Issues with keyring.d.o and full length key UID requests

To: keyring-maint@debian.org
Cc: debian-wb-team@lists.debian.org
Subject: Issues with keyring.d.o and full length key UID requests
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 9 May 2012 12:21:55 +0200
Message-id: <[🔎] 20120509102155.GA11110@hall.aurel32.net>

Hi,

As part of the key generation script on the build daemons, keys are 
retrieved from keyring.debian.org using the full length key UID. It 
appears it doesn't work anymore with GPG from wheezy/sid.

Some debug shows that GPG from squeeze queries the server with only the
last 8 digits:

| * HTTP proxy is "null"
| * HTTP URL is "http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0xF1BCDB73";
| * HTTP auth is "null"
| * HTTP method is GET

This works correctly, as shown by a wget on this URL:

| $ wget 'http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0xF1BCDB73'
| --2012-05-09 12:19:27--  http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0xF1BCDB73
| Resolving keyring.debian.org... 2001:41b8:202:deb:1a1a:0:52c3:4b6b, 82.195.75.107
| Connecting to keyring.debian.org|2001:41b8:202:deb:1a1a:0:52c3:4b6b|:11371... connected.
| HTTP request sent, awaiting response... 200 OK
| Length: unspecified [text/html]
|Saving to: `lookup?op=get&options=mr&search=0xF1BCDB73.1'
|
|    [   <=>                                                 ] 211,724      457K/s   in 0.5s    
|
| 2012-05-09 12:19:28 (457 KB/s) - `lookup?op=get&options=mr&search=0xF1BCDB73' saved [211724]

The GPG from wheezy/sid passes directly the full length key UID to the
server:

| * HTTP proxy is "null"
| * HTTP URL is "http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0x4B7D218817B6F67C582DCFB0C376A8DAF1BCDB73";
| * HTTP auth is "null"
| * HTTP method is GET

This seems to confuse the server, as shown below with wget:

| $ wget 'http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0x4B7D218817B6F67C582DCFB0C376A8DAF1BCDB73'
| --2012-05-09 12:13:08--  http://keyring.debian.org:11371/pks/lookup?op=get&options=mr&search=0x4B7D218817B6F67C582DCFB0C376A8DAF1BCDB73
| Resolving keyring.debian.org... 2001:41b8:202:deb:1a1a:0:52c3:4b6b, 82.195.75.107
| Connecting to keyring.debian.org|2001:41b8:202:deb:1a1a:0:52c3:4b6b|:11371... connected.
| HTTP request sent, awaiting response... 501 not implemented (only "get" command available)
| 2012-05-09 12:13:08 ERROR 501: not implemented (only "get" command available).

It would be nice if keyring.debian.org could be fix, so that it accepts
request from the GPG client that will be in wheezy. Thanks in advance.

Regards,
Aurelien

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Issues with keyring.d.o and full length key UID requests
  - From: Jonathan McDowell <noodles@earth.li>

Prev by Date: Re: Give back yade_0.80.0-2 on ia64
Next by Date: [p-a-s/sid] remove fpc
Previous by thread: Re: Slightly outdated 'armel' build machine
Next by thread: Re: Issues with keyring.d.o and full length key UID requests
Index(es):
- Date
- Thread