keyserver operations fail due to hkp_curl helper linked against the curl shim
Reported by Luke Le | September 11th, 2012 @ 07:38 PM
Sometimes, unfortunately not always, Libmacgpg fails to properly communicate with the keyservers.
The following error message is printed:
gpgkeys: HTTP post error 23: Failed writing body (0 != 129)
It's not possible to reproduce this error when using gpg directly via the command line.
Using Libmacgpg, GPG seems to properly receive the query data but fails to send it to the keyserver (broken pipe?)
Comments and changes to this ticket
-
C Fraire September 30th, 2012 @ 05:49 AM
Such a problem drove me crazy a few months ago. I reported it in http://gpgtools.lighthouseapp.com/projects/66001-macgpg2/tickets/87
I found that I could reproduce the error 100% by debugging GPG Keychain Access in Xcode and then running a keyserver operation.
It seems that Xcode (gdb really) messes up the libcurl child process of gpg's child, gpgkeys (gpg2 forks gpgkeys which forks a helper process).
I'm not sure if this helps with this issue.
-
Luke Le September 30th, 2012 @ 07:48 AM
Hi C!
Yeah, I remember and unfortunately we still haven't found any reason.
For example I only could reproduce it once on my system.
Others have it all the time.
Running it via cli shows no problem whatsoever.I just found something. It appears our version of MacGPG2 2.0.18 doesn't use libcurl but rather curl-shim
which if I'm not completely mistaken is a small http library build into gnupg.That might be the problem.
Also I can't reproduce the error in Xcode. Managed to do once, not again.Could you try to install version 2.0.19 from https://nightly.gpgtools.org and let me know if you can reproduce the
error with that version as well?Also, if you're on Mountain Lion, let me know :)
-
steve September 30th, 2012 @ 01:36 PM
- State changed from “new” to “waiting”
- Assigned user set to “Luke Le”
-
Micah October 31st, 2012 @ 07:30 PM
- Title changed from “Libmacgpg fails to properly communicate with the keyservers” to “keyserver operations fail due to hkp_curl helper linked against the curl shim”
Hello,
I had a similar problem also with 2.0.18, any gpg --recv-key operation, or --send-key operation failed completely:
$ gpg --refresh-keys gpg: refreshing 1 key from hkp://keys.gnupg.net gpg: requesting key E7778A7C from hkp server keys.gnupg.net gpgkeys: HTTP fetch error 7: couldn't connect: End of file gpg: no valid OpenPGP data found. gpg: Total number processed: 0I passed the debug option to --keyserver-options and received the following output:
$ gpg --keyserver-options debug --keyserver keys.mayfirst.org --search micah@riseup.net gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org gpgkeys: curl version = GnuPG curl-shim gpgkeys: search type is 0, and key is "micah@riseup.net" * HTTP proxy is "null" * HTTP URL is "http://keys.mayfirst.org:11371/pks/lookup?op=index&options=mr&search=micah%40riseup%2Enet" * HTTP auth is "null" * HTTP method is GET gpgkeys: HTTP search error 7: couldn't connect: End of file gpg: key "micah@riseup.net" not found on keyserver gpg: keyserver internal error gpg: keyserver search failed: Keyserver errorand looking at the gpg2keys_curl helper, it is using the libcurl shim:
$ libexec/gpg2keys_curl --version gpgkeys_curl (GnuPG/MacGPG2) 2.0.18 Uses: GnuPG curl-shimWhen I updated to the 2.0.19 nightly from https://nightly.gpgtools.org/MacGPG2-latest.dmg things work again:
$ gpg --version gpg (GnuPG/MacGPG2) 2.0.19 libgcrypt 1.5.0 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2$ gpg --keyserver-options debug --keyserver keys.mayfirst.org --search micah@riseup.net gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org gpgkeys: curl version = libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 gpgkeys: search type is 0, and key is "micah@riseup.net" * About to connect() to keys.mayfirst.org port 11371 (#0) * Trying 209.234.253.170... * connected * Connected to keys.mayfirst.org (209.234.253.170) port 11371 (#0) > GET /pks/lookup?op=index&options=mr&search=micah%40riseup.net HTTP/1.1 Host: keys.mayfirst.org:11371 Accept: */* Pragma: no-cache Cache-Control: no-cache < HTTP/1.1 200 OK < Server: nginx/0.7.67 < Date: Wed, 31 Oct 2012 18:18:00 GMT < Content-Type: text/plain < Connection: keep-alive < Content-length: 1514 < X-HKP-Results-Count: 10 < Via: 1.1 zimmermann.mayfirst.org < * Connection #0 to host keys.mayfirst.org left intact * Closing connection #0 (1) Micah Lee <micah@eff.org> Micah Lee <micahflee@gmail.com> Micah Lee <micahflee@riseup.net> 4096 bit RSA key 99999697, created: 2011-06-24 (2) https://logs.riseup.net https://micah.riseup.net 2048 bit RSA key 25A13901, created: 2011-03-24 (3) https://logs.riseup.net https://micah.riseup.net 2048 bit RSA key 734CA32C, created: 2010-12-09 (revoked) (4) https://micah.riseup.net 2048 bit RSA key CC5DADAF, created: 2010-10-01 (revoked) (5) https://micah.riseup.net 1024 bit RSA key 3F0FDAFC, created: 2010-09-30 (revoked) (6) Micah Anderson <micah@debian.org> Micah Anderson <micah@riseup.net> 4096 bit RSA key 2861A790, created: 2009-05-08 (7) micah.dibs@mail.riseup.net (dibs test gpg) <micah.dibs@mail.riseup.net 1024 bit DSA key 85535075, created: 2003-08-01 (8) micah.dibs@riseup.net (dibs testing) <micah.dibs@riseup.net> 1024 bit DSA key EE02D7CA, created: 2003-08-01 Keys 1-8 of 10 for "micah@riseup.net". Enter number(s), N)ext, or Q)uit > qand the non-debug output now works too:
$ gpg --keyserver keys.mayfirst.org --search micah@riseup.net gpg: searching for "micah@riseup.net" from hkp server keys.mayfirst.org (1) Micah Lee <micah@eff.org> Micah Lee <micahflee@gmail.com> Micah Lee <micahflee@riseup.net> 4096 bit RSA key 99999697, created: 2011-06-24 (2) https://logs.riseup.net https://micah.riseup.net 2048 bit RSA key 25A13901, created: 2011-03-24 (3) https://logs.riseup.net https://micah.riseup.net 2048 bit RSA key 734CA32C, created: 2010-12-09 (revoked) (4) https://micah.riseup.net 2048 bit RSA key CC5DADAF, created: 2010-10-01 (revoked) (5) https://micah.riseup.net 1024 bit RSA key 3F0FDAFC, created: 2010-09-30 (revoked) (6) Micah Anderson <micah@debian.org> Micah Anderson <micah@riseup.net> 4096 bit RSA key 2861A790, created: 2009-05-08 (7) micah.dibs@mail.riseup.net (dibs test gpg) <micah.dibs@mail.riseup.net 1024 bit DSA key 85535075, created: 2003-08-01 (8) micah.dibs@riseup.net (dibs testing) <micah.dibs@riseup.net> 1024 bit DSA key EE02D7CA, created: 2003-08-01 Keys 1-8 of 10 for "micah@riseup.net". Enter number(s), N)ext, or Q)uit > qIt appears that you rebuilt the gpg2keys_curl against libcurl, instead of using the shim:
$ libexec/gpg2keys_curl --versiongpgkeys_curl (GnuPG/MacGPG2) 2.0.19 Uses: libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5 -
Luke Le October 31st, 2012 @ 11:33 PM
- State changed from “waiting” to “fixed”
Hi Micah,
yes, that's exactly what happened. The shim might have been the problem in the first place,
and for a long time we didn't notice, the build wasn't linking to libcurl.In the 2.0.19 build system we've double checked that gpg links against libcurl and look, the error
no longer appears (at least for now)Please let us know if you catch it again. Thanks!
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Alex (via GPGTools)
Luke Le
Mento
steve