#35 fixed
Luke Le

keyserver operations fail due to hkp_curl helper linked against the curl shim

Reported by Luke Le | September 11th, 2012 @ 07:38 PM

Sometimes, unfortunately not always, Libmacgpg fails to properly communicate with the keyservers.

The following error message is printed:

gpgkeys: HTTP post error 23: Failed writing body (0 != 129)

It's not possible to reproduce this error when using gpg directly via the command line.

Using Libmacgpg, GPG seems to properly receive the query data but fails to send it to the keyserver (broken pipe?)

Comments and changes to this ticket

  • C Fraire

    C Fraire September 30th, 2012 @ 05:49 AM

    Such a problem drove me crazy a few months ago. I reported it in http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/87

    I found that I could reproduce the error 100% by debugging GPG Keychain Access in Xcode and then running a keyserver operation.

    It seems that Xcode (gdb really) messes up the libcurl child process of gpg's child, gpgkeys (gpg2 forks gpgkeys which forks a helper process).

    I'm not sure if this helps with this issue.

  • Luke Le

    Luke Le September 30th, 2012 @ 07:48 AM

    Hi C!

    Yeah, I remember and unfortunately we still haven't found any reason.
    For example I only could reproduce it once on my system.
    Others have it all the time.
    Running it via cli shows no problem whatsoever.

    I just found something. It appears our version of MacGPG2 2.0.18 doesn't use libcurl but rather curl-shim
    which if I'm not completely mistaken is a small http library build into gnupg.

    That might be the problem.
    Also I can't reproduce the error in Xcode. Managed to do once, not again.

    Could you try to install version 2.0.19 from https://nightly.gpgtools.org and let me know if you can reproduce the
    error with that version as well?

    Also, if you're on Mountain Lion, let me know :)

  • steve

    steve September 30th, 2012 @ 01:36 PM

    • State changed from “new” to “waiting”
    • Assigned user set to “Luke Le”
  • Micah

    Micah October 31st, 2012 @ 07:30 PM

    • Title changed from “Libmacgpg fails to properly communicate with the keyservers” to “keyserver operations fail due to hkp_curl helper linked against the curl shim”

    Hello,

    I had a similar problem also with 2.0.18, any gpg --recv-key operation, or --send-key operation failed completely:

    $ gpg --refresh-keys
    gpg: refreshing 1 key from hkp://keys.gnupg.net
    gpg: requesting key E7778A7C from hkp server keys.gnupg.net
    gpgkeys: HTTP fetch error 7: couldn't connect: End of file
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0
    

    I passed the debug option to --keyserver-options and received the following output:

    $ gpg --keyserver-options debug --keyserver keys.mayfirst.org --search micah@riseup.net
    gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org
    gpgkeys: curl version = GnuPG curl-shim
    gpgkeys: search type is 0, and key is "micah@riseup.net"
    * HTTP proxy is "null"
    * HTTP URL is "http://keys.mayfirst.org:11371/pks/lookup?op=index&options=mr&search=micah%40riseup%2Enet"
    * HTTP auth is "null"
    * HTTP method is GET
    gpgkeys: HTTP search error 7: couldn't connect: End of file
    gpg: key "micah@riseup.net" not found on keyserver
    gpg: keyserver internal error
    gpg: keyserver search failed: Keyserver error
    

    and looking at the gpg2keys_curl helper, it is using the libcurl shim:

    $ libexec/gpg2keys_curl --version
    gpgkeys_curl (GnuPG/MacGPG2) 2.0.18
    Uses: GnuPG curl-shim
    

    When I updated to the 2.0.19 nightly from https://nightly.gpgtools.org/MacGPG2-latest.dmg things work again:

    $ gpg --version
    gpg (GnuPG/MacGPG2) 2.0.19
    libgcrypt 1.5.0
    Copyright (C) 2012 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    Home: ~/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2
    
    $ gpg --keyserver-options debug --keyserver keys.mayfirst.org --search micah@riseup.net
    gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org
    gpgkeys: curl version = libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
    gpgkeys: search type is 0, and key is "micah@riseup.net"
    * About to connect() to keys.mayfirst.org port 11371 (#0)
    *   Trying 209.234.253.170... * connected
    * Connected to keys.mayfirst.org (209.234.253.170) port 11371 (#0)
    > GET /pks/lookup?op=index&options=mr&search=micah%40riseup.net HTTP/1.1
    Host: keys.mayfirst.org:11371
    Accept: */*
    Pragma: no-cache
    Cache-Control: no-cache
    
    < HTTP/1.1 200 OK
    < Server: nginx/0.7.67
    < Date: Wed, 31 Oct 2012 18:18:00 GMT
    < Content-Type: text/plain
    < Connection: keep-alive
    < Content-length: 1514
    < X-HKP-Results-Count: 10
    < Via: 1.1 zimmermann.mayfirst.org
    < 
    * Connection #0 to host keys.mayfirst.org left intact
    * Closing connection #0
    (1) Micah Lee <micah@eff.org>
        Micah Lee <micahflee@gmail.com>
        Micah Lee <micahflee@riseup.net>
          4096 bit RSA key 99999697, created: 2011-06-24
    (2) https://logs.riseup.net
        https://micah.riseup.net
          2048 bit RSA key 25A13901, created: 2011-03-24
    (3) https://logs.riseup.net
        https://micah.riseup.net
          2048 bit RSA key 734CA32C, created: 2010-12-09 (revoked)
    (4) https://micah.riseup.net
          2048 bit RSA key CC5DADAF, created: 2010-10-01 (revoked)
    (5) https://micah.riseup.net
          1024 bit RSA key 3F0FDAFC, created: 2010-09-30 (revoked)
    (6) Micah Anderson <micah@debian.org>
        Micah Anderson <micah@riseup.net>
          4096 bit RSA key 2861A790, created: 2009-05-08
    (7) micah.dibs@mail.riseup.net (dibs test gpg) <micah.dibs@mail.riseup.net
          1024 bit DSA key 85535075, created: 2003-08-01
    (8) micah.dibs@riseup.net (dibs testing) <micah.dibs@riseup.net>
          1024 bit DSA key EE02D7CA, created: 2003-08-01
    Keys 1-8 of 10 for "micah@riseup.net".  Enter number(s), N)ext, or Q)uit > q
    

    and the non-debug output now works too:

    $ gpg --keyserver keys.mayfirst.org --search micah@riseup.net
    gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org
    (1) Micah Lee <micah@eff.org>
        Micah Lee <micahflee@gmail.com>
        Micah Lee <micahflee@riseup.net>
          4096 bit RSA key 99999697, created: 2011-06-24
    (2) https://logs.riseup.net
        https://micah.riseup.net
          2048 bit RSA key 25A13901, created: 2011-03-24
    (3) https://logs.riseup.net
        https://micah.riseup.net
          2048 bit RSA key 734CA32C, created: 2010-12-09 (revoked)
    (4) https://micah.riseup.net
          2048 bit RSA key CC5DADAF, created: 2010-10-01 (revoked)
    (5) https://micah.riseup.net
          1024 bit RSA key 3F0FDAFC, created: 2010-09-30 (revoked)
    (6) Micah Anderson <micah@debian.org>
        Micah Anderson <micah@riseup.net>
          4096 bit RSA key 2861A790, created: 2009-05-08
    (7) micah.dibs@mail.riseup.net (dibs test gpg) <micah.dibs@mail.riseup.net
          1024 bit DSA key 85535075, created: 2003-08-01
    (8) micah.dibs@riseup.net (dibs testing) <micah.dibs@riseup.net>
          1024 bit DSA key EE02D7CA, created: 2003-08-01
    Keys 1-8 of 10 for "micah@riseup.net".  Enter number(s), N)ext, or Q)uit > q
    

    It appears that you rebuilt the gpg2keys_curl against libcurl, instead of using the shim:

    $ libexec/gpg2keys_curl --versiongpgkeys_curl (GnuPG/MacGPG2) 2.0.19
    Uses: libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
    
  • Luke Le

    Luke Le October 31st, 2012 @ 11:33 PM

    • State changed from “waiting” to “fixed”

    Hi Micah,

    yes, that's exactly what happened. The shim might have been the problem in the first place,
    and for a long time we didn't notice, the build wasn't linking to libcurl.

    In the 2.0.19 build system we've double checked that gpg links against libcurl and look, the error
    no longer appears (at least for now)

    Please let us know if you catch it again. Thanks!

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

Shared Ticket Bins

Pages