Project

General

Profile

Bug #9233

Seahorse's configured keyservers are not the same as those in gpg.conf

Added by kytv over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
04/14/2015
Due date:
% Done:

100%

Feature Branch:
kytv:bugfix/9233-seahorse
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults contains the following

[org/gnome/crypto/pgp]
keyservers = ['hkp://pool.sks-keyservers.net']

In Tails itself, however, there are two keyservers configured in Seahorse

$ gsettings get org.gnome.crypto.pgp keyservers 
['hkp://pool.sks-keyservers.net', 'ldap://keyserver.pgp.com']

(While testing my fixes for #9095 it seemed that sometimes--but not always--a fair amount of time in the test is spent waiting for keyserver.pgp.com to resolve; at least that's the domain referenced in the Seahorse status bar. Maybe it's a red herring of sorts.)

Anyhow, $HOME/.gnupg/gpg.conf is configured with hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps. Should it be restricted to just communicating with hkp://hkps.pool.sks-keyservers.net? If so, how?


Related issues

Related to Tails - Feature #9339: Test that Seahorse is configured to use the correct keyserver Resolved 05/04/2015
Blocks Tails - Bug #9095: Seahorse tests lack robustness Resolved 05/05/2015

Associated revisions

Revision 0708d921 (diff)
Added by kytv over 4 years ago

Update dconf keyserver key

We were adding our preferred keyserver to org.gnome.crypto.pgp but it
appears do have channged to desktop.gnome.crypto.pgp at some point. As a
result there were two OpenPGP keyservers configured for Seahorse's use,
ours and the GNOME default.

Will-fix: #9233

Revision 55c8fee1
Added by anonym over 4 years ago

Merge remote-tracking branch 'kytv/bugfix/9233-seahorse' into stable

Fix-committed: #9233

History

#1 Updated by intrigeri over 4 years ago

In Tails itself, however, there are two keyservers configured in Seahorse

Good catch! Reproduced both in Tails 1.3.2 and in current Tails/Jessie.

Anyhow, $HOME/.gnupg/gpg.conf is configured with
hkps://hkps.pool.sks-keyservers.net but of course Seahorse does not speak hkps.
Should it be restricted to just communicating with
hkp://hkps.pool.sks-keyservers.net? If so, how?

I don't think it makes much sense to use a pool that's specifically dedicated to hpks when we really want a hkp keyserver. So, I think that the value we want really is ['hkp://pool.sks-keyservers.net'].

Note this command sets the correct value:

gsettings set org.gnome.crypto.pgp keyservers "['hkp://pool.sks-keyservers.net']" 

... so I've no idea why setting it in /etc/dconf/db/local.d/00_Tails_defaults doesn't work. I suspect that some automatic migration between schemas isn't happening when pre-seeding the dconf database as we're doing.

Now, when I manually add a keyserver via the Seahorse interface, it appears in desktop/gnome/crypto/pgp/keyservers instead of org/gnome/crypto/pgp/keyservers, which may explain things. This is the case both on 1.3.2 and current Tails/Jessie.

So I think we should try the following patch:

--- a/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
+++ b/config/chroot_local-includes/etc/dconf/db/local.d/00_Tails_defaults
@@ -18,7 +18,7 @@ ypos=27
 item-filter=''
 sidebar-visible=true

-[org/gnome/crypto/pgp]
+[desktop/gnome/crypto/pgp]
 keyservers = ['hkp://pool.sks-keyservers.net']

 [org/gnome/desktop/session]

Kill Your TV, want to take it?

#2 Updated by intrigeri over 4 years ago

  • Status changed from New to In Progress
  • Assignee set to kytv
  • % Done changed from 0 to 10

#3 Updated by kytv over 4 years ago

  • Assignee deleted (kytv)
  • % Done changed from 10 to 0

intrigeri wrote:

[...]

Kill Your TV, want to take it?

Absolutely.

This does set the value properly. Perhaps this was the root cause of #9095. I'm testing this change along with my #9095 updates and I haven't seen the "greyed out window problem" yet. Still, what I'll propose for #9095 should improve things anyway.

#4 Updated by kytv over 4 years ago

  • Assignee set to kytv
  • Target version set to Tails_1.4
  • % Done changed from 0 to 30
  • QA Check set to Dev Needed

#5 Updated by kytv over 4 years ago

  • Blocks Bug #9095: Seahorse tests lack robustness added

#6 Updated by kytv over 4 years ago

  • Assignee deleted (kytv)
  • % Done changed from 30 to 40
  • QA Check changed from Dev Needed to Ready for QA
  • Feature Branch set to kytv:bugfix/9233-seahorse

#7 Updated by kytv over 4 years ago

  • Target version changed from Tails_1.4 to Tails_1.3.2

If there will be a 1.3.3 it would be nice to get this in.

I just rebased this on stable. If it's decided it'd be better for 1.4 that's fine too.

#8 Updated by kytv over 4 years ago

  • Target version changed from Tails_1.3.2 to Tails_1.4

#9 Updated by kytv over 4 years ago

#10 Updated by anonym over 4 years ago

  • Status changed from In Progress to 11
  • % Done changed from 40 to 100

#11 Updated by anonym over 4 years ago

  • QA Check changed from Ready for QA to Pass

#12 Updated by kytv over 4 years ago

  • Related to Feature #9339: Test that Seahorse is configured to use the correct keyserver added

#13 Updated by BitingBird over 4 years ago

  • Status changed from 11 to Resolved

Also available in: Atom PDF