Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 538852

Summary: app-crypt/gnupg-2.0.26-r3 static build is unable to access HKPS keyservers
Product: Gentoo Linux Reporter: Juraj Variny <rini17>
Component: Current packagesAssignee: Crypto team [DISABLED] <crypto+disabled>
Status: RESOLVED WONTFIX    
Severity: normal CC: k_f
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: curl build log
gnupg build log

Description Juraj Variny 2015-02-04 21:34:35 UTC 
gpg --recv-key or gpg--search-key always fails with 
gpgkeys: HTTP fetch error 1: unsupported protocol
Same commands, on the same system with unchanged configuration but dynamically rebuilt gnupg are working.

Reproducible: Always

Steps to Reproduce:
1. Emerge gnupg with USE="static"
2. Configure hkps keyserver and certificate, in gnupg.conf for example:
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options check-cert ca-cert-file=~/.gnupg/sks-keyservers.netCA.pem
3. Try gpg --search-key 677ABD62D0AEE7D7
Actual Results:  
Error message:
gpgkeys: HTTP fetch error 1: unsupported protocol

Expected Results:  
Whether key was found or not on the keyserver

Portage 2.2.14 (python 3.4.1-final-0, default/linux/amd64/13.0/desktop, gcc-4.8.3, glibc-2.19-r1, 3.17.7-gentoo x86_64)
=================================================================
System uname: Linux-3.17.7-gentoo-x86_64-AMD_Athlon-tm-_II_X4_630_Processor-with-gentoo-2.2
KiB Mem:    12301104 total,    761116 free
KiB Swap:   10485756 total,   9529476 free
Timestamp of tree: Wed, 04 Feb 2015 12:45:01 +0000
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:          4.2_p53
dev-java/java-config:     2.2.0
dev-lang/perl:            5.18.2-r2
dev-lang/python:          2.7.9-r1, 3.3.5-r1, 3.4.1
dev-util/cmake:           2.8.12.2-r1
dev-util/pkgconfig:       0.28-r1
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.13.8
sys-apps/sandbox:         2.6-r1
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.11.6-r1, 1.12.6, 1.13.4
sys-devel/binutils:       2.24-r3
sys-devel/gcc:            4.7.3-r1, 4.8.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4.4
sys-devel/make:           4.0-r1
sys-kernel/linux-headers: 3.16 (virtual/os-headers)
sys-libs/glibc:           2.19-r1
Repositories: gentoo x-portage sunrise haskell
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-g -O2 -march=native -mtune=native -ftree-vectorize -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/boot/cmdline.txt /boot/config.txt /etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ati /etc/ca-certificates.conf /etc/env.d /etc/eselect /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/hal /etc/hotplug /etc/pam.d /etc/php/apache2-php5.5/ext-active/ /etc/php/cgi-php5.5/ext-active/ /etc/php/cli-php5.5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/xdg /etc/xml"
CXXFLAGS="-g -O2 -march=native -mtune=native -ftree-vectorize -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--quiet-build --keep-going"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://tux.rainside.sk/gentoo/ ftp://gentoo.wheel.sk/pub/linux/gentoo/ ftp://gd.tuwien.ac.at/opsys/linux/gentoo/ http://distfiles.gentoo.org"
LANG="sk_SK.UTF-8"
LC_ALL="sk_SK.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--sort-common -Wl,--hash-style=gnu -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/sunrise /var/lib/layman/haskell"
USE="3dnow 3dnowext 7zip X a52 aac acl acpi alsa amd64 amr apache2 apng bash-completion bazaar bluetooth branding bzip2 cairo cdda cdio cdr cli consolekit cpudetection cracklib crypt css cups curl cvs cxx darcs dbus dga dia djvu dri dts dvb dvd dvdr dvdread ebook emboss encode exif faac faad fam ffmpeg firefox flac fontconfig foomaticdb freetype gdbm gif git glamor gnutls gpm gs gtk hal i8x0 iconv icq icu imagemagick imlib inotify ipv6 irc jabber jack java jingle jpeg jpeg2k kde lash lcms libav libnotify lirc live lm_sensors logrotate lzma lzo mad matroska mercurial mjpeg mmx mmx2 mmxext mng mobi modules mp3 mp4 mpeg mplayer msn multilib ncurses network nls nptl nsplugin ogg oggvorbis openexr opengl openmp pam pango pcre pdf perl png policykit postgres ppds python qalculate qt qt3support qt4 quicktime readline real samba sdl semantic-desktop session smp sms spell sqlite sse sse2 sse3 ssl ssse3 startup-notification stream subversion svg syslog tcltk tcpd theora threads tiff tk truetype udev udisks unicode upower urandom usb utempter v4l v4l2 vcd vim-syntax vorbis webkit wifi win32codecs wmf wxwidgets wxwindows x264 xcb xext xine xinerama xml xpm xv xvid zlib zvbi" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias reqtimeout proxy proxy_http proxy_connect proxy_ajp" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmx2 mmxext 3dnow 3dnowext sse sse2 sse3 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="en sk" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3 python3_4 pypy pypy3" QEMU_SOFTMMU_TARGETS="i386 ppc ppc64 x86_64" QEMU_USER_TARGETS="arm i386 x86_64" RUBY_TARGETS="ruby19 ruby20" USERLAND="GNU" VIDEO_CARDS="ati radeon radeonsi vesa fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="2.7 3.4"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, SYNC
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-06 09:56:22 UTC 
Can you please confirm that curl and the crypto provider for HTTP has been built staticly? Please provide the configure log from the build of gnupg and libgcrypt.

fwiw, "gpgkeys: HTTP fetch error 1: unsupported protocol" is an error you will get independent of whether a key exists on a keyserver or not simply because it isn't making a connection to https (which hkps translates into with a specific path)
Comment 2 Juraj Variny 2015-02-06 14:14:40 UTC 
Created attachment 395720 [details]
curl build log
Comment 3 Juraj Variny 2015-02-06 14:15:34 UTC 
Created attachment 395722 [details]
gnupg build log
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-07 21:30:08 UTC 
(In reply to Juraj Variny from comment #3)
> Created attachment 395722 [details]
> gnupg build log

Can you please run with --keyserver-options verbose,debug and report what curl version is used. I suspect this is using curl-shim?
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-08 15:46:19 UTC 
Created thread in gnupg-users: http://lists.gnupg.org/pipermail/gnupg-users/2015-February/052386.html
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-05-22 15:36:57 UTC 
Summary: Linking with curl when ssl provider is enabled doesn't work statically and test fails during gnupg building, so curl helpers are built with curl-shim that doesn't support hkps instead of using a full curl version. 

This is not a downstream breakage of the distro and it is not likely to change (although there is potentially better luck for static linking on alternative libc providers such as musl). Static linking for gnupg 2.0 is likely to be removed in future version altogether , gnupg 1.4 should be used if such situations are needed. 

Closing WONTFIX