works, no KIO error. Gpg4win-4.1.1-beta317
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
May 9 2023
May 3 2023
Starting to understand KIO architecture a bit better. We can easily add more protocols if we want to. For now I have just added the file plugin. I tested with moving.
Apr 28 2023
The code for the file Job etc. is definetly in there. I think it somehow tries to intospect supported protocols maybe even through dbus and this fails then. My current expectation is that we need to identify where this happens and then to hardcode some supported jobs / workers etc.
Yes most definetly I am looking it at next
Setting priority to high because this should be fixed before the next release.
Apr 24 2023
Apr 13 2023
Fixed by rGfcbb849c26e9: speedo: Fix regression due to switching from gcc 8.3 to 10.2 for zlib build.
Apr 5 2023
Problem 2 comes from the fact, that gpg4win packages gpg 2.4.0, but the new archive code needs gpg 2.4.1.
Feb 28 2023
A finding has been that the icon theme switch is not detected at runtime. It would be nice if we could add this, especially if customers explicitly test the support for high contrast modes.
Feb 22 2023
works if you use a valid IP address
Feb 1 2023
@MathiasMagnus This change is to support Win32-OpenSSH by gpg-agent emulation of ssh-agent; You can use gpg-agent emulation of ssh-agent when you use Win32-OpenSSH. That is, you can use GPG auth subkey for Win32-OpenSSH.
Jan 31 2023
@gniibe Am I misunderstanding something? I thought that with this change one is able to connect from a Windows box to a Linux box and have GPG agent forwarding work. I am still hitting pretty much the same issue described here: https://github.com/PowerShell/Win32-OpenSSH/issues/1564
On my Windows endpoint I'm running gpg.exe version 2.4.0.49237 and in C:\Users\mate\AppData\Roaming\gnupg\gpg-agent.conf I have a single line enable-win32-openssh-support. Running gpg-connect-agent.exe reloadagent /bye I have a gpg-agent running. Get-Process gpg-agent shows that it's running. In my Windows env I have SSH_AUTH_SOCK set to \\.\pipe\openssh-ssh-agent and my Linux endpoint is configured in SSH config with
ForwardAgent yes AddKeysToAgent yes RemoteForward /run/user/1015/gnupg/S.gpg-agent C\:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra
As the remote end reports /run/user/1015/gnupg/S.gpg-agent that socket for agent-socket when issuing gpgconf --list-dirs and my local gpgconfg.exe --list-dirs reports C%3a\Users\mate\AppData\Local\gnupg\S.gpg-agent.extra where I transform %3a to \: manually. SSH authentication works perfectly, when connecting pinentry-qt pops up to unlock my key and when connecting to yet another machine, my SSH agent is forwarded again. However, gpg fails to use my agent. Issuing gpg --list-secret-keys --verbose prints the following to the console:
gpg --list-secret-keys --verbose gpg: using pgp trust model getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: no running gpg-agent - starting '/usr/bin/gpg-agent' getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: waiting for the agent to come up ... (5s) getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. getsockopt SO_ERROR failed connect_to C:/Users/mate/AppData/Local/gnupg/S.gpg-agent.extra port -2: failed. gpg: waiting for the agent to come up ... (4s) gpg: waiting for the agent to come up ... (3s) gpg: waiting for the agent to come up ... (2s) gpg: waiting for the agent to come up ... (1s) gpg: can't connect to the agent: End of file
What is missing to tie the knot on both ends without having to resort to 3rd party tools like @rupor-github 's agent-gui? The remote gpg version is 2.2.19, is that the issue? Must that also be 2.3.9+?
Jan 19 2023
Jan 11 2023
Putting up for grabs and removing Kleopatra tag since for Kleopatra users this has been fixed (unless they manage to trigger multiple separate concurrent imports in Kleopatra).
Dec 23 2022
@ikloecker You are right, I only thought of public key import. Then lets serialize this. Might even make for a nicer Progressbar if we count the outstanding files.
Dec 22 2022
In T4505#166463, @aheinecke wrote:I have an Idea. Can't we read all data into memory in Kleopatra (for Certificates this should be ok) and then give this to GPGME as a single data object. So that only one process imports multiple files?
In T4505#166390, @ikloecker wrote:I really don't want to bypass gpgme and then parse the import results and all other status output of gpgsm ourselves. I'll go for Andre's suggestion and serialize imports of multiple files.
Thanks all. It is a bug in Win32 OpenSSH. https://github.com/PowerShell/Win32-OpenSSH/issues/1953 it is already fixed. I think the issue will be resolved after the update is shipped. I could use ssh -T git@github.com as a workaround.
Well, not our bug... it's a kind of support question and answer:
This might help: https://stackoverflow.com/questions/3844393/what-to-do-about-pty-allocation-request-failed-on-channel-0
Dec 21 2022
I really don't want to bypass gpgme and then parse the import results and all other status output of gpgsm ourselves. I'll go for Andre's suggestion and serialize imports of multiple files.
This does not look like a problem in GnuPG/gpg4win because gnupg implements the ssh-agent protocol and not the ssh server or client functionality. ssh tells sshd whether it shall allocate a PTY (Pseudo TTY). I don't use ssh with github but it is likely that you may only run commands (which don't require a PTY). Usually you would invoke a "git" command cia ssh.
I meant bypass the gpgme engine and call gpgsm directly. Maybe using gpgme's spawn engine. But I am not sure whether this is really a good idea. If we can find a way to pass multiple filenames to gpgsm --server that would be better. But requires updates to gpgsm.
Authentication succeed if I pressed enter after:PTY allocation request failed on channel 0
I try WinGPG 4.1.0, and I receive an error:
ssh git@github.com
PTY allocation request failed on channel 0
@werner Do I understand correctly that by "It might be easier to bypass the gpgsm and run gpgsm directly" you mean using gpgsm in server mode? Or what do you mean with "bypass gpgsm and run gpgsm" (which seems contradictory).
Dec 20 2022
With 100 concurrently running gpgsm processes they all try to get the lock for the keyring. And they need to do this several times and often also for the same certificate (fetched from an external resource to complete the chain). Not good. It might be easier to bypass the gpgsm and run gpgsm directly instead of adding a feature to gpgsm to directly import from many files.
Sure, we could do this. Shouldn't make the ImportCertificatesCommand much more complex than it already is.
Reopening this as there still seem to be ways to run into a deadlock as was reported in RT#13361. While I still think this points to some issue in gpgsm, when Testing this I found the behavior of Kleopatra to be wrong.
Dec 16 2022
@raysatiro: Please re-open if you are able to give us a reproducer
Dec 6 2022
Not so fun fact: If you enter tcp://1.2.3.4:10001 (literally) as value for gpg-agent's log file, then on save gpgconf calls
gpg-connect-agent --homedir /home/ingo/dev/g10/.gnupghomes/utf16 --no-autostart RELOADAGENT
which hangs (probably trying to connect to the not existing IP address or to the blocked port). This also makes Kleopatra hang.
Dec 5 2022
Windows accepts forward slashes in all API calls. Users are sometimes confused by this but this is a documented feature for ages in the API.
But what about real Windows filenames?
The log file is intended to be an URL. Thus forward slash is fine.
Support for multiple smart cards has been vastly improved in the last few years. I will tentatively close this as resolved because it's very likely that the problems have been resolved.
Looks like Kleopatra is writing the filename with the system's preferred directory separator. If GnuPG on Windows works if filenames are written with Unix directory separators, e.g. c:/foo/bla or //server/foo/bla, to the config files, then we can certainly change this in Kleopatra.
Nov 7 2022
Nov 4 2022
Merged PIPE connection part into master.
I updated *.m4 scripts in gogol:
Nov 2 2022
For *.m4 scripts, I pushed changes to prefer gpgrt-config with *.pc files than *-config scripts (T5034).
Before the change, it was not coherent; gpgrt-config gpg-error is preferred to gpg-error-config (if available), but libassuan-config was used if available.
After the change, gpgrt-config is used to configure gpg-error and libassuan, etc.
Oct 28 2022
Will go into 2.3.9 and gpg4win 4.0.5
Is this still an issue or is the new gpgconf -X feature sufficient to detect this case?
Oct 27 2022
There is a utility named kbxutil which can be sued to dump the pubring.kbx file without any post-processing by gpg. I would check whether there are any other keys after the VideoLAN key. iirc, kbxutil ist not commonly installed; you may need to build the software yourself or copy the pubring.kbx to Linux and check it here.
Oct 26 2022
@aheinecke Please show me how you configure your libassuan-master (and the output which detects host's gpg-error-config erroneously).
Oct 25 2022
I have pushed the patch, but still it did not work for me properly over everything and I had to add --enable-install-gpg-error-config to libgpg-error. This was because of at least the 64 bit build of libassuan-master it picked up gpg-error-config from my host system. I then tried to add --with-gpg-error-prefix to the assuan call but that failed because it only looked for gpg-error-config in this prefix and not for any gpgrt-config and failed immediately with a command not found error.
Oct 19 2022
Oct 18 2022
Cool, I will try it out ASAP. You must have read my mind. Only yesterday evening I ran into problems because the current code in src/Makefile.am to symlink the static libs did not work on my new dev system with a lib64 layout and thought that I needed just a patch like this to fix it properly.
Ah, sorry, I did my own changes before looking T6244#164317
Pushed the changes to 2.2 and master.
Thank you for your report. The issue is handling of static linking in GnuPG.
Oct 14 2022
Pushed to master.
By 1/N...5/N, it works. And it shows the API needs clarification and possible modification/fixes; As written in the comment of system-w32.c, fd == POSIX fd semantics is good, which asks API/ABI break.
Oct 12 2022
Oct 7 2022
Sep 22 2022
Yes I do understand Windows XP is not supported. Just in case it is a minor problem that is easy to fix and will not cost you much effort. I'd like to add more information: I do not change
%LOCALAPPDATA%. There is no such environment variable. A similar environment variable is:
APPDATA=C:\Documents and Settings\myname\Application Data
I do set GNUPGHOME=E:\key, which I think should be allowed because I do not want my personal info be stored in system drive.
Sep 21 2022
This is a support question and not a bug. You should ask such questions on the channels for Gpg4win, which does the Community support for GnuPG on Windows: https://www.gpg4win.org/community.html
Sep 20 2022
No, it does not matter.
Sep 19 2022
I hacked configure.ac of gnupg to force it build with libgpg-error 1.45, and OpenSSH works with the created pipe. Maybe the libgpg-error fix is only necessary in some certain circumstances?
E:\key>gpgconf --list-dirs sysconfdir:C%3a\Documents and Settings\All Users\Application Data\GNU\etc\gnupg bindir:C%3a\Program Files\gnupg\bin libexecdir:C%3a\Program Files\gnupg\bin libdir:C%3a\Program Files\gnupg\lib\gnupg datadir:C%3a\Program Files\gnupg\share\gnupg localedir:C%3a\Program Files\gnupg\share\locale socketdir:E%3a\key dirmngr-socket:E%3a\key\S.dirmngr agent-ssh-socket:E%3a\key\S.gpg-agent.ssh agent-extra-socket:E%3a\key\S.gpg-agent.extra agent-browser-socket:E%3a\key\S.gpg-agent.browser agent-socket:E%3a\key\S.gpg-agent homedir:E%3a\key
The "sysconfdir" "C:\Documents and Settings\All Users\Application Data\GNU" does not exist actually. Does it matter?
Sep 16 2022
Sep 7 2022
It's not yet pushed, because it requires new release of libgpg-error (for T6112: libgpg-error,w32: bidirectional Pipe support for estream).
Sep 6 2022
I was looking for this when writing the update NEWS for the latest release and noticed that this has not been pushed yet. I really think that it would be nice to have that. Especially for Smartcard use cases.
Sep 5 2022
Sep 2 2022
Can you please give a more detailed example with regedit files to demonstrate that?
Sep 1 2022
Thank you for reporting, and sorry for late handling of this report.
Aug 25 2022
@dkg: Thanks for the detailed description of the problem.
Thank you @dkg for the analysis. Unfortunately, the certificate cache is hashed by SHA-1 FPR, so, I think that it is a bit difficult to implement moving certs "front" / "back".
Fixed in 1.2.1.
Thanks for the followup about R3, @mpilgrem! Looking at your logs in more details, and the source code for find_cert_bysubject in dirmngr/certcache.c, i think i see what the issue is. It's slightly more subtle than not terminating early if a known trusted root can validate a truncated chain.
Aug 24 2022
@mpilgrem, i'm glad that removing the DST Root CA X3 from your windows control panel worked for you, but it still doesn't seem to be a reasonable fix from a GnuPG user perspective
Doing the same thing on my second PC, I can be more precise:
I'll reopen this ticket here, since the underlying issue is not quite resolved yet as @dkg helpfully outlined above.
Thank you dkg. I am new to 'certificates' generally - and a little knowledge is a dangerous thing - but this is what I did:
Aug 23 2022
@mpilgrem: in the meantime, for connecting to keys.openpgp.org, which *has* cleaned up its certificate chain, you might also want to try killing your dirmngr process, and/or cleaning up the data in .gnupg/dirmngr-cache.d/.
Basically, the website in question (e.g. https://openpgpkey.gnupg.org/, which exhibits this problem) serves up three certificates:
I have had some problems detecting dark mode on Windows. Qt has a command line switch darkmode=1 or darkmode=2 for the windows platform theme. Which does not help. It also checks in QWindowsTheme for dark mode in the following code:
Aug 22 2022
In that case, it's a bug in gnupg and there's nothing I can further do from my side 🤷
Thank you Valodim. I am new to GnuPG etc, so not sure if I should be doing something at my end. At the moment, whatever you have changed does not seem to have affected my experience. This is my current log for the same failed commands as above:
2022-08-22 21:31:19 dirmngr[1152] listening on socket 'C:\\Users\\mike\\AppData\\Local\\gnupg\\S.dirmngr' 2022-08-22 21:31:19 dirmngr[1152] DBG: number of certs loaded from store 'ROOT': 70 2022-08-22 21:31:19 dirmngr[1152] DBG: certificate 'CA' already cached 2022-08-22 21:31:19 dirmngr[1152] DBG: number of certs loaded from store 'CA': 151 2022-08-22 21:31:19 dirmngr[1152] permanently loaded certificates: 221 2022-08-22 21:31:19 dirmngr[1152] runtime cached certificates: 0 2022-08-22 21:31:19 dirmngr[1152] trusted certificates: 221 (221,0,0,0) 2022-08-22 21:31:19 dirmngr[1152] handler for fd 704 started 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> # Home: C:\Users\mike\AppData\Roaming\gnupg 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> # Config: C:/Users/mike/AppData/Roaming/gnupg/dirmngr.conf 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> OK Dirmngr 2.3.7 at your service 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 <- GETINFO version 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> D 2.3.7 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> OK 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 <- KEYSERVER --clear hkps://keys.openpgp.org 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 -> OK 2022-08-22 21:31:19 dirmngr[1152] DBG: chan_0x000002c0 <- KS_SEARCH -- 575159689BEFB442 2022-08-22 21:31:19 dirmngr[1152] DBG: dns: dnsserver[0] '192.168.1.254' 2022-08-22 21:31:19 dirmngr[1152] DBG: dns: libdns initialized 2022-08-22 21:31:20 dirmngr[1152] DBG: dns: getsrv(_pgpkey-https._tcp.keys.openpgp.org) -> 0 records 2022-08-22 21:31:20 dirmngr[1152] DBG: dns: resolve_dns_name(keys.openpgp.org): Success 2022-08-22 21:31:20 dirmngr[1152] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known] 2022-08-22 21:31:20 dirmngr[1152] resolve_dns_addr for 'keys.openpgp.org': 'keys.openpgp.org' [already known] 2022-08-22 21:31:20 dirmngr[1152] DBG: Using TLS library: NTBTLS 0.3.1 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 23 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: fe80::dc27:6f:dcb5:531e%4 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 23 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: 2a00:23c7:c181:f01:246b:c705:4a54:3265 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 23 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: 2a00:23c7:c181:f01:dc27:6f:dcb5:531e 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 23 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: fe80::9055:5c7f:95b9:e13d%47 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 2 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: 192.168.1.101 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: family: 2 2022-08-22 21:31:20 dirmngr[1152] DBG: check_inet_support: addr: 172.22.176.1 2022-08-22 21:31:20 dirmngr[1152] DBG: http.c:connect_server: trying name='keys.openpgp.org' port=443 2022-08-22 21:31:20 dirmngr[1152] DBG: dns: resolve_dns_name(keys.openpgp.org): Success 2022-08-22 21:31:21 dirmngr[1152] DBG: http.c:1951:socket_new: object 0x036a2810 for fd 1020 created 2022-08-22 21:31:21 dirmngr[1152] certificate already cached 2022-08-22 21:31:21 dirmngr[1152] DBG: BEGIN Certificate 'subject': 2022-08-22 21:31:21 dirmngr[1152] DBG: serial: 0431B075AFEFF12EBDD26C62BECFF6F47A91 2022-08-22 21:31:21 dirmngr[1152] DBG: notBefore: 2022-08-22 14:26:24 2022-08-22 21:31:21 dirmngr[1152] DBG: notAfter: 2022-11-20 14:26:23 2022-08-22 21:31:21 dirmngr[1152] DBG: issuer: CN=R3,O=Let's Encrypt,C=US 2022-08-22 21:31:21 dirmngr[1152] DBG: subject: CN=keys.openpgp.org 2022-08-22 21:31:21 dirmngr[1152] DBG: aka: (8:dns-name16:keys.openpgp.org) 2022-08-22 21:31:21 dirmngr[1152] DBG: hash algo: 1.2.840.113549.1.1.11 2022-08-22 21:31:21 dirmngr[1152] DBG: SHA1 fingerprint: 8647D98EE3F7ADF2BB151AEAAF462BA2BDAFCDA4 2022-08-22 21:31:21 dirmngr[1152] DBG: END Certificate 2022-08-22 21:31:21 dirmngr[1152] Note: non-critical certificate policy not allowed 2022-08-22 21:31:21 dirmngr[1152] DBG: find_cert_bysubject: certificate found in the cache by subject DN 2022-08-22 21:31:21 dirmngr[1152] DBG: got issuer's certificate: 2022-08-22 21:31:21 dirmngr[1152] DBG: BEGIN Certificate 'issuer': 2022-08-22 21:31:21 dirmngr[1152] DBG: serial: 400175048314A4C8218C84A90C16CDDF 2022-08-22 21:31:21 dirmngr[1152] DBG: notBefore: 2020-10-07 19:21:40 2022-08-22 21:31:21 dirmngr[1152] DBG: notAfter: 2021-09-29 19:21:40 2022-08-22 21:31:21 dirmngr[1152] DBG: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-08-22 21:31:21 dirmngr[1152] DBG: subject: CN=R3,O=Let's Encrypt,C=US 2022-08-22 21:31:21 dirmngr[1152] DBG: hash algo: 1.2.840.113549.1.1.11 2022-08-22 21:31:21 dirmngr[1152] DBG: SHA1 fingerprint: 48504E974C0DAC5B5CD476C8202274B24C8C7172 2022-08-22 21:31:21 dirmngr[1152] DBG: END Certificate 2022-08-22 21:31:21 dirmngr[1152] DBG: sigval: (sig-val 2022-08-22 21:31:21 dirmngr[1152] DBG: (rsa 2022-08-22 21:31:21 dirmngr[1152] DBG: (s #33074E9B2D6823CFFEBF5744AAD2A132B42ED88ACFEE01AF908D51F04D582E5EE29126D705F0BA2734504EF143B8FFFEE9BBA6DBDDAE010450A3B0AA42CAEED9ADBC3AC22B45E4FEEC6E49AAABF4C557BE8D9833F4815AC8080F3ADADAE654BBBA5328DBB7FFC1EB5EAE166076884BF57B4F052B155843EF17236529CE9D702D6E4FE8DFDC69BD713758140457EE85C8E8D07F48EFC8F3E256518527D02F177356AF10DB5B23BEC31D10208733FFA48667C887E42F7EE03466CFEFD0E068403C5A539CA041CB062571AE38827DDEE24E6EBC376D3C59DCF3E594B516398AE9C35CFE816FA4CFAE2A240FDAF21BF298B68501A967A6AE967017534FC40406E33B#) 2022-08-22 21:31:21 dirmngr[1152] DBG: ) 2022-08-22 21:31:21 dirmngr[1152] DBG: (hash sha256)) 2022-08-22 21:31:21 dirmngr[1152] DBG: PKCS#1 block type 1 encoded data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d0609608648016503040201050004207d \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 20adb93aafb8ffddebf14f6bf2430074c4967b9f55a80f31a62556bf74ac98 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d0609608648016503040201050004207d \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 20adb93aafb8ffddebf14f6bf2430074c4967b9f55a80f31a62556bf74ac98 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify sig:+33074e9b2d6823cffebf5744aad2a132b42ed88acfee01af908d51f04d582e5e \ 2022-08-22 21:31:21 dirmngr[1152] DBG: e29126d705f0ba2734504ef143b8fffee9bba6dbddae010450a3b0aa42caeed9 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: adbc3ac22b45e4feec6e49aaabf4c557be8d9833f4815ac8080f3adadae654bb \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ba5328dbb7ffc1eb5eae166076884bf57b4f052b155843ef17236529ce9d702d \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 6e4fe8dfdc69bd713758140457ee85c8e8d07f48efc8f3e256518527d02f1773 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 56af10db5b23bec31d10208733ffa48667c887e42f7ee03466cfefd0e068403c \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 5a539ca041cb062571ae38827ddee24e6ebc376d3c59dcf3e594b516398ae9c3 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 5cfe816fa4cfae2a240fdaf21bf298b68501a967a6ae967017534fc40406e33b 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify n:+bb021528ccf6a094d30f12ec8d5592c3f882f199a67a4288a75d26aab52bb9c5 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 4cb1af8e6bf975c8a3d70f4794145535578c9ea8a23919f5823c42a94e6ef53b \ 2022-08-22 21:31:21 dirmngr[1152] DBG: c32edb8dc0b05cf35938e7edcf69f05a0b1bbec094242587fa3771b313e71cac \ 2022-08-22 21:31:21 dirmngr[1152] DBG: e19befdbe43b45524596a9c153ce34c852eeb5aeed8fde6070e2a554abb66d0e \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 97a540346b2bd3bc66eb66347cfa6b8b8f572999f830175dba726ffb81c5add2 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 86583d17c7e709bbf12bf786dcc1da715dd446e3ccad25c188bc60677566b3f1 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 18f7a25ce653ff3a88b647a5ff1318ea9809773f9d53f9cf01e5f5a6701714af \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 63a4ff99b3939ddc53a706fe48851da169ae2575bb13cc5203f5ed51a18bdb15 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify e:+010001 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d0609608648016503040201050004207d \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 20adb93aafb8ffddebf14f6bf2430074c4967b9f55a80f31a62556bf74ac98 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify => Good 2022-08-22 21:31:21 dirmngr[1152] DBG: gcry_pk_verify: Success 2022-08-22 21:31:21 dirmngr[1152] certificate is good 2022-08-22 21:31:21 dirmngr[1152] certificate has expired 2022-08-22 21:31:21 dirmngr[1152] (expired at 2021-09-29 19:21:40) 2022-08-22 21:31:21 dirmngr[1152] Note: non-critical certificate policy not allowed 2022-08-22 21:31:21 dirmngr[1152] DBG: find_cert_bysubject: certificate found in the cache by subject DN 2022-08-22 21:31:21 dirmngr[1152] DBG: got issuer's certificate: 2022-08-22 21:31:21 dirmngr[1152] DBG: BEGIN Certificate 'issuer': 2022-08-22 21:31:21 dirmngr[1152] DBG: serial: 44AFB080D6A327BA893039862EF8406B 2022-08-22 21:31:21 dirmngr[1152] DBG: notBefore: 2000-09-30 21:12:19 2022-08-22 21:31:21 dirmngr[1152] DBG: notAfter: 2021-09-30 14:01:15 2022-08-22 21:31:21 dirmngr[1152] DBG: issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-08-22 21:31:21 dirmngr[1152] DBG: subject: CN=DST Root CA X3,O=Digital Signature Trust Co. 2022-08-22 21:31:21 dirmngr[1152] DBG: hash algo: 1.2.840.113549.1.1.5 2022-08-22 21:31:21 dirmngr[1152] DBG: SHA1 fingerprint: DAC9024F54D8F6DF94935FB1732638CA6AD77C13 2022-08-22 21:31:21 dirmngr[1152] DBG: END Certificate 2022-08-22 21:31:21 dirmngr[1152] DBG: sigval: (sig-val 2022-08-22 21:31:21 dirmngr[1152] DBG: (rsa 2022-08-22 21:31:21 dirmngr[1152] DBG: (s #D94CE0C9F584883731DBBB13E2B3FC8B6B62126C58B7497E3C02B7A81F2861EBCEE02E73EF49077A35841F1DAD68F0D8FE56812F6D7F58A66E3536101C73C3E5BD6D5E01D76E72FB2AA0B8D35764E55BC269D4D0B2F77C4BC3178E887273DCFDFC6DBDE3C90B8E613A16587D74362B55803DC763BE8443C639A10E6B579E3F29C180F6B2BD47CBAA306CB732E159540B1809175E636CFB96673C1C730C938BC611762486DE400707E47D2D66B525A39658C8EA80EECF693B96FCE68DC033F389F8292D14142D7EF06170955DF70BE5C0FB24FAEC8ECB61C8EE637128A82C053B77EF9B5E0364F051D1E485535CB00297D47EC634D2CE1000E4B1DF3AC2EA17BE#) 2022-08-22 21:31:21 dirmngr[1152] DBG: ) 2022-08-22 21:31:21 dirmngr[1152] DBG: (hash sha256)) 2022-08-22 21:31:21 dirmngr[1152] DBG: PKCS#1 block type 1 encoded data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d06096086480165030402010500042032 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 86ff65a65faf32085eea1388c3738ba7e37873c906cce3c4a28b4cc2a58988 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d06096086480165030402010500042032 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 86ff65a65faf32085eea1388c3738ba7e37873c906cce3c4a28b4cc2a58988 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify sig:+d94ce0c9f584883731dbbb13e2b3fc8b6b62126c58b7497e3c02b7a81f2861eb \ 2022-08-22 21:31:21 dirmngr[1152] DBG: cee02e73ef49077a35841f1dad68f0d8fe56812f6d7f58a66e3536101c73c3e5 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: bd6d5e01d76e72fb2aa0b8d35764e55bc269d4d0b2f77c4bc3178e887273dcfd \ 2022-08-22 21:31:21 dirmngr[1152] DBG: fc6dbde3c90b8e613a16587d74362b55803dc763be8443c639a10e6b579e3f29 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: c180f6b2bd47cbaa306cb732e159540b1809175e636cfb96673c1c730c938bc6 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 11762486de400707e47d2d66b525a39658c8ea80eecf693b96fce68dc033f389 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: f8292d14142d7ef06170955df70be5c0fb24faec8ecb61c8ee637128a82c053b \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 77ef9b5e0364f051d1e485535cb00297d47ec634d2ce1000e4b1df3ac2ea17be 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify n:+dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c11814 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 8be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8c \ 2022-08-22 21:31:21 dirmngr[1152] DBG: e5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify e:+010001 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \ 2022-08-22 21:31:21 dirmngr[1152] DBG: ffffffffffffffffffffff003031300d06096086480165030402010500042032 \ 2022-08-22 21:31:21 dirmngr[1152] DBG: 86ff65a65faf32085eea1388c3738ba7e37873c906cce3c4a28b4cc2a58988 2022-08-22 21:31:21 dirmngr[1152] DBG: rsa_verify => Good 2022-08-22 21:31:21 dirmngr[1152] DBG: gcry_pk_verify: Success 2022-08-22 21:31:21 dirmngr[1152] certificate is good 2022-08-22 21:31:21 dirmngr[1152] certificate has expired 2022-08-22 21:31:21 dirmngr[1152] (expired at 2021-09-30 14:01:15) 2022-08-22 21:31:21 dirmngr[1152] root certificate is good and trusted 2022-08-22 21:31:21 dirmngr[1152] target certificate is NOT valid 2022-08-22 21:31:21 dirmngr[1152] TLS handshake failed: Certificate expired <Dirmngr> 2022-08-22 21:31:21 dirmngr[1152] error connecting to 'https://keys.openpgp.org:443': Certificate expired 2022-08-22 21:31:21 dirmngr[1152] command 'KS_SEARCH' failed: Certificate expired 2022-08-22 21:31:21 dirmngr[1152] DBG: chan_0x000002c0 -> ERR 167772261 Certificate expired <Dirmngr> 2022-08-22 21:31:21 dirmngr[1152] DBG: chan_0x000002c0 <- BYE 2022-08-22 21:31:21 dirmngr[1152] DBG: chan_0x000002c0 -> OK closing connection 2022-08-22 21:31:21 dirmngr[1152] handler for fd 704 terminated
Actually, there's plenty more locations where unistd.h is included unconditionally, all of which should likely embrace in guards like this.