--search-keys: "gpg: error searching keyserver: No inquire callback in IPC"
Rainer Fiebig
jrf at mailbox.org
Sat Jul 31 19:56:34 CEST 2021
Am 31.07.21 um 17:40 schrieb Werner Koch:
> On Thu, 29 Jul 2021 18:36, Andrew Gallagher said:
>
>> If you built gnupg from its default configuration, it does not
>> automatically look in /etc/ssl/certs for CA certificates. You may want
>
> On Unix and unless gnupg was build with --with-default-trust-store-file
> the following collections of certificates are used for TLS:
>
> { "/etc/ssl/ca-bundle.pem" },
> { "/etc/ssl/certs/ca-certificates.crt" },
> { "/etc/pki/tls/cert.pem" },
> { "/usr/local/share/certs/ca-root-nss.crt" },
> { "/etc/ssl/cert.pem" }
>
Thanks. None of those files is on my system. So it's probably no wonder
that "--search-keys" didn't work.
Either I messed up big or LFS/BLFS uses a setup for the certificates
that is not what gnupg expects. In the latter case
--with-default-trust-store-file=/etc/pki/tls/certs/ca-bundle.crt
may indeed be the way to go for LFS/BLFS systems.
I'll cc this to blfs-support so that the editors can draw their own
conclusions. Or castigate me for being too stupid to follow the
instructions somewhere. ;)
>> to add a soft link from /etc/gnupg/trusted-certs to /etc/ssl/certs so
>> that dirmngr looks in the Mozilla certificate library.
>
> Not a too good idea becuase these certificates are used for a different
> purpose.
>
>
> FWIW, here is the list of internal certificate classes used:
>
> CERTTRUST_CLASS_SYSTEM = 1, /* From the system's list of trusted certs. */
> CERTTRUST_CLASS_CONFIG = 2, /* From dirmngr's config files. */
> CERTTRUST_CLASS_HKP = 4, /* From --hkp-cacert */
> CERTTRUST_CLASS_HKPSPOOL= 8, /* The one and only from sks-keyservers */
>
>
> Shalom-Salam,
>
> Werner
>
>
More information about the Gnupg-users
mailing list