Bug #9233: Seahorse's configured keyservers are not the same as those in gpg.conf

Bug #9233

Seahorse's configured keyservers are not the same as those in gpg.conf

Added by kytv 2015-04-14 21:43:59 . Updated 2015-05-12 18:38:08 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_1.4

Start date:

2015-04-14

Due date:

% Done:

100%

Feature Branch:

kytv:bugfix/9233-seahorse

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults contains the following

[org/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']

In Tails itself, however, there are two keyservers configured in Seahorse

$ gsettings get org.gnome.crypto.pgp keyservers 
['hkp://pool.sks-keyservers.net', 'ldap://keyserver.pgp.com']

(While testing my fixes for ~~Bug #9095~~ it seemed that sometimes—but not always—a fair amount of time in the test is spent waiting for keyserver.pgp.com to resolve; at least that’s the domain referenced in the Seahorse status bar. Maybe it’s a red herring of sorts.)

Anyhow, $HOME/.gnupg/gpg.conf is configured with hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps. Should it be restricted to just communicating with hkp://hkps.pool.sks-keyservers.net? If so, how?

Subtasks

Related issues

Related to Tails - ~~Feature #9339~~: Test that Seahorse is configured to use the correct keyserver	Resolved	2015-05-04
Blocks Tails - ~~Bug #9095~~: Seahorse tests lack robustness	Resolved	2015-05-05

History

#1 Updated by intrigeri 2015-04-15 14:06:06

> In Tails itself, however, there are two keyservers configured in Seahorse

Good catch! Reproduced both in Tails 1.3.2 and in current Tails/Jessie.

> Anyhow, $HOME/.gnupg/gpg.conf is configured with
> hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps.
> Should it be restricted to just communicating with
> hkp://hkps.pool.sks-keyservers.net? If so, how?

I don’t think it makes much sense to use a pool that’s specifically dedicated to hpks when we really want a hkp keyserver. So, I think that the value we want really is ['hkp://pool.sks-keyservers.net'].

Note this command sets the correct value:

gsettings set org.gnome.crypto.pgp keyservers "['hkp://pool.sks-keyservers.net']"

… so I’ve no idea why setting it in /etc/dconf/db/local.d/00_Tails_defaults doesn’t work. I suspect that some automatic migration between schemas isn’t happening when pre-seeding the dconf database as we’re doing.

Now, when I manually add a keyserver via the Seahorse interface, it appears in desktop/gnome/crypto/pgp/keyservers instead of org/gnome/crypto/pgp/keyservers, which may explain things. This is the case both on 1.3.2 and current Tails/Jessie.

So I think we should try the following patch:

--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -18,7 +18,7 @@ ypos=27
 item-filter=''
 sidebar-visible=true

-[org/gnome/crypto/pgp]
+[desktop/gnome/crypto/pgp]
 keyservers = ['hkp://pool.sks-keyservers.net']

 [org/gnome/desktop/session]

Kill Your TV, want to take it?

#2 Updated by intrigeri 2015-04-15 14:07:09

Status changed from New to In Progress
Assignee set to kytv
% Done changed from 0 to 10

#3 Updated by kytv 2015-04-15 21:51:14

Assignee deleted (~~kytv~~)
% Done changed from 10 to 0

intrigeri wrote:

> […]
>
> Kill Your TV, want to take it?

Absolutely.

This does set the value properly. Perhaps this was the root cause of ~~Bug #9095~~. I’m testing this change along with my ~~Bug #9095~~ updates and I haven’t seen the “greyed out window problem” yet. Still, what I’ll propose for ~~Bug #9095~~ should improve things anyway.