924606 – =app-crypt/gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy

Bug 924606 - =app-crypt/gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a proxy

Summary: =app-crypt/gnupg-2.4.4 breaks dirmngr fetching keys via hkps:// from behind a...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo's Team for Core System packages

URL:	https://dev.gnupg.org/T6997
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2024-02-14 21:49 UTC by Hank Leininger
Modified:	2024-02-18 10:13 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/35368
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hank Leininger 2024-02-14 21:49:19 UTC

See the bug I filed upstream at $URL - gnupg 2.4.4's dirmngr cannot fetch from an hkps:// keyserver via a web proxy. 2.4.3 works fine.

This prevents emerge --fetch from working from behind a proxy when keys are fetched/refreshed via hkps://keys.gentoo.org

Suggest 2.4.4 gets masked until this is resolved, or at the least, isn't stablized (see https://bugs.gentoo.org/835949) and 2.4.3 stays in the tree.

Comment 1 Hank Leininger 2024-02-16 04:33:57 UTC

Upstream made some fixes, which worked locally after moderate testing; isolated some patches and made a PR.

Comment 2 Larry the Git Cow gentoo-dev

2024-02-18 10:13:11 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45ed86aa273d9bb10f4856de72616d889f43f016

commit 45ed86aa273d9bb10f4856de72616d889f43f016
Author:     Hank Leininger <hlein@korelogic.com>
AuthorDate: 2024-02-16 04:29:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-18 10:12:32 +0000

    app-crypt/gnupg: fix dirmngr behind a proxy
    
    Adapted from upstream patches:
    https://dev.gnupg.org/rG04cbc3074aa98660b513a80f623a7e9f0702c7c9
    https://dev.gnupg.org/rG848546b05ab0ff6abd47724ecfab73bf32dd4c01
    
    Signed-off-by: Hank Leininger <hlein@korelogic.com>
    Closes: https://bugs.gentoo.org/924606
    Bug: https://bugs.gentoo.org/835949
    Closes: https://github.com/gentoo/gentoo/pull/35368
    Signed-off-by: Sam James <sam@gentoo.org>

 .../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch    |  91 ++++++++++
 app-crypt/gnupg/gnupg-2.4.4-r1.ebuild              | 197 +++++++++++++++++++++
 2 files changed, 288 insertions(+)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08da6f87e95c43a1441569981eee1afe4da24997

commit 08da6f87e95c43a1441569981eee1afe4da24997
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-02-18 10:11:22 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-02-18 10:12:32 +0000

    app-crypt/gnupg: use final version of dirmngr proxy fixes
    
    Export the patches from STABLE-BRANCH-2-4 so it's easier to compare with
    any future fixes as things kept changing here. Hopefully it's all OK now.
    
    (Contents are the same though, really.)
    
    Bug: https://bugs.gentoo.org/924606
    Signed-off-by: Sam James <sam@gentoo.org>

 .../gnupg/files/gnupg-2.4.4-dirmngr-proxy.patch    | 179 +++++++++++++++++----
 1 file changed, 145 insertions(+), 34 deletions(-)