Page MenuHome GnuPG
Create Task
Maniphest T4711

Misleading error messages and debug logs for DNS failures while fetching via WKD
Closed, ResolvedPublic
Actions

Description

$ gpg --locate-key release@gentoo.org
gpg: error retrieving 'release@gentoo.org' via WKD: Server indicated a failure
gpg: error reading key: Server indicated a failure

So I've enabled the debug-level guru for dirmngr. However, it didn't produce anything useful:

2019-09-26 13:55:32 dirmngr[1137.6] handler for fd 6 started
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 -> # Home: /tmp/1
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 -> # Config: /tmp/1/dirmngr.conf
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 -> OK Dirmngr 2.2.17 at your service
2019-09-26 13:55:32 dirmngr[1137.6] connection from process 1134 (1000:1000)
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 <- GETINFO version
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 -> D 2.2.17
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 -> OK
2019-09-26 13:55:32 dirmngr[1137.6] DBG: chan_6 <- WKD_GET -- release@gentoo.org
2019-09-26 13:56:02 dirmngr[1137.6] command 'WKD_GET' failed: Server indicated a failure <Unspecified source>
2019-09-26 13:56:02 dirmngr[1137.6] DBG: chan_6 -> ERR 219 Server indicated a failure <Unspecified source>
2019-09-26 13:56:02 dirmngr[1137.6] DBG: chan_6 <- BYE
2019-09-26 13:56:02 dirmngr[1137.6] DBG: chan_6 -> OK closing connection
2019-09-26 13:56:02 dirmngr[1137.6] handler for fd 6 terminated

Finally, via strace I've been able to figure out that DNS is timing out:

[pid  8076] connect(7, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.53")}, 16) = 0
[pid  8076] sendto(7, "\331^\1\0\0\1\0\0\0\0\0\1\v_openpgpkey\4_tcp\6ge"..., 56, 0, NULL, 0) = 56
[pid  8076] recvfrom(7, 0x7f3d1000877c, 4096, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  8076] select(8, [7], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
[pid  8076] recvfrom(7, 0x7f3d1000877c, 4096, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  8076] select(8, [7], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
[pid  8076] recvfrom(7, 0x7f3d1000877c, 4096, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  8076] select(8, [7], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
[pid  8076] recvfrom(7, 0x7f3d1000877c, 4096, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  8076] select(8, [7], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
[pid  8076] recvfrom(7, 0x7f3d1000877c, 4096, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable)
[pid  8076] select(8, [7], [], NULL, {tv_sec=1, tv_usec=0}) = 0 (Timeout)
[pid  8076] close(7)                    = 0

It would be really nice if the error messages (or at least the detailed debug log) mentioned name resolution somewhere, so that I wouldn't waste my time trying to figure out what's wrong with the HTTP server.

This is GnuPG 2.2.17 on Gentoo.

Details

Version
2.2.17

Event Timeline

mgorny created this task.Sep 26 2019, 2:12 PM
werner closed this task as Resolved.Sep 27 2019, 10:52 AM
werner claimed this task.
werner edited projects, added FAQ; removed Bug Report.
werner added a subscriber: werner.

Do not use this legacy debug stuff. Use --debug CATEGORY. For example

--debug dns,network

to enable two categories. catgory "help" prints all categories - they may be different depending on the tool.