Bug 79038

Summary:	GnuPG 1.4.0 not refreshing keys via hkp:// over IPv6 network connection
Product:	Gentoo Linux	Reporter:	M. McAdoo <mcadoo>
Component:	Current packages	Assignee:	Crypto team [DISABLED] <crypto+disabled>
Status:	RESOLVED UPSTREAM
Severity:	major	CC:	ipv6
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled Ethereal capture of GnuPG transmission

Description M. McAdoo 2005-01-21 19:38:17 UTC

When trying to refresh any of my keys with any keyserver via hkp over IPv6, I receive "HKP fetch error: eof"  The commandline that I am using is "gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --debug-all --refresh-key <someone's key>"  I have tried multiple servers and multiple keys.  

As found in the release notes, "IPv6 is supported for HKP and HTTP keyserver access." at http://lists.gnupg.org/pipermail/gnupg-announce/2004q4/000186.html.  I will post a complete debug output in an attached file.

My internal network has been converted to IPv6 only courtesy of the Gentoo IPv6 Router Guide.  http://www.gentoo.org/doc/en/ipv6.xml

The prefix listed in the guide for totd and ptrtd is the same as I use.

Reproducible: Always
Steps to Reproduce:
1. Convert network over to IPv6 only.
2. Try to refresh key over IPv6 only system.
3.

Actual Results:  
gpgkeys: HKP fetch error: eof

Expected Results:  
Refreshed the key(s).

emerge info
Portage 2.0.51-r14 (default-linux/x86/2004.2/gcc34, gcc-3.4.3,
glibc-2.3.4.20041102-r0, 2.6.10 i686)
=================================================================
System uname: 2.6.10 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz
Gentoo Base System version 1.6.8
Python:              dev-lang/python-2.3.4 [2.3.4 (#1, Sep 23 2004, 04:12:51)]
ccache version 2.3 [enabled]
dev-lang/python:     2.3.4
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.5, 1.9.4, 1.8.5-r2, 1.4_p6, 1.6.3, 1.7.9
sys-devel/binutils:  2.15.92.0.2-r2
sys-devel/libtool:   1.5.10-r3
virtual/os-headers:  2.6.8.1-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -mtune=pentium4 -march=pentium4 -mfpmath=sse -mmmx
-funroll-all-loops -msse2 -funroll-loops -pipe -fforce-addr -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.2/share/config
/usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown
/usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/fax
/usr/lib/mozilla/defaults/pref /usr/share/config
/usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/
/usr/share/texmf/xdvi/ /var/bind /var/qmail/control /var/spool/fax/etc"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -mtune=pentium4 -march=pentium4 -mfpmath=sse -mmmx
-funroll-all-loops -msse2 -funroll-loops -pipe -fforce-addr -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig buildpkg candy ccache distlocks fixpackages
loadpolicy sandbox sfperms"
GENTOO_MIRRORS="http://gentoo.ccccom.com http://mirror.usu.edu/mirrors/gentoo/
http://mirror.datapipe.net/gentoo http://gentoo.chem.wisc.edu/gentoo/
http://gentoo.mirrored.ca/ http://gentoo.netnitco.net
http://mirrors.acm.cs.rpi.edu/gentoo/ http://gentoo.cs.lewisu.edu/gentoo/
http://mirrors.tds.net/gentoo http://ftp.du.se/pub/os/gentoo
http://gentoo.ynet.sk/pub http://ftp.easynet.nl/mirror/gentoo/
http://gentoo.mirrors.pair.com/ http://pandemonium.tiscali.de/pub/gentoo/
http://mirror.etf.bg.ac.yu/gentoo http://ds.thn.htu.se/linux/gentoo
http://mirror.tucdemonic.org/gentoo/ http://gentoo.inode.at/
http://prometheus.cs.wmich.edu/gentoo http://mirror.gentoo.no/
http://gentoo.prz.rzeszow.pl http://ftp.caliu.info/pub/gentoo/
http://cudlug.cudenver.edu/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo
http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://src.gentoo.pl
http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/
http://gentoo.mirror.solnet.ch
http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/
http://mirror.clarkson.edu/pub/distributions/gentoo/
http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/
http://ftp.linux.ee/pub/gentoo/distfiles/ http://mirror.averse.net/pub/gentoo/
http://mir.zyrianes.net/gentoo/ http://gentoo.blueyonder.co.uk
http://gentoo.math.bme.hu http://ftp.ntua.gr/pub/linux/gentoo/
http://ftp.gentoo.or.kr/ http://www.las.ic.unicamp.br/pub/gentoo/
http://gentoo.kems.net http://gentoo.osuosl.org/ http://gentoo.ITDNet.net/gentoo
http://open-systems.ufl.edu/mirrors/gentoo
http://ftp.ceid.upatras.gr/pub/linux/gentoo
http://ftp.roedu.net/pub/mirrors/gentoo.org/
http://mirror.hamakor.org.il/pub/mirrors/gentoo/
http://www.die.unipd.it/pub/Linux/distributions/gentoo-sources/
http://gentoo.zie.pg.gda.pl"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/home/portage"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X aac aalib acpi adns aim alsa apache2 apm arts avi bash-completion
bitmap-fonts bonobo bootstrap bzip2 bzlib cdda cddb cdparanoia cdr crypt cups
dhcp divx4linux doc dvd dvdread encode esd ethereal f77 fam ffmpeg fftw flac
font-server foomaticdb fortran freetype gcj gd gif gnome gpm gstreamer gtk gtk2
gtkhtml guile httpd i8x0 icq imagemagick imlib ipv6 jabber jack jpeg junit kde
lapack ldap libg++ libgda libwww live lzo mad mikmod mmx mmx2 motif mozilla
moznocompose moznoirc moznomail mozsvg mp3 mpeg mpeg2 mppe-mppc mysql nas
ncurses network nls nptl nptlonly objc offensive ogg oggvorbis opengl oss pam
pcntl pcre pdflib perl plotutils png postgres python qt quicktime readline real
rtc ruby samba sasl scanner sdl slang slp speex spell sqlite sse sse2 ssl stream
svg tcltk tcltx tcpd tetex theora threads tidy tiff truetype truetype-fonts
type1-fonts usb utf8 vcd vdesktop vorbis wxwindows xanim xchattext xml xml2 xmms
xprint xsl xv xvid xvmc yahoo zlib video_cards_radeon"
Unset:  LDFLAGS, PORTDIR_OVERLAY

emerge -pv gnupg

These are the packages that I would merge, in order:

Calculating dependencies  ...done!
[ebuild   R   ] app-crypt/gnupg-1.4.0-r1  +bzip2 -caps -debug -idea +ldap +nls
+readline (-selinux) +zlib 0 kB

Comment 1 M. McAdoo 2005-01-22 06:17:29 UTC

Created attachment 49198 [details]
Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled

Comment 2 M. McAdoo 2005-01-22 06:20:27 UTC

Created attachment 49199 [details]
Refresh key command line with "--debug-all" and "--keyserver-options verbose" enabled

Comment 3 Daniel Black (RETIRED) gentoo-dev

2005-01-23 02:22:18 UTC

I could not replicate the problem. Can you attach the output of the following command for a comparison?

strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76

Also if this doesn't show anything try trace=file or trace=process.

I've added gnupg-1.4.0-r2 which really doesn't change anything but can you please check using it.

Comment 4 M. McAdoo 2005-01-23 06:34:43 UTC

strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76
gpg: refreshing 1 key from pgp.mit.edu
Process 22013 attached
gpg: requesting key E0F65B76 from hkp server pgp.mit.edu
Host:           pgp.mit.edu
Command:        GET
gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76'
[pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 22013] send(6, "\303*\1\0\0\1\0\0\0\0\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 39, 0) = 39
[pid 22013] recvfrom(6, "\303*\201\203\0\1\0\0\0\1\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 111
[pid 22013] socket(PF_FILE, SOCK_STREAM, 0) = 6
[pid 22013] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 22013] socket(PF_FILE, SOCK_STREAM, 0) = 6
[pid 22013] connect(6, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 22013] send(6, "8\0\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1", 29, 0) = 29
[pid 22013] recvfrom(6, "8\0\201\200\0\1\0\2\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1\300"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 106
[pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 22013] send(6, "\250&\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1", 29, 0) = 29
[pid 22013] recvfrom(6, "\250&\201\200\0\1\0\2\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1"..., 1024, 0, {sa_family=AF_INET6, sin6_port=htons(53), inet_pton(AF_INET6, "2001:5c0:8523:1::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 94
[pid 22013] socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 22013] getsockname(6, {sa_family=AF_INET6, sin6_port=htons(32930), inet_pton(AF_INET6, "2001:5c0:8523:1:20c:f1ff:feca:f32", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
[pid 22013] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 22013] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable)
[pid 22013] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 22013] shutdown(6, 1 /* send */)   = 0
gpgkeys: HKP fetch error: eof
Process 22013 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Comment 5 M. McAdoo 2005-01-23 06:37:21 UTC

 strace -fe trace=process gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76
execve("/usr/bin/gpg", ["gpg", "--keyserver", "pgp.mit.edu", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--refresh-key", "A6DC7152E0F65B76"], [/* 55 vars */]) = 0
gpg: refreshing 1 key from pgp.mit.edu
clone(Process 22019 attached
child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7e7f708) = 22019
gpg: requesting key E0F65B76 from hkp server pgp.mit.edu
[pid 22019] execve("/usr/libexec/gnupg/gpgkeys_hkp", ["gpgkeys_hkp"], [/* 55 vars */]) = 0
Host:           pgp.mit.edu
Command:        GET
gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76'
gpgkeys: HKP fetch error: eof
[pid 22019] exit_group(0)               = ?
Process 22019 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
waitpid(22019, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 22019
exit_group(2)                           = ?



strace -fe trace=file gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76
execve("/usr/bin/gpg", ["gpg", "--keyserver", "pgp.mit.edu", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--keyserver-options", "verbose", "--refresh-key", "A6DC7152E0F65B76"], [/* 53 vars */]) = 0
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0
open("/usr/lib/libbz2.so.1.0", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=103952, ...}) = 0
open("/lib/libdl.so.2", O_RDONLY)       = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=10712, ...}) = 0
open("/lib/tls/libc.so.6", O_RDONLY)    = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=1284912, ...}) = 0
open("/dev/urandom", O_RDONLY)          = 3
open("/usr/lib/gconv/gconv-modules.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21544, ...}) = 0
access("/home/mcadoo/.gnupg/gpg.conf-1.4.0", R_OK) = -1 ENOENT (No such file or directory)
access("/home/mcadoo/.gnupg/gpg.conf-1.4", R_OK) = -1 ENOENT (No such file or directory)
access("/home/mcadoo/.gnupg/gpg.conf-1", R_OK) = -1 ENOENT (No such file or directory)
access("/home/mcadoo/.gnupg/gpg.conf", R_OK) = 0
access("/home/mcadoo/.gnupg/options", R_OK) = -1 ENOENT (No such file or directory)
stat64("~/.gnupg", 0xbfffe3a0)          = -1 ENOENT (No such file or directory)
stat64("/home/mcadoo/.gnupg/gpg.conf", {st_mode=S_IFREG|0600, st_size=8078, ...}) = 0
stat64("/home/mcadoo/.gnupg", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0
open("/home/mcadoo/.gnupg/gpg.conf", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=8078, ...}) = 0
access("/home/mcadoo/.gnupg/random_seed", F_OK) = 0
open("/home/mcadoo/.gnupg/secring.gpg", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=1838, ...}) = 0
access("/home/mcadoo/.gnupg/secring.gpg", F_OK) = 0
open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0600, st_size=500566, ...}) = 0
access("/home/mcadoo/.gnupg/pubring.gpg", F_OK) = 0
open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 3
open("/home/mcadoo/.gnupg/pubring.gpg", O_RDONLY|O_LARGEFILE) = 4
gpg: refreshing 1 key from pgp.mit.edu
Process 22033 attached
[pid 22032] fstat64(6, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
gpg: requesting key E0F65B76 from hkp server pgp.mit.edu
[pid 22033] execve("/usr/libexec/gnupg/gpgkeys_hkp", ["gpgkeys_hkp"], [/* 53 vars */]) = 0
[pid 22033] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
[pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0
[pid 22033] open("/lib/libresolv.so.2", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=73156, ...}) = 0
[pid 22033] open("/lib/tls/libc.so.6", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=1284912, ...}) = 0
[pid 22033] open("/dev/urandom", O_RDONLY) = 6
[pid 22033] fstat64(0, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
[pid 22033] fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
Host:           pgp.mit.edu
Command:        GET
gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76'
[pid 22033] open("/etc/resolv.conf", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=132, ...}) = 0
[pid 22033] open("/etc/nsswitch.conf", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=497, ...}) = 0
[pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0
[pid 22033] open("/lib/libnss_files.so.2", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=39636, ...}) = 0
[pid 22033] open("/etc/hosts", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=33333, ...}) = 0
[pid 22033] open("/etc/hosts", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=33333, ...}) = 0
[pid 22033] open("/etc/ld.so.cache", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0644, st_size=145975, ...}) = 0
[pid 22033] open("/lib/libnss_dns.so.2", O_RDONLY) = 6
[pid 22033] fstat64(6, {st_mode=S_IFREG|0755, st_size=18424, ...}) = 0
gpgkeys: HKP fetch error: eof
Process 22033 detached
gpg: no valid OpenPGP data found.
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: Total number processed: 0

Comment 6 Daniel Black (RETIRED) gentoo-dev

2005-01-23 14:11:42 UTC

Lets compare this.

Mine:
strace -fe trace=network gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: refreshing 1 key from pgp.mit.edu
Process 26982 attached
gpg: requesting key E0F65B76 from hkp server pgp.mit.edu
Host:           pgp.mit.edu
Command:        GET
gpgkeys: HTTP URL is `hkp://pgp.mit.edu/pks/lookup?op=get&options=mr&search=0xE0F65B76'
[pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0
[pid 26982] send(6, "\233\24\1\0\0\1\0\0\0\0\0\0\4_hkp\4_tcp\3pgp\3mit\3e"..., 39, 0) = 39
[pid 26982] recvfrom(6, "\233\24\201\203\0\1\0\0\0\1\0\0\4_hkp\4_tcp\3pgp\3mit\3"..., 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 97
[pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0
[pid 26982] send(6, "\233\25\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\34\0\1", 29, 0) = 29
[pid 26982] recvfrom(6, "\233\25\201\200\0\1\0\1\0\1\0\0\3pgp\3mit\3edu\0\0\34\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 115
[pid 26982] socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 6
[pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, 28) = 0
[pid 26982] send(6, "\233\26\1\0\0\1\0\0\0\0\0\0\3pgp\3mit\3edu\0\0\1\0\1", 29, 0) = 29
[pid 26982] recvfrom(6, "\233\26\201\200\0\1\0\2\0\3\0\3\3pgp\3mit\3edu\0\0\1\0"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.10.10.254")}, [16]) = 182

^^ DNS Lookups

[pid 26982] socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 6
[pid 26982] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = 0
[pid 26982] shutdown(6, 1 /* send */)   = 0
Process 26982 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: key E0F65B76: duplicated user ID detected - merged
gpg: key E0F65B76: "Grant Goodyear <g2boojum@hotmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1


M. McAdoo's ignoring DNS stuff
[pid 22013] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable)

Seems to try IPv4 first

[pid 22013] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6
[pid 22013] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0

IPv6 seems to connect ok.
note last 32 bits of the address
0x12 = 18
0x07 = 7
0x0E = 14
0x8B = 139

[pid 22013] shutdown(6, 1 /* send */)   = 0
gpgkeys: HKP fetch error: eof
Process 22013 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Taking a full trace after the DNS lookups yeilds:
strace -f gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76
[pid 27073] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = 0
[pid 27073] write(6, "GET /pks/lookup?op=get&options=m"..., 87) = 87
[pid 27073] write(6, "\r\n", 2)         = 2
[pid 27073] shutdown(6, 1 /* send */)   = 0
[pid 27073] read(6, "HTTP/1.0 200 OK\r\nServer: pks_www"..., 8192) = 1400
[pid 27073] read(6, "OOGwES6CB6M7GpZuGTj8uvtIqkItxU0h"..., 8192) = 1400
[pid 27073] read(6, "ECF4AACgkQ\nptxxUuD2W3aHkACfX7SZZ"..., 8192) = 1400
[pid 27073] write(1, "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 4096 <unfinished ...>
[pid 27072] <... read resumed> "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 8192) = 4096
[pid 27073] <... write resumed> )       = 4096
[pid 27072] read(7,  <unfinished ...>
[pid 27073] read(6, "b1/IoSiq1YeZBvnTQIhGBBERAgAGBQJA"..., 8192) = 1400
[pid 27073] read(6, "KCRDg\nF4e3wx3t2OBOAJ9KsTB6i3WUFT"..., 8192) = 1400
[pid 27073] read(6, "CK-----\n", 8192)  = 8
[pid 27073] write(1, "9vanVtQGhvdG1h\naWwuY29tPohGBBARA"..., 2963 <unfinished ...>
[pid 27072] <... read resumed> "9vanVtQGhvdG1h\naWwuY29tPohGBBARA"..., 8192) = 2963
[pid 27073] <... write resumed> )       = 2963
[pid 27072] time( <unfinished ...>
[pid 27073] munmap(0x40016000, 4096 <unfinished ...>
[pid 27072] <... time resumed> NULL)    = 1106517649
[pid 27073] <... munmap resumed> )      = 0
[pid 27072] time( <unfinished ...>
[pid 27073] exit_group(0)               = ?
Process 27073 detached

Because of the gpgkeys: HKP fetch error: eof you got I'd assume
 something is missing in the reads/writes.  

Can you please try:
strace -f gpg --keyserver pgp.mit.edu --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --keyserver-options verbose --refresh-key A6DC7152E0F65B76

And paste the output after the DNS lookups. Please leave out all the time lookups info trailing the process detachment.

Sorry I don't have a IPv6 network to test on. CCing ipv6 herd to see if anyone there can help (please)

Comment 7 M. McAdoo 2005-01-23 15:37:39 UTC

[pid 28215] connect(6, {sa_family=AF_INET, sin_port=htons(11371), sin_addr=inet_addr("18.7.14.139")}, 16) = -1 ENETUNREACH (Network is unreachable)
[pid 28215] close(6)                    = 0
[pid 28215] socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 6
[pid 28215] connect(6, {sa_family=AF_INET6, sin6_port=htons(11371), inet_pton(AF_INET6, "3ffe:abcd:1234:9876::1207:e8b", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
[pid 28215] write(6, "GET /pks/lookup?op=get&options=m"..., 87) = 87
[pid 28215] write(6, "\r\n", 2)         = 2
[pid 28215] shutdown(6, 1 /* send */)   = 0
[pid 28215] read(6, "", 8192)           = 0
[pid 28215] close(6)                    = 0
[pid 28215] write(2, "gpgkeys: HKP fetch error: eof\n", 30gpgkeys: HKP fetch error: eof
) = 30
[pid 28215] write(1, "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 134 <unfinished ...>
[pid 28214] <... read resumed> "VERSION 1\nPROGRAM 1.4.0\n\nKEY 0xD"..., 8192) = 134
[pid 28215] <... write resumed> )       = 134
[pid 28215] munmap(0xb7fe8000, 4096)    = 0
[pid 28215] exit_group(0)               = ?
Process 28215 detached

Comment 8 Daniel Black (RETIRED) gentoo-dev

2005-01-23 17:18:21 UTC

using something like ethereal or tcpdump - does the server actually send you  a response. Does the normal tcp handshaking occur?

Comment 9 Daniel Black (RETIRED) gentoo-dev

2005-01-23 20:12:37 UTC

another thought - do ipv6 keyservers exist? want to try one?

Comment 10 M. McAdoo 2005-01-24 20:55:46 UTC

Created attachment 49449 [details]
Ethereal capture of GnuPG transmission

It does look like there is a handshaking going on.  But when it comes to
showtime, nada.

As to whether there is IPv6 addressable keyservers, I have not been able to get
a strainght answer via web searches or prodding on IRC in the #gnupg channel.

The dump file will show that I am trying to communicate to subkeys.pgp.net, not
pgp.mit.edu.  When I mention that I was using that address, I was "glared" at.

Also, I notice that putting the resolved IPv6 address result in an error. 
Using the IPv4 address does not result in the error.  

gpg: refreshing 1 key from [3ffe:abcd:1234:9876::1207:e8b]
gpg: DBG: set_exec_path method 0: PATH=/usr/libexec/gnupg
gpg: DBG: execlp: gpgkeys_[3ffe
gpg: unable to execute program `gpgkeys_[3ffe': No such file or directory

gpg: refreshing 1 key from 18.7.14.139
gpg: DBG: set_exec_path method 0: PATH=/usr/libexec/gnupg
gpg: DBG: execlp: gpgkeys_hkp
gpg: DBG: iobuf-3.0: fdopen `[fd 7]'
gpg: DBG: iobuf-3.0: ioctl `file_filter(fd)' no_cache=1
gpg: DBG: iobuf-3.0: ioctl `file_filter(fd)' no_cache=1
gpg: requesting key 7A3220C7 from hkp server 18.7.14.139
gpg: DBG: iobuf-3.0: underflow: req=8192
Host:		18.7.14.139
Command:	GET

This would just show that currently, GnuPG is unable to direcly handle an IPv6
address from the commandline.  That though would probably be an upstream issue.

Comment 11 Daniel Black (RETIRED) gentoo-dev

2005-01-25 13:18:25 UTC

yep - sounds right - I'll post to gnupg-dev. You can follow at http://lists.gnupg.org/pipermail/gnupg-devel/2005-January/thread.html or subscribe to the list http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Comment 12 Daniel Black (RETIRED) gentoo-dev

2005-01-25 13:35:19 UTC

IPv6 server maybe http://www.earth.li/projectpurple/progs/onak.html

Comment 13 M. McAdoo 2005-01-26 20:16:42 UTC

Success!  But with stipulations.  First, the server has to have an IPv6 connection.  Second, only via HKP, not HTTP.

I used the keyserver.linux.it found in the GnuPG-devel list.  The other one, keyserver.stack.nl, did not work since it was only accessible over HTTP.  Both servers using HTTP resulted with error:

gpgkeys: key <long_hex_string> not found on keyserver
Process 581 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

So a workaround has been found.  But it could be curious to know why accessing a keyserver through 6to4 router fails.  My router follows the Gentoo IPv6 Router guide very closely, especially the 6to4 config and it's bogus prefix for totd and pTRTd.

The hardest part of this bug was finding a IPv6 accessible keyserver.

Thanks for the help.

Comment 14 Daniel Black (RETIRED) gentoo-dev

2005-01-26 23:06:53 UTC

great. Glad you found a work around. 

The execution of a program with part of a ipv6 address still needs to be addressed upstream.

As for IPv6inIPv4 hard to say wheither it's a server implementation issue. I haven't looked at the internals of hkp keyserving so it could be some IPv6 address passing there(?) passing there.