regression handling keyserver directives

Phil Pennock gnupg-devel at spodhuis.org
Wed Jun 3 02:27:02 CEST 2020


On 2020-03-25 at 12:44 +0100, Werner Koch wrote:
> A candidate for GPG_ERR_INV_URI ("Invalid URI") is:
> 
>  - A HTTP proxy using "https:".  We support only "http:", "socks4:", and
>    "socks5h".

I revisited this late last night, building with the new libgpg-error.

There's one more scenario which can lead to this error: building without
TLS support.

My build flow is a little too quiet, so I did not get to see the
complaint that GnuTLS support was being disabled, because `nettle.pc`
could not be found in the pkgconfig path.

And that was because on sufficiently new OS releases, the `.pc` files
of nettle (and hogweed) get installed into PREFIX/lib64/pkgconfig/
instead of PREFIX/lib/pkgconfig/.

So with a $PKG_CONFIG_PATH which only included the `lib` form, GnuPG's
configure script missed finding `nettle.pc`, auto-disabled TLS support
without failing the configure, and so when keyservers respond with HTTP
redirects to the `https:` schema, the build GnuPG errors out
cryptically.

I'm half sorry for the noise and half thinking that this highlights a
couple of places for UX improvement.

Thanks for the debugging assistance,
-Phil



More information about the Gnupg-devel mailing list