Bug #9233
Seahorse's configured keyservers are not the same as those in gpg.conf
100%
Description
config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
contains the following
[org/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']
In Tails itself, however, there are two keyservers configured in Seahorse
$ gsettings get org.gnome.crypto.pgp keyservers
['hkp://pool.sks-keyservers.net', 'ldap://keyserver.pgp.com']
(While testing my fixes for Bug #9095 it seemed that sometimes—but not always—a fair amount of time in the test is spent waiting for keyserver.pgp.com to resolve; at least that’s the domain referenced in the Seahorse status bar. Maybe it’s a red herring of sorts.)
Anyhow, $HOME/.gnupg/gpg.conf
is configured with hkps://hkps.pool.sks-keyservers.net
but of course Seahorse does not speak hkps
. Should it be restricted to just communicating with hkp://hkps.pool.sks-keyservers.net
? If so, how?
Subtasks
Related issues
Related to Tails - |
Resolved | 2015-05-04 | |
Blocks Tails - |
Resolved | 2015-05-05 |
History
#1 Updated by intrigeri 2015-04-15 14:06:06
> In Tails itself, however, there are two keyservers configured in Seahorse
Good catch! Reproduced both in Tails 1.3.2 and in current Tails/Jessie.
> Anyhow, $HOME/.gnupg/gpg.conf
is configured with
> hkps://hkps.pool.sks-keyservers.net
but of course Seahorse does not speak hkps
.
> Should it be restricted to just communicating with
> hkp://hkps.pool.sks-keyservers.net
? If so, how?
I don’t think it makes much sense to use a pool that’s specifically dedicated to hpks when we really want a hkp keyserver. So, I think that the value we want really is ['hkp://pool.sks-keyservers.net']
.
Note this command sets the correct value:
gsettings set org.gnome.crypto.pgp keyservers "['hkp://pool.sks-keyservers.net']"
… so I’ve no idea why setting it in /etc/dconf/db/local.d/00_Tails_defaults
doesn’t work. I suspect that some automatic migration between schemas isn’t happening when pre-seeding the dconf database as we’re doing.
Now, when I manually add a keyserver via the Seahorse interface, it appears in desktop/gnome/crypto/pgp/keyservers
instead of org/gnome/crypto/pgp/keyservers
, which may explain things. This is the case both on 1.3.2 and current Tails/Jessie.
So I think we should try the following patch:
--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -18,7 +18,7 @@ ypos=27
item-filter=''
sidebar-visible=true
-[org/gnome/crypto/pgp]
+[desktop/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']
[org/gnome/desktop/session]
Kill Your TV, want to take it?
#2 Updated by intrigeri 2015-04-15 14:07:09
- Status changed from New to In Progress
- Assignee set to kytv
- % Done changed from 0 to 10
#3 Updated by kytv 2015-04-15 21:51:14
- Assignee deleted (
kytv) - % Done changed from 10 to 0
intrigeri wrote:
> […]
>
> Kill Your TV, want to take it?
Absolutely.
This does set the value properly. Perhaps this was the root cause of Bug #9095. I’m testing this change along with my Bug #9095 updates and I haven’t seen the “greyed out window problem” yet. Still, what I’ll propose for Bug #9095 should improve things anyway.
#4 Updated by kytv 2015-04-15 21:51:58
- Assignee set to kytv
- Target version set to Tails_1.4
- % Done changed from 0 to 30
- QA Check set to Dev Needed
#5 Updated by kytv 2015-04-15 21:52:28
- blocks
Bug #9095: Seahorse tests lack robustness added
#6 Updated by kytv 2015-04-16 18:07:03
- Assignee deleted (
kytv) - % Done changed from 30 to 40
- QA Check changed from Dev Needed to Ready for QA
- Feature Branch set to kytv:bugfix/9233-seahorse
#7 Updated by kytv 2015-04-16 19:41:52
- Target version changed from Tails_1.4 to Tails_1.3.2
If there will be a 1.3.3 it would be nice to get this in.
I just rebased this on stable
. If it’s decided it’d be better for 1.4 that’s fine too.
#8 Updated by kytv 2015-04-16 19:43:06
- Target version changed from Tails_1.3.2 to Tails_1.4
#9 Updated by kytv 2015-04-20 14:29:59
Applied in changeset commit:0708d921cc3041a5e26878e3e85776617ca13d03.
#10 Updated by anonym 2015-04-20 14:29:59
- Status changed from In Progress to Fix committed
- % Done changed from 40 to 100
Applied in changeset commit:55c8fee1edf6c347d04ccccb3b52db8f85dfe678.
#11 Updated by anonym 2015-04-20 14:30:40
- QA Check changed from Ready for QA to Pass
#12 Updated by kytv 2015-05-04 11:17:01
- related to
Feature #9339: Test that Seahorse is configured to use the correct keyserver added
#13 Updated by BitingBird 2015-05-12 18:38:08
- Status changed from Fix committed to Resolved