cygwin to muck
> about with the DNS configuration independently of what Windows provides.
I agree, actually.
Right now, Cygwin's resolver checks for /etc/resolv.conf, too, but uses
the OS stuff if /etc/resolv.conf isn't available.
So I wonder, just as you do, if we shouldn't drop support for
/etc/resolv.conf and let this be handled by the OS only.
In theory, we have two scenarios:
- Either a user is also admin and can change the OS settings anyway,
- or the user is not admin and the admins very likely don't like the
user to change the resolver settings on the company machine...
Corinna
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-07 14:34 resolv.conf and gnupg2 Marco Atzeri
2022-08-07 22:33 ` Mark Geisert
@ 2022-08-08 7:30 ` Corinna Vinschen
2022-08-08 11:54 ` Corinna Vinschen
2022-08-08 12:13 ` Yasuhiro Kimura
1 sibling, 2 replies; 10+ messages in thread
From: Corinna Vinschen @ 2022-08-08 7:30 UTC (permalink / raw)
To: cygwin-apps
On Aug 7 16:34, Marco Atzeri wrote:
> Hi,
>
> currently as default Gnupg 2.x is unable to contact keyservers and recover
> any key. Gnupg 1.x has not such problem
>
> $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver
> receive failed: No such file or directory
>
> The cryptic message is due to the absence of a /etc/resolv.conf
> as adding a simple one with a public DNS server overcomes the issue
>
> $ cat /etc/resolv.conf
> ; /etc/resolv.conf file for dnsmaster
> ;
> domain .com
> nameserver 0.0.0.0
> nameserver 8.8.8.8
>
>
> $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> gpg: key D17BF2305981E818: 1 duplicate signature removed
> gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
> gpg: Total number processed: 1
> gpg: unchanged: 1
>
>
> I would expect BIND to be a package that creates/manages resolv.conf as
> it provides a library to parser it, but I do not see any place where this is
> done.
>
> $ cygcheck -p resolv.conf
> Found 7 matches for resolv.conf
> ..
> libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
>
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt gnupg2 is the proper package to do so.
I can't believe (but may be wrong, of course) that gnupg2 tries to
access /etc/resolv.conf by itself. I would rather guess that gnupg2
is linked against one or more libs provided by the bind package,
and thus uses the resolver from the bind package. However, Cygwin
provides its own resolver entry points, and those don't need
/etc/resolv.conf, because they utilize the OS resolver.
Is there a build option to avoid building against the bind lib?
Alternatively it might be possible to inject an autoconf variable
from cygport...?
Corinna
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 7:30 ` Corinna Vinschen
@ 2022-08-08 11:54 ` Corinna Vinschen
2022-08-08 12:13 ` Yasuhiro Kimura
1 sibling, 0 replies; 10+ messages in thread
From: Corinna Vinschen @ 2022-08-08 11:54 UTC (permalink / raw)
To: cygwin-apps
On Aug 8 09:30, Corinna Vinschen wrote:
> On Aug 7 16:34, Marco Atzeri wrote:
> > Hi,
> >
> > currently as default Gnupg 2.x is unable to contact keyservers and recover
> > any key. Gnupg 1.x has not such problem
> >
> > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver
> > receive failed: No such file or directory
> >
> > The cryptic message is due to the absence of a /etc/resolv.conf
> > as adding a simple one with a public DNS server overcomes the issue
> >
> > $ cat /etc/resolv.conf
> > ; /etc/resolv.conf file for dnsmaster
> > ;
> > domain .com
> > nameserver 0.0.0.0
> > nameserver 8.8.8.8
> >
> >
> > $ /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> > gpg: key D17BF2305981E818: 1 duplicate signature removed
> > gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
> > gpg: Total number processed: 1
> > gpg: unchanged: 1
> >
> >
> > I would expect BIND to be a package that creates/manages resolv.conf as
> > it provides a library to parser it, but I do not see any place where this is
> > done.
> >
> > $ cygcheck -p resolv.conf
> > Found 7 matches for resolv.conf
> > ..
> > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
> >
> > Any suggestion on how to solve the absence of /etc/resolv.conf ?
> > I doubt gnupg2 is the proper package to do so.
>
> I can't believe (but may be wrong, of course) that gnupg2 tries to
> access /etc/resolv.conf by itself. I would rather guess that gnupg2
> is linked against one or more libs provided by the bind package,
> and thus uses the resolver from the bind package. However, Cygwin
> provides its own resolver entry points, and those don't need
> /etc/resolv.conf, because they utilize the OS resolver.
>
> Is there a build option to avoid building against the bind lib?
> Alternatively it might be possible to inject an autoconf variable
> from cygport...?
Having said that, Cygwin provides libresolv.a by itself anyway.
How gets gnupg2 around that? How does it resolve?
Corinna
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 7:30 ` Corinna Vinschen
2022-08-08 11:54 ` Corinna Vinschen
@ 2022-08-08 12:13 ` Yasuhiro Kimura
2022-08-08 14:13 ` Corinna Vinschen
1 sibling, 1 reply; 10+ messages in thread
From: Yasuhiro Kimura @ 2022-08-08 12:13 UTC (permalink / raw)
To: cygwin-apps
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
Subject: Re: resolv.conf and gnupg2
Date: Mon, 8 Aug 2022 09:30:47 +0200
> I can't believe (but may be wrong, of course) that gnupg2 tries to
> access /etc/resolv.conf by itself. I would rather guess that gnupg2
> is linked against one or more libs provided by the bind package,
> and thus uses the resolver from the bind package. However, Cygwin
> provides its own resolver entry points, and those don't need
> /etc/resolv.conf, because they utilize the OS resolver.
>
> Is there a build option to avoid building against the bind lib?
> Alternatively it might be possible to inject an autoconf variable
> from cygport...?
>
>
> Corinna
Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.
(Cygwin64)yasu@rolling[1007]% pwd
/cygdrive/c/Users/yasu/Work/gnupg
(Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657]
NEWS: * dirmngr: Now detects a changed /etc/resolv.conf.
dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */
dirmngr/dns-stuff.c: log_debug ("dns: resolv.conf changed - forcing reload\n");
dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf, "/etc/resolv.conf"))) {
dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of
dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in resolv.conf. */
dirmngr/dns.c: * is the intersection of the /etc/resolv.conf families and
dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type
dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] = "/etc/resolv.conf";
dirmngr/dns.c: { "show-resconf", &show_resconf, "show resolv.conf data" },
dirmngr/dns.c: " -c PATH Path to resolv.conf\n"
(Cygwin64)yasu@rolling[1009]%
---
Yasuhiro Kimura
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 12:13 ` Yasuhiro Kimura
@ 2022-08-08 14:13 ` Corinna Vinschen
2022-08-08 18:29 ` Chad Dougherty
2022-08-10 17:22 ` Marco Atzeri
0 siblings, 2 replies; 10+ messages in thread
From: Corinna Vinschen @ 2022-08-08 14:13 UTC (permalink / raw)
To: cygwin-apps
On Aug 8 21:13, Yasuhiro Kimura wrote:
> From: Corinna Vinschen <corinna-cygwin@cygwin.com>
> Subject: Re: resolv.conf and gnupg2
> Date: Mon, 8 Aug 2022 09:30:47 +0200
>
> > I can't believe (but may be wrong, of course) that gnupg2 tries to
> > access /etc/resolv.conf by itself. I would rather guess that gnupg2
> > is linked against one or more libs provided by the bind package,
> > and thus uses the resolver from the bind package. However, Cygwin
> > provides its own resolver entry points, and those don't need
> > /etc/resolv.conf, because they utilize the OS resolver.
> >
> > Is there a build option to avoid building against the bind lib?
> > Alternatively it might be possible to inject an autoconf variable
> > from cygport...?
> >
> >
> > Corinna
>
> Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.
>
> (Cygwin64)yasu@rolling[1007]% pwd
> /cygdrive/c/Users/yasu/Work/gnupg
> (Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
> NEWS: * dirmngr: Make reading resolv.conf more robust. [T5657]
> NEWS: * dirmngr: Now detects a changed /etc/resolv.conf.
> dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
> dirmngr/dns-stuff.c: /* Force a reload if resolv.conf has changed. */
> dirmngr/dns-stuff.c: log_debug ("dns: resolv.conf changed - forcing reload\n");
> dirmngr/dns.c: if ((error = dns_resconf_loadpath(resconf, "/etc/resolv.conf"))) {
> dirmngr/dns.c: * /etc/resolv.conf, defaulting to a nameserver of
> dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in resolv.conf. */
> dirmngr/dns.c: * is the intersection of the /etc/resolv.conf families and
> dirmngr/dns.c: * /etc/resolv.conf has "family inet4" and .ai_type
> dirmngr/dns.c: MAIN.resconf.path[MAIN.resconf.count++] = "/etc/resolv.conf";
> dirmngr/dns.c: { "show-resconf", &show_resconf, "show resolv.conf data" },
> dirmngr/dns.c: " -c PATH Path to resolv.conf\n"
> (Cygwin64)yasu@rolling[1009]%
IIUC, that should be fixable by configuring gnupg with --disable-libdns.
Corinna
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 14:13 ` Corinna Vinschen
@ 2022-08-08 18:29 ` Chad Dougherty
2022-08-10 17:22 ` Marco Atzeri
1 sibling, 0 replies; 10+ messages in thread
From: Chad Dougherty @ 2022-08-08 18:29 UTC (permalink / raw)
To: corinna-cygwin, cygwin-apps
Corinna Vinschen wrote:
>
> IIUC, that should be fixable by configuring gnupg with --disable-libdns.
>
Yes, below is the message that I sent to Marco but which was rejected by
this list because I wasn't subscribed at the time that I replied to all.
--
-Chad
On 2022-08-07 10:34, Marco Atzeri wrote:
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt gnupg2 is the proper package to do so.
>
Looking into this, I'm reminded of how much I really dislike the design
of gnupg2.
dirmngr appears to have its own DNS client library that tries to do the
resolv.conf parsing among other things. I believe this library gets
compiled into the current cygwin package.
I noticed this configuration option:
--disable-libdns do not build with libdns support
I just tested a build using this option and it seemed to fix the problem
for me.
I did not use the full end-to-end cygport process but I think the patch
at the bottom of this message should do the trick. Could you give it a
shot?
Thanks...
--
-Chad
$ diff -u gnupg2.cygport.orig gnupg2.cygport
--- gnupg2.cygport.orig 2022-08-08 14:00:18.562073400 -0400
+++ gnupg2.cygport 2022-08-08 14:00:53.146950000 -0400
@@ -22,6 +22,6 @@
cygautoreconf
sed -i -e '/^development_version=/s/yes/no/' configure
cd ${B}
- cygconf --enable-gpg-is-gpg2
+ cygconf --enable-gpg-is-gpg2 --disable-libdns
cygmake
}
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: resolv.conf and gnupg2
2022-08-08 14:13 ` Corinna Vinschen
2022-08-08 18:29 ` Chad Dougherty
@ 2022-08-10 17:22 ` Marco Atzeri
1 sibling, 0 replies; 10+ messages in thread
From: Marco Atzeri @ 2022-08-10 17:22 UTC (permalink / raw)
To: cygwin-apps
On 08.08.2022 16:13, Corinna Vinschen wrote:
> On Aug 8 21:13, Yasuhiro Kimura wrote:
>> From: Corinna Vinschen
>
> IIUC, that should be fixable by configuring gnupg with --disable-libdns.
>
>
> Corinna
Thanks Corinna,
I will upload shortly a version "2.2.35-2" implementing this configuration
Regards
Marco
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2022-08-10 17:22 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-07 14:34 resolv.conf and gnupg2 Marco Atzeri
2022-08-07 22:33 ` Mark Geisert
2022-08-08 9:15 ` ASSI
2022-08-08 11:50 ` Corinna Vinschen
2022-08-08 7:30 ` Corinna Vinschen
2022-08-08 11:54 ` Corinna Vinschen
2022-08-08 12:13 ` Yasuhiro Kimura
2022-08-08 14:13 ` Corinna Vinschen
2022-08-08 18:29 ` Chad Dougherty
2022-08-10 17:22 ` Marco Atzeri
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).