Bug #9233

Seahorse's configured keyservers are not the same as those in gpg.conf

Added by kytv 2015-04-14 21:43:59 . Updated 2015-05-12 18:38:08 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2015-04-14
Due date:
% Done:

100%

Feature Branch:
kytv:bugfix/9233-seahorse
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults contains the following

[org/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']

In Tails itself, however, there are two keyservers configured in Seahorse

$ gsettings get org.gnome.crypto.pgp keyservers 
['hkp://pool.sks-keyservers.net', 'ldap://keyserver.pgp.com']

(While testing my fixes for Bug #9095 it seemed that sometimes—but not always—a fair amount of time in the test is spent waiting for keyserver.pgp.com to resolve; at least that’s the domain referenced in the Seahorse status bar. Maybe it’s a red herring of sorts.)

Anyhow, $HOME/.gnupg/gpg.conf is configured with hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps. Should it be restricted to just communicating with hkp://hkps.pool.sks-keyservers.net? If so, how?


Subtasks


Related issues

Related to Tails - Feature #9339: Test that Seahorse is configured to use the correct keyserver Resolved 2015-05-04
Blocks Tails - Bug #9095: Seahorse tests lack robustness Resolved 2015-05-05

History

#1 Updated by intrigeri 2015-04-15 14:06:06

> In Tails itself, however, there are two keyservers configured in Seahorse

Good catch! Reproduced both in Tails 1.3.2 and in current Tails/Jessie.

> Anyhow, $HOME/.gnupg/gpg.conf is configured with
> hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps.
> Should it be restricted to just communicating with
> hkp://hkps.pool.sks-keyservers.net? If so, how?

I don’t think it makes much sense to use a pool that’s specifically dedicated to hpks when we really want a hkp keyserver. So, I think that the value we want really is ['hkp://pool.sks-keyservers.net'].

Note this command sets the correct value:

gsettings set org.gnome.crypto.pgp keyservers "['hkp://pool.sks-keyservers.net']"

… so I’ve no idea why setting it in /etc/dconf/db/local.d/00_Tails_defaults doesn’t work. I suspect that some automatic migration between schemas isn’t happening when pre-seeding the dconf database as we’re doing.

Now, when I manually add a keyserver via the Seahorse interface, it appears in desktop/gnome/crypto/pgp/keyservers instead of org/gnome/crypto/pgp/keyservers, which may explain things. This is the case both on 1.3.2 and current Tails/Jessie.

So I think we should try the following patch:

--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -18,7 +18,7 @@ ypos=27
 item-filter=''
 sidebar-visible=true

-[org/gnome/crypto/pgp]
+[desktop/gnome/crypto/pgp]
 keyservers = ['hkp://pool.sks-keyservers.net']

 [org/gnome/desktop/session]

Kill Your TV, want to take it?

#2 Updated by intrigeri 2015-04-15 14:07:09

  • Status changed from New to In Progress
  • Assignee set to kytv
  • % Done changed from 0 to 10

#3 Updated by kytv 2015-04-15 21:51:14

  • Assignee deleted (kytv)
  • % Done changed from 10 to 0

intrigeri wrote:

> […]
>
> Kill Your TV, want to take it?

Absolutely.

This does set the value properly. Perhaps this was the root cause of Bug #9095. I’m testing this change along with my Bug #9095 updates and I haven’t seen the “greyed out window problem” yet. Still, what I’ll propose for Bug #9095 should improve things anyway.

#4 Updated by kytv 2015-04-15 21:51:58

  • Assignee set to kytv
  • Target version set to Tails_1.4
  • % Done changed from 0 to 30
  • QA Check set to Dev Needed

#5 Updated by kytv 2015-04-15 21:52:28

  • blocks Bug #9095: Seahorse tests lack robustness added

#6 Updated by kytv 2015-04-16 18:07:03

  • Assignee deleted (kytv)
  • % Done changed from 30 to 40
  • QA Check changed from Dev Needed to Ready for QA
  • Feature Branch set to kytv:bugfix/9233-seahorse

#7 Updated by kytv 2015-04-16 19:41:52

  • Target version changed from Tails_1.4 to Tails_1.3.2

If there will be a 1.3.3 it would be nice to get this in.

I just rebased this on stable. If it’s decided it’d be better for 1.4 that’s fine too.

#8 Updated by kytv 2015-04-16 19:43:06

  • Target version changed from Tails_1.3.2 to Tails_1.4

#9 Updated by kytv 2015-04-20 14:29:59

Applied in changeset commit:0708d921cc3041a5e26878e3e85776617ca13d03.

#10 Updated by anonym 2015-04-20 14:29:59

  • Status changed from In Progress to Fix committed
  • % Done changed from 40 to 100

Applied in changeset commit:55c8fee1edf6c347d04ccccb3b52db8f85dfe678.

#11 Updated by anonym 2015-04-20 14:30:40

  • QA Check changed from Ready for QA to Pass

#12 Updated by kytv 2015-05-04 11:17:01

  • related to Feature #9339: Test that Seahorse is configured to use the correct keyserver added

#13 Updated by BitingBird 2015-05-12 18:38:08

  • Status changed from Fix committed to Resolved