When trying to refresh any of my keys with any keyserver via hkp over IPv6, I receive "HKP fetch error: eof" The commandline that I am using is "gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --debug-all --refresh-key <someone's key>" I have tried multiple servers and multiple keys. As found in the release notes, "IPv6 is supported for HKP and HTTP keyserver access." at http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000186.html. I will post a complete debug output in an attached file. My internal network has been converted to IPv6 only courtesy of the Gentoo IPv6 Router Guide. http://www.gentoo.org/doc/en/ipv6.xml The prefix listed in the guide for totd and ptrtd is the same as I use. Reproducible: Always Steps to Reproduce: 1. Convert network over to IPv6 only. 2. Try to refresh key over IPv6 only system. 3. Actual Results: gpgkeys: HKP fetch error: eof Expected Results: Refreshed the key(s). emerge info Portage 2.0.51-r14 (default-linux/x86/2004.2/gcc34, gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.10 i686) ================================================================= System uname: 2.6.10 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz Gentoo Base System version 1.6.8 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Sep 23 2004, 04:12:51)] ccache version 2.3 [enabled] dev-lang/python: 2.3.4 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.5, 1.9.4, 1.8.5-r2, 1.4_p6, 1.6.3, 1.7.9 sys-devel/binutils: 2.15.92.0.2-r2 sys-devel/libtool: 1.5.10-r3 virtual/os-headers: 2.6.8.1-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-O3 -mtune=pentium4 -march=pentium4 -mfpmath=sse -mmmx -funroll-all-loops -msse2 -funroll-loops -pipe -fforce-addr -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/fax /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control /var/spool/fax/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -mtune=pentium4 -march=pentium4 -mfpmath=sse -mmmx -funroll-all-loops -msse2 -funroll-loops -pipe -fforce-addr -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig buildpkg candy ccache distlocks fixpackages loadpolicy sandbox sfperms" GENTOO_MIRRORS="http://gentoo.ccccom.com http://mirror.usu.edu/mirrors/gentoo/ http://mirror.datapipe.net/gentoo http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.mirrored.ca/ http://gentoo.netnitco.net http://mirrors.acm.cs.rpi.edu/gentoo/ http://gentoo.cs.lewisu.edu/gentoo/ http://mirrors.tds.net/gentoo http://ftp.du.se/pub/os/gentoo http://gentoo.ynet.sk/pub http://ftp.easynet.nl/mirror/gentoo/ http://gentoo.mirrors.pair.com/ http://pandemonium.tiscali.de/pub/gentoo/ http://mirror.etf.bg.ac.yu/gentoo http://ds.thn.htu.se/linux/gentoo http://mirror.tucdemonic.org/gentoo/ http://gentoo.inode.at/ http://prometheus.cs.wmich.edu/gentoo http://mirror.gentoo.no/ http://gentoo.prz.rzeszow.pl http://ftp.caliu.info/pub/gentoo/ http://cudlug.cudenver.edu/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://src.gentoo.pl http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ http://gentoo.mirror.solnet.ch http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ http://mirror.clarkson.edu/pub/distributions/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.linux.ee/pub/gentoo/distfiles/ http://mirror.averse.net/pub/gentoo/ http://mir.zyrianes.net/gentoo/ http://gentoo.blueyonder.co.uk http://gentoo.math.bme.hu http://ftp.ntua.gr/pub/linux/gentoo/ http://ftp.gentoo.or.kr/ http://www.las.ic.unicamp.br/pub/gentoo/ http://gentoo.kems.net http://gentoo.osuosl.org/ http://gentoo.ITDNet.net/gentoo http://open-systems.ufl.edu/mirrors/gentoo http://ftp.ceid.upatras.gr/pub/linux/gentoo http://ftp.roedu.net/pub/mirrors/gentoo.org/ http://mirror.hamakor.org.il/pub/mirrors/gentoo/ http://www.die.unipd.it/pub/Linux/distributions/gentoo-sources/ http://gentoo.zie.pg.gda.pl" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/home/portage" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aac aalib acpi adns aim alsa apache2 apm arts avi bash-completion bitmap-fonts bonobo bootstrap bzip2 bzlib cdda cddb cdparanoia cdr crypt cups dhcp divx4linux doc dvd dvdread encode esd ethereal f77 fam ffmpeg fftw flac font-server foomaticdb fortran freetype gcj gd gif gnome gpm gstreamer gtk gtk2 gtkhtml guile httpd i8x0 icq imagemagick imlib ipv6 jabber jack jpeg junit kde lapack ldap libg++ libgda libwww live lzo mad mikmod mmx mmx2 motif mozilla moznocompose moznoirc moznomail mozsvg mp3 mpeg mpeg2 mppe-mppc mysql nas ncurses network nls nptl nptlonly objc offensive ogg oggvorbis opengl oss pam pcntl pcre pdflib perl plotutils png postgres python qt quicktime readline real rtc ruby samba sasl scanner sdl slang slp speex spell sqlite sse sse2 ssl stream svg tcltk tcltx tcpd tetex theora threads tidy tiff truetype truetype-fonts type1-fonts usb utf8 vcd vdesktop vorbis wxwindows xanim xchattext xml xml2 xmms xprint xsl xv xvid xvmc yahoo zlib video_cards_radeon" Unset: LDFLAGS, PORTDIR_OVERLAY emerge -pv gnupg These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] app-crypt/gnupg-1.4.0-r1 +bzip2 -caps -debug -idea +ldap +nls +readline (-selinux) +zlib 0 kB
Created attachment 49198 [details] Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled
Created attachment 49199 [details] Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled
I could not replicate the problem. Can you attach the output of the following command for a comparison? strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 Also if this doesn't show anything try trace=file or trace=process. I've added gnupg-1.4.0-r2 which really doesn't change anything but can you please check using it.
strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 gpg: refreshing 1 key from pgp.mit.edu Process 22013 attached gpg: requesting key E0F65B76 from hkp server pgp.mit.edu Host: pgp.mit.edu Command: GET gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76' [pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 22013] send(6, "\303*\1\0\0\1\0\0\0\0\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 39, 0) = 39 [pid 22013] recvfrom(6, "\303*\201\203\0\1\0\0\0\1\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 111 [pid 22013] socket(PF_FILE, SOCK_STREAM, 0) = 6 [pid 22013] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 22013] socket(PF_FILE, SOCK_STREAM, 0) = 6 [pid 22013] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 22013] send(6, "8\0\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1", 29, 0) = 29 [pid 22013] recvfrom(6, "8\0\201\200\0\1\0\2\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1\300"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 106 [pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 22013] send(6, "\250&\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1", 29, 0) = 29 [pid 22013] recvfrom(6, "\250&\201\200\0\1\0\2\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 94 [pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 22013] getsockname(6, {sa_family=AF_INET6, sin6_port=htons(32930), inet_pton(AF_INET6, "2001:5c0:8523:1:20c:f1ff:feca:f32", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0 [pid 22013] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 22013] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable) [pid 22013] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 22013] shutdown(6, 1 /* send */) = 0 gpgkeys: HKP fetch error: eof Process 22013 detached --- SIGCHLD (Child exited) @ 0 (0) --- gpg: no valid OpenPGP data found. gpg: Total number processed: 0
strace -fe trace=process gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 execve("/usr/bin/gpg", ["gpg", "--keyserver", "pgp.mit.edu", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--refresh-key", "A6DC7152E0F65B76"], [/* 55 vars */]) = 0 gpg: refreshing 1 key from pgp.mit.edu clone(Process 22019 attached child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7e7f708) = 22019 gpg: requesting key E0F65B76 from hkp server pgp.mit.edu [pid 22019] execve("/usr/libexec/gnupg/gpgkeys_hkp", ["gpgkeys_hkp"], [/* 55 vars */]) = 0 Host: pgp.mit.edu Command: GET gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76' gpgkeys: HKP fetch error: eof [pid 22019] exit_group(0) = ? Process 22019 detached --- SIGCHLD (Child exited) @ 0 (0) --- gpg: no valid OpenPGP data found. gpg: Total number processed: 0 waitpid(22019, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 22019 exit_group(2) = ? strace -fe trace=file gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 execve("/usr/bin/gpg", ["gpg", "--keyserver", "pgp.mit.edu", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--refresh-key", "A6DC7152E0F65B76"], [/* 53 vars */]) = 0 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0 open("/usr/lib/libbz2.so.1.0", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=103952, ...}) = 0 open("/lib/libdl.so.2", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=10712, ...}) = 0 open("/lib/tls/libc.so.6", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0755, st_size=1284912, ...}) = 0 open("/dev/urandom", O_RDONLY) = 3 open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=21544, ...}) = 0 access("/home/mcadoo/.gnupg/gpg.conf-1.4.0", R_OK) = -1 ENOENT (No such file or directory) access("/home/mcadoo/.gnupg/gpg.conf-1.4", R_OK) = -1 ENOENT (No such file or directory) access("/home/mcadoo/.gnupg/gpg.conf-1", R_OK) = -1 ENOENT (No such file or directory) access("/home/mcadoo/.gnupg/gpg.conf", R_OK) = 0 access("/home/mcadoo/.gnupg/options", R_OK) = -1 ENOENT (No such file or directory) stat64("~/.gnupg", 0xbfffe3a0) = -1 ENOENT (No such file or directory) stat64("/home/mcadoo/.gnupg/gpg.conf", {st_mode=S_IFREG|0600, st_size=8078, ...}) = 0 stat64("/home/mcadoo/.gnupg", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 open("/home/mcadoo/.gnupg/gpg.conf", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0600, st_size=8078, ...}) = 0 access("/home/mcadoo/.gnupg/random_seed", F_OK) = 0 open("/home/mcadoo/.gnupg/secring.gpg", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0600, st_size=1838, ...}) = 0 access("/home/mcadoo/.gnupg/secring.gpg", F_OK) = 0 open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0600, st_size=500566, ...}) = 0 access("/home/mcadoo/.gnupg/pubring.gpg", F_OK) = 0 open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 3 open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 4 gpg: refreshing 1 key from pgp.mit.edu Process 22033 attached [pid 22032] fstat64(6, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 gpg: requesting key E0F65B76 from hkp server pgp.mit.edu [pid 22033] execve("/usr/libexec/gnupg/gpgkeys_hkp", ["gpgkeys_hkp"], [/* 53 vars */]) = 0 [pid 22033] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0 [pid 22033] open("/lib/libresolv.so.2", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=73156, ...}) = 0 [pid 22033] open("/lib/tls/libc.so.6", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=1284912, ...}) = 0 [pid 22033] open("/dev/urandom", O_RDONLY) = 6 [pid 22033] fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 [pid 22033] fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0 Host: pgp.mit.edu Command: GET gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76' [pid 22033] open("/etc/resolv.conf", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=132, ...}) = 0 [pid 22033] open("/etc/nsswitch.conf", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=497, ...}) = 0 [pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0 [pid 22033] open("/lib/libnss_files.so.2", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=39636, ...}) = 0 [pid 22033] open("/etc/hosts", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=33333, ...}) = 0 [pid 22033] open("/etc/hosts", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=33333, ...}) = 0 [pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0 [pid 22033] open("/lib/libnss_dns.so.2", O_RDONLY) = 6 [pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=18424, ...}) = 0 gpgkeys: HKP fetch error: eof Process 22033 detached gpg: no valid OpenPGP data found. --- SIGCHLD (Child exited) @ 0 (0) --- gpg: Total number processed: 0
Lets compare this. Mine: strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: refreshing 1 key from pgp.mit.edu Process 26982 attached gpg: requesting key E0F65B76 from hkp server pgp.mit.edu Host: pgp.mit.edu Command: GET gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76' [pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0 [pid 26982] send(6, "\233\24\1\0\0\1\0\0\0\0\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 39, 0) = 39 [pid 26982] recvfrom(6, "\233\24\201\203\0\1\0\0\0\1\0\0\4_hkp\4_tcp\3pgp\3mit\3"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 97 [pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0 [pid 26982] send(6, "\233\25\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1", 29, 0) = 29 [pid 26982] recvfrom(6, "\233\25\201\200\0\1\0\1\0\1\0\0\3pgp\3mit\3edu\0\0\34\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 115 [pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6 [pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0 [pid 26982] send(6, "\233\26\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1", 29, 0) = 29 [pid 26982] recvfrom(6, "\233\26\201\200\0\1\0\2\0\3\0\3\3pgp\3mit\3edu\0\0\1\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 182 ^^ DNS Lookups [pid 26982] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 6 [pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = 0 [pid 26982] shutdown(6, 1 /* send */) = 0 Process 26982 detached --- SIGCHLD (Child exited) @ 0 (0) --- gpg: key E0F65B76: duplicated user ID detected - merged gpg: key E0F65B76: "Grant Goodyear <g2boojum@hotmail.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 M. McAdoo's ignoring DNS stuff [pid 22013] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable) Seems to try IPv4 first [pid 22013] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6 [pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 IPv6 seems to connect ok. note last 32 bits of the address 0x12 = 18 0x07 = 7 0x0E = 14 0x8B = 139 [pid 22013] shutdown(6, 1 /* send */) = 0 gpgkeys: HKP fetch error: eof Process 22013 detached --- SIGCHLD (Child exited) @ 0 (0) --- gpg: no valid OpenPGP data found. gpg: Total number processed: 0 Taking a full trace after the DNS lookups yeilds: strace -f gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 [pid 27073] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = 0 [pid 27073] write(6, "GET /pks/lookup?op=get&options=m"..., 87) = 87 [pid 27073] write(6, "\r\n", 2) = 2 [pid 27073] shutdown(6, 1 /* send */) = 0 [pid 27073] read(6, "HTTP/1.0 200 OK\r\nServer: pks_www"..., 8192) = 1400 [pid 27073] read(6, "OOGwES6CB6M7GpZuGTj8uvtIqkItxU0h"..., 8192) = 1400 [pid 27073] read(6, "ECF4AACgkQ\nptxxUuD2W3aHkACfX7SZZ"..., 8192) = 1400 [pid 27073] write(1, "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 4096 <unfinished ...> [pid 27072] <... read resumed> "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 8192) = 4096 [pid 27073] <... write resumed> ) = 4096 [pid 27072] read(7, <unfinished ...> [pid 27073] read(6, "b1/IoSiq1YeZBvnTQIhGBBERAgAGBQJA"..., 8192) = 1400 [pid 27073] read(6, "KCRDg\nF4e3wx3t2OBOAJ9KsTB6i3WUFT"..., 8192) = 1400 [pid 27073] read(6, "CK-----\n", 8192) = 8 [pid 27073] write(1, "9vanVtQGhvdG1h\naWwuY29tPohGBBARA"..., 2963 <unfinished ...> [pid 27072] <... read resumed> "9vanVtQGhvdG1h\naWwuY29tPohGBBARA"..., 8192) = 2963 [pid 27073] <... write resumed> ) = 2963 [pid 27072] time( <unfinished ...> [pid 27073] munmap(0x40016000, 4096 <unfinished ...> [pid 27072] <... time resumed> NULL) = 1106517649 [pid 27073] <... munmap resumed> ) = 0 [pid 27072] time( <unfinished ...> [pid 27073] exit_group(0) = ? Process 27073 detached Because of the gpgkeys: HKP fetch error: eof you got I'd assume something is missing in the reads/writes. Can you please try: strace -f gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76 And paste the output after the DNS lookups. Please leave out all the time lookups info trailing the process detachment. Sorry I don't have a IPv6 network to test on. CCing ipv6 herd to see if anyone there can help (please)
[pid 28215] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable) [pid 28215] close(6) = 0 [pid 28215] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6 [pid 28215] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0 [pid 28215] write(6, "GET /pks/lookup?op=get&options=m"..., 87) = 87 [pid 28215] write(6, "\r\n", 2) = 2 [pid 28215] shutdown(6, 1 /* send */) = 0 [pid 28215] read(6, "", 8192) = 0 [pid 28215] close(6) = 0 [pid 28215] write(2, "gpgkeys: HKP fetch error: eof\n", 30gpgkeys: HKP fetch error: eof ) = 30 [pid 28215] write(1, "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 134 <unfinished ...> [pid 28214] <... read resumed> "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 8192) = 134 [pid 28215] <... write resumed> ) = 134 [pid 28215] munmap(0xb7fe8000, 4096) = 0 [pid 28215] exit_group(0) = ? Process 28215 detached
using something like ethereal or tcpdump - does the server actually send you a response. Does the normal tcp handshaking occur?
another thought - do ipv6 keyservers exist? want to try one?
Created attachment 49449 [details] Ethereal capture of GnuPG transmission It does look like there is a handshaking going on. But when it comes to showtime, nada. As to whether there is IPv6 addressable keyservers, I have not been able to get a strainght answer via web searches or prodding on IRC in the #gnupg channel. The dump file will show that I am trying to communicate to subkeys.pgp.net, not pgp.mit.edu. When I mention that I was using that address, I was "glared" at. Also, I notice that putting the resolved IPv6 address result in an error. Using the IPv4 address does not result in the error. gpg: refreshing 1 key from [3ffe:abcd:1234:9876::1207:e8b] gpg: DBG: set_exec_path method 0: PATH=/usr/libexec/gnupg gpg: DBG: execlp: gpgkeys_[3ffe gpg: unable to execute program `gpgkeys_[3ffe': No such file or directory gpg: refreshing 1 key from 18.7.14.139 gpg: DBG: set_exec_path method 0: PATH=/usr/libexec/gnupg gpg: DBG: execlp: gpgkeys_hkp gpg: DBG: iobuf-3.0: fdopen `[fd 7]' gpg: DBG: iobuf-3.0: ioctl `file_filter(fd)' no_cache=1 gpg: DBG: iobuf-3.0: ioctl `file_filter(fd)' no_cache=1 gpg: requesting key 7A3220C7 from hkp server 18.7.14.139 gpg: DBG: iobuf-3.0: underflow: req=8192 Host: 18.7.14.139 Command: GET This would just show that currently, GnuPG is unable to direcly handle an IPv6 address from the commandline. That though would probably be an upstream issue.
yep - sounds right - I'll post to gnupg-dev. You can follow at http://lists.gnupg.org/pipermail/gnupg-devel/2005-January/thread.html or subscribe to the list http://lists.gnupg.org/mailman/listinfo/gnupg-devel
IPv6 server maybe http://www.earth.li/projectpurple/progs/onak.html
Success! But with stipulations. First, the server has to have an IPv6 connection. Second, only via HKP, not HTTP. I used the keyserver.linux.it found in the GnuPG-devel list. The other one, keyserver.stack.nl, did not work since it was only accessible over HTTP. Both servers using HTTP resulted with error: gpgkeys: key <long_hex_string> not found on keyserver Process 581 detached --- SIGCHLD (Child exited) @ 0 (0) --- gpg: no valid OpenPGP data found. gpg: Total number processed: 0 So a workaround has been found. But it could be curious to know why accessing a keyserver through 6to4 router fails. My router follows the Gentoo IPv6 Router guide very closely, especially the 6to4 config and it's bogus prefix for totd and pTRTd. The hardest part of this bug was finding a IPv6 accessible keyserver. Thanks for the help.
great. Glad you found a work around. The execution of a program with part of a ipv6 address still needs to be addressed upstream. As for IPv6inIPv4 hard to say wheither it's a server implementation issue. I haven't looked at the internals of hkp keyserving so it could be some IPv6 address passing there(?) passing there.
