resolv.conf and gnupg2

resolv.conf and gnupg2

[Marco Atzeri]

Hi,

currently as default Gnupg 2.x is unable to contact keyservers and 
recover any key. Gnupg 1.x has not such problem

$  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 
gpg: keyserver receive failed: No such file or directory

The cryptic message is due to the absence of a /etc/resolv.conf
as adding a simple one with a public DNS server overcomes the issue

$ cat /etc/resolv.conf
; /etc/resolv.conf file for dnsmaster
;
domain           .com
nameserver       0.0.0.0
nameserver       8.8.8.8


$  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
gpg: key D17BF2305981E818: 1 duplicate signature removed
gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
gpg: Total number processed: 1
gpg:              unchanged: 1


I would expect BIND to be a package that creates/manages resolv.conf as
it provides a library to parser it, but I do not see any place where 
this is done.

$ cygcheck -p resolv.conf
Found 7 matches for resolv.conf
..
libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages

Any suggestion on how to solve the absence of /etc/resolv.conf ?
I doubt  gnupg2 is the proper package to do so.


Regards
Marco

Re: resolv.conf and gnupg2

[Mark Geisert]

Marco Atzeri wrote:
> Hi,
> 
> currently as default Gnupg 2.x is unable to contact keyservers and recover any 
> key. Gnupg 1.x has not such problem
> 
> $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver 
> receive failed: No such file or directory
> 
> The cryptic message is due to the absence of a /etc/resolv.conf
> as adding a simple one with a public DNS server overcomes the issue
> 
> $ cat /etc/resolv.conf
> ; /etc/resolv.conf file for dnsmaster
> ;
> domain           .com
> nameserver       0.0.0.0
> nameserver       8.8.8.8
> 
> 
> $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> gpg: key D17BF2305981E818: 1 duplicate signature removed
> gpg: key D17BF2305981E818: "Andrew Makhorin 
> <mao-egIpddyTbSMmeSKuKGS7mg@public.gmane.org>" not chan
> gpg: Total number processed: 1
> gpg:              unchanged: 1
> 
> 
> I would expect BIND to be a package that creates/manages resolv.conf as
> it provides a library to parser it, but I do not see any place where this is done.
> 
> $ cygcheck -p resolv.conf
> Found 7 matches for resolv.conf
> ..
> libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
> 
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt  gnupg2 is the proper package to do so.

Could Cygwin itself provide a minimal /etc/resolv.conf pointing to public DNS 
server(s)?  Some users might object to Google's public DNS (e.g. 8.8.8.8) though.

Or perhaps a new package 'resolv.conf' with either the public DNS pointers or a 
postinstall script that massages the system's 'ipconfig /all' to obtain Windows' 
current settings.

..mark

Re: resolv.conf and gnupg2

[ASSI]

Mark Geisert writes:
> Could Cygwin itself provide a minimal /etc/resolv.conf pointing to
> public DNS server(s)?  Some users might object to Google's public DNS
> (e.g. 8.8.8.8) though.

No, this would be the job for any software that configures the DNS
resolver.  However, I'd prefer if no resolver libraries ever looked at
/etc/resolv.conf as it doesn't really make sense for Cygwin to muck
about with the DNS configuration independently of what Windows provides.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf rackAttack:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

Re: resolv.conf and gnupg2

[Corinna Vinschen]

On Aug  8 11:15, ASSI wrote:
> Mark Geisert writes:
> > Could Cygwin itself provide a minimal /etc/resolv.conf pointing to
> > public DNS server(s)?  Some users might object to Google's public DNS
> > (e.g. 8.8.8.8) though.
> 
> No, this would be the job for any software that configures the DNS
> resolver.  However, I'd prefer if no resolver libraries ever looked at
> /etc/resolv.conf as it doesn't really make sense for Cygwin to muck
> about with the DNS configuration independently of what Windows provides.

I agree, actually.

Right now, Cygwin's resolver checks for /etc/resolv.conf, too, but uses
the OS stuff if /etc/resolv.conf isn't available.

So I wonder, just as you do, if we shouldn't drop support for
/etc/resolv.conf and let this be handled by the OS only.

In theory, we have two scenarios:
- Either a user is also admin and can change the OS settings anyway,
- or the user is not admin and the admins very likely don't like the
  user to change the resolver settings on the company machine...


Corinna

Re: resolv.conf and gnupg2

[Corinna Vinschen]

On Aug  7 16:34, Marco Atzeri wrote:
> Hi,
> 
> currently as default Gnupg 2.x is unable to contact keyservers and recover
> any key. Gnupg 1.x has not such problem
> 
> $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver
> receive failed: No such file or directory
> 
> The cryptic message is due to the absence of a /etc/resolv.conf
> as adding a simple one with a public DNS server overcomes the issue
> 
> $ cat /etc/resolv.conf
> ; /etc/resolv.conf file for dnsmaster
> ;
> domain           .com
> nameserver       0.0.0.0
> nameserver       8.8.8.8
> 
> 
> $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> gpg: key D17BF2305981E818: 1 duplicate signature removed
> gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
> gpg: Total number processed: 1
> gpg:              unchanged: 1
> 
> 
> I would expect BIND to be a package that creates/manages resolv.conf as
> it provides a library to parser it, but I do not see any place where this is
> done.
> 
> $ cygcheck -p resolv.conf
> Found 7 matches for resolv.conf
> ..
> libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
> 
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt  gnupg2 is the proper package to do so.

I can't believe (but may be wrong, of course) that gnupg2 tries to
access /etc/resolv.conf by itself.  I would rather guess that gnupg2
is linked against one or more libs provided by the bind package,
and thus uses the resolver from the bind package.  However, Cygwin
provides its own resolver entry points, and those don't need
/etc/resolv.conf, because they utilize the OS resolver.

Is there a build option to avoid building against the bind lib?
Alternatively it might be possible to inject an autoconf variable
from cygport...?


Corinna

Re: resolv.conf and gnupg2

[Corinna Vinschen]

On Aug  8 09:30, Corinna Vinschen wrote:
> On Aug  7 16:34, Marco Atzeri wrote:
> > Hi,
> > 
> > currently as default Gnupg 2.x is unable to contact keyservers and recover
> > any key. Gnupg 1.x has not such problem
> > 
> > $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818 gpg: keyserver
> > receive failed: No such file or directory
> > 
> > The cryptic message is due to the absence of a /etc/resolv.conf
> > as adding a simple one with a public DNS server overcomes the issue
> > 
> > $ cat /etc/resolv.conf
> > ; /etc/resolv.conf file for dnsmaster
> > ;
> > domain           .com
> > nameserver       0.0.0.0
> > nameserver       8.8.8.8
> > 
> > 
> > $  /usr/bin/gpg2 --keyserver pgp.mit.edu --recv-keys 5981E818
> > gpg: key D17BF2305981E818: 1 duplicate signature removed
> > gpg: key D17BF2305981E818: "Andrew Makhorin <mao@mai2.rcnet.ru>" not chan
> > gpg: Total number processed: 1
> > gpg:              unchanged: 1
> > 
> > 
> > I would expect BIND to be a package that creates/manages resolv.conf as
> > it provides a library to parser it, but I do not see any place where this is
> > done.
> > 
> > $ cygcheck -p resolv.conf
> > Found 7 matches for resolv.conf
> > ..
> > libirs161-9.11.9-1 - libirs161: BIND resolv.conf parser library
> > man-pages-linux-5.13-1 - man-pages-linux: Linux manual pages
> > 
> > Any suggestion on how to solve the absence of /etc/resolv.conf ?
> > I doubt  gnupg2 is the proper package to do so.
> 
> I can't believe (but may be wrong, of course) that gnupg2 tries to
> access /etc/resolv.conf by itself.  I would rather guess that gnupg2
> is linked against one or more libs provided by the bind package,
> and thus uses the resolver from the bind package.  However, Cygwin
> provides its own resolver entry points, and those don't need
> /etc/resolv.conf, because they utilize the OS resolver.
> 
> Is there a build option to avoid building against the bind lib?
> Alternatively it might be possible to inject an autoconf variable
> from cygport...?

Having said that, Cygwin provides libresolv.a by itself anyway.
How gets gnupg2 around that?  How does it resolve?


Corinna

Re: resolv.conf and gnupg2

[Yasuhiro Kimura]

From: Corinna Vinschen <corinna-cygwin@cygwin.com>
Subject: Re: resolv.conf and gnupg2
Date: Mon, 8 Aug 2022 09:30:47 +0200

> I can't believe (but may be wrong, of course) that gnupg2 tries to
> access /etc/resolv.conf by itself.  I would rather guess that gnupg2
> is linked against one or more libs provided by the bind package,
> and thus uses the resolver from the bind package.  However, Cygwin
> provides its own resolver entry points, and those don't need
> /etc/resolv.conf, because they utilize the OS resolver.
> 
> Is there a build option to avoid building against the bind lib?
> Alternatively it might be possible to inject an autoconf variable
> from cygport...?
> 
> 
> Corinna

Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.

(Cygwin64)yasu@rolling[1007]% pwd
/cygdrive/c/Users/yasu/Work/gnupg
(Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
NEWS:  * dirmngr: Make reading resolv.conf more robust.  [T5657]
NEWS:  * dirmngr: Now detects a changed /etc/resolv.conf.
dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
dirmngr/dns-stuff.c:  /* Force a reload if resolv.conf has changed.  */
dirmngr/dns-stuff.c:        log_debug ("dns: resolv.conf changed - forcing reload\n");
dirmngr/dns.c:  if ((error = dns_resconf_loadpath(resconf, "/etc/resolv.conf"))) {
dirmngr/dns.c:           * /etc/resolv.conf, defaulting to a nameserver of
dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in resolv.conf. */
dirmngr/dns.c:           * is the intersection of the /etc/resolv.conf families and
dirmngr/dns.c:           * /etc/resolv.conf has "family inet4" and .ai_type
dirmngr/dns.c:          MAIN.resconf.path[MAIN.resconf.count++] = "/etc/resolv.conf";
dirmngr/dns.c:  { "show-resconf",       &show_resconf,          "show resolv.conf data" },
dirmngr/dns.c:          "  -c PATH   Path to resolv.conf\n"
(Cygwin64)yasu@rolling[1009]%

---
Yasuhiro Kimura

Re: resolv.conf and gnupg2

[Corinna Vinschen]

On Aug  8 21:13, Yasuhiro Kimura wrote:
> From: Corinna Vinschen <corinna-cygwin@cygwin.com>
> Subject: Re: resolv.conf and gnupg2
> Date: Mon, 8 Aug 2022 09:30:47 +0200
> 
> > I can't believe (but may be wrong, of course) that gnupg2 tries to
> > access /etc/resolv.conf by itself.  I would rather guess that gnupg2
> > is linked against one or more libs provided by the bind package,
> > and thus uses the resolver from the bind package.  However, Cygwin
> > provides its own resolver entry points, and those don't need
> > /etc/resolv.conf, because they utilize the OS resolver.
> > 
> > Is there a build option to avoid building against the bind lib?
> > Alternatively it might be possible to inject an autoconf variable
> > from cygport...?
> > 
> > 
> > Corinna
> 
> Unfortunately it seems gnupg2 accesses /etc/resolv.conf in some way.
> 
> (Cygwin64)yasu@rolling[1007]% pwd
> /cygdrive/c/Users/yasu/Work/gnupg
> (Cygwin64)yasu@rolling[1008]% git grep -F resolv.conf
> NEWS:  * dirmngr: Make reading resolv.conf more robust.  [T5657]
> NEWS:  * dirmngr: Now detects a changed /etc/resolv.conf.
> dirmngr/dns-stuff.c:#define RESOLV_CONF_NAME "/etc/resolv.conf"
> dirmngr/dns-stuff.c:  /* Force a reload if resolv.conf has changed.  */
> dirmngr/dns-stuff.c:        log_debug ("dns: resolv.conf changed - forcing reload\n");
> dirmngr/dns.c:  if ((error = dns_resconf_loadpath(resconf, "/etc/resolv.conf"))) {
> dirmngr/dns.c:           * /etc/resolv.conf, defaulting to a nameserver of
> dirmngr/dns.c:/** ugly hack to support specifying ports other than 53 in resolv.conf. */
> dirmngr/dns.c:           * is the intersection of the /etc/resolv.conf families and
> dirmngr/dns.c:           * /etc/resolv.conf has "family inet4" and .ai_type
> dirmngr/dns.c:          MAIN.resconf.path[MAIN.resconf.count++] = "/etc/resolv.conf";
> dirmngr/dns.c:  { "show-resconf",       &show_resconf,          "show resolv.conf data" },
> dirmngr/dns.c:          "  -c PATH   Path to resolv.conf\n"
> (Cygwin64)yasu@rolling[1009]%

IIUC, that should be fixable by configuring gnupg with --disable-libdns.


Corinna

Re: resolv.conf and gnupg2

[Chad Dougherty]

Corinna Vinschen wrote:
> 
> IIUC, that should be fixable by configuring gnupg with --disable-libdns.
> 

Yes, below is the message that I sent to Marco but which was rejected by 
this list because I wasn't subscribed at the time that I replied to all.

-- 
     -Chad


On 2022-08-07 10:34, Marco Atzeri wrote:
> Any suggestion on how to solve the absence of /etc/resolv.conf ?
> I doubt  gnupg2 is the proper package to do so.
>

Looking into this, I'm reminded of how much I really dislike the design 
of gnupg2.

dirmngr appears to have its own DNS client library that tries to do the 
resolv.conf parsing among other things.  I believe this library gets 
compiled into the current cygwin package.

I noticed this configuration option:
   --disable-libdns        do not build with libdns support

I just tested a build using this option and it seemed to fix the problem 
for me.

I did not use the full end-to-end cygport process but I think the patch 
at the bottom of this message should do the trick.  Could you give it a 
shot?

Thanks...

-- 
     -Chad


$ diff -u gnupg2.cygport.orig gnupg2.cygport
--- gnupg2.cygport.orig 2022-08-08 14:00:18.562073400 -0400
+++ gnupg2.cygport      2022-08-08 14:00:53.146950000 -0400
@@ -22,6 +22,6 @@
         cygautoreconf
         sed -i -e '/^development_version=/s/yes/no/' configure
         cd ${B}
-       cygconf --enable-gpg-is-gpg2
+       cygconf --enable-gpg-is-gpg2 --disable-libdns
         cygmake
  }

Re: resolv.conf and gnupg2

[Marco Atzeri]

On 08.08.2022 16:13, Corinna Vinschen wrote:
> On Aug  8 21:13, Yasuhiro Kimura wrote:
>> From: Corinna Vinschen 
> 
> IIUC, that should be fixable by configuring gnupg with --disable-libdns.
> 
> 
> Corinna

Thanks Corinna,
I will upload shortly a version "2.2.35-2" implementing this configuration

Regards
Marco