Jim Popovitch wrote: > On Tue, 2019-02-26 at 20:31 +0100, deloptes wrote: >> Jim Popovitch wrote: >> >> > What's up with dirmngr? If dirmngr is installed Evolution often >> > takes >> > ages to open signed emails. If dirmngr is not installed then >> > (according >> > to p.d.o/buster/dirmngr) "the parts of the GnuPG suite that try to >> > interact with the network will fail" >> > >> > How can dirmngr be so tightly integrated but work so poorly >> > querying >> > services? /r >> >> why should it be dirmngrs fault? perhaps it is a kind of buster or >> other issue. >> >> Try to find out where the waiting is coming from and post back. For >> example waiting for keyserver to respond or similar or waiting for >> something to time out. > > Glad you asked! > > dirmngr uses sks-keyservers.net which has at least one NS with issues: > https://ednscomp.isc.org/ednscomp/0f65feeaa7 >
Hmm, I just wonder why you would need to run dirmngr all the time, or each time you have to read encrypted mail. you should have imported the keys locally. I even do not see any evidence that it is dirmngr that is blocking. When I start the gpg client and search for a key I see dirmngr is started $ while true; do ps -A | grep dir; sleep 1; done > But more to the point, It's not an easy program to debug.... > > Following man page, I created ~/.gnupg/dirmngr.conf and populated it > with: > verbose > debug-level expert > keyserver na.pool.sks-keyservers.net > disable-ipv6 > disable-ldap > log-file ~/dirmngr.log > allow-ocsp > interesting but on my end I use pool.sks-keyservers.net and there were no issues - well how often you download or upload a key to the server? If I search for a key it takes like 3sec - and yes I think it goes via dirmngr - but sorry no time to bother setting up a config. The config I find here is the default cat ~/.gnupg/dirmngr.conf ###+++--- GPGConf ---+++### disable-ldap debug-level basic log-file socket:///home/pizza/.gnupg/log-socket ###+++--- GPGConf ---+++### Thu 06 Dec 2018 01:45:13 AM CET # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. > and then I fired up Evolution and opened emails with gpg sigs, but > still no data in the file ~/dirmngr.log. :-( > > What I suspect the problem to be, and what is alluded to on the > sks-keyservers status page, is that there is a big > inconsistency/availability with their servers (they have more off-pool > servers listed than in-pool). Obviously it's a freebie so complaints seem > childish, but it is an important service.. just like pool.ntp.org (which > ironically Debian has taken responsibility for at least sanitizing that > with debian.pool.ntp.org) > > -Jim P. Some time ago keyservers got consolidated - so now we have pool.sks-keyservers.net. I am not sure if you are taking this with prejudices - might be only your setup. I know dirmngr is somehow coupled with gpg, but never bothered to look into that as it was always working properly. The keyserver is not configured in ~/.gnupg/dirmngr.conf but in ~/.gnupg/gpg.conf Show your ~/.gnupg/gpg.conf (or at least the relevant parts) regards
