Re: dirmngr, can't live with it, can't live without it
On Tue, 2019-02-26 at 20:31 +0100, deloptes wrote:
> Jim Popovitch wrote:
>
> > What's up with dirmngr? If dirmngr is installed Evolution often
> > takes
> > ages to open signed emails. If dirmngr is not installed then
> > (according
> > to p.d.o/buster/dirmngr) "the parts of the GnuPG suite that try to
> > interact with the network will fail"
> >
> > How can dirmngr be so tightly integrated but work so poorly
> > querying
> > services? /r
>
> why should it be dirmngrs fault? perhaps it is a kind of buster or
> other issue.
>
> Try to find out where the waiting is coming from and post back. For
> example waiting for keyserver to respond or similar or waiting for
> something to time out.
Glad you asked!
dirmngr uses sks-keyservers.net which has at least one NS with issues:
https://ednscomp.isc.org/ednscomp/0f65feeaa7
But more to the point, It's not an easy program to debug....
Following man page, I created ~/.gnupg/dirmngr.conf and populated it
with:
verbose
debug-level expert
keyserver na.pool.sks-keyservers.net
disable-ipv6
disable-ldap
log-file ~/dirmngr.log
allow-ocsp
and then I fired up Evolution and opened emails with gpg sigs, but
still no data in the file ~/dirmngr.log. :-(
What I suspect the problem to be, and what is alluded to on the sks-keyservers status page, is that there is a big inconsistency/availability with their servers (they have more off-pool servers listed than in-pool). Obviously it's a freebie so complaints seem childish, but it is an important service.. just like pool.ntp.org (which ironically Debian has taken responsibility for at least sanitizing that with debian.pool.ntp.org)
-Jim P.
Reply to: