Skip to content

Use keyserver that still returns keys with user IDs#2051

Merged
georglauterbach merged 1 commit intodocker-mailserver:masterfrom
ap-wtioit:master-keyserver_with_uids
Jun 22, 2021
Merged

Use keyserver that still returns keys with user IDs#2051
georglauterbach merged 1 commit intodocker-mailserver:masterfrom
ap-wtioit:master-keyserver_with_uids

Conversation

@ap-wtioit
Copy link
Copy Markdown
Contributor

@ap-wtioit ap-wtioit commented Jun 22, 2021

Description

Use keyserver that still returns keys with user IDs

keys.gnupg.net doesn't return user IDs (without approval) and therefore gpg
doesn't accept keys from it.

Fixes #2050

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (README.md or the documentation under docs/)
  • If necessary I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

FYI @wt-io-it

@ap-wtioit
Use keyserver that still returns keys with user IDs
e125baf 
keys.gnupg.net doesn't return user IDs (without approval) and therefore gpg
doesn't accept keys from it.
wernerfred
wernerfred approved these changes Jun 22, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@wernerfred wernerfred left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if the pipeline passes.

Thanks for your contribution and the very detailed description of your approach in the linked Issue. Helps a lot keeping track and follow along with your thoughts.

We used keys.gnupg.net as the fail2ban maintainers referenced this server when we asked for their public key. Good finding that you discovered a (only sometimes appearing?) bug in this implementation.

Thanks

@wernerfred wernerfred added area/dependency kind/improvement Improve an existing feature, configuration file or the documentation priority/medium service/security/fail2ban labels Jun 22, 2021
@wernerfred wernerfred requested a review from a team June 22, 2021 08:15
georglauterbach
georglauterbach approved these changes Jun 22, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@georglauterbach georglauterbach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

@georglauterbach georglauterbach merged commit de05ce9 into docker-mailserver:master Jun 22, 2021
@casperklein
Copy link
Copy Markdown
Member

casperklein commented Jun 22, 2021

keys.gnupg.net doesn't return user IDs (without approval)

I stumbled upon the same yesterday and hoped that was only temporary. For completeness: It's not about a missing feature, the host doesn't even resolve to an IP address anymore.

@casperklein
Copy link
Copy Markdown
Member

casperklein commented Jun 22, 2021

I just found out, that the DNS record for the server pool was intentionally removed.

This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected.

Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.

Source: https://sks-keyservers.net/status/

keys.gnupg.net was a CNAME for hkps.pool.sks-keyservers.net

@wernerfred wernerfred added this to the v10.1.0 milestone Aug 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wernerfred wernerfred wernerfred approved these changes

@georglauterbach georglauterbach georglauterbach approved these changes

Assignees

@ap-wtioit ap-wtioit

Labels

kind/improvement Improve an existing feature, configuration file or the documentation priority/medium service/security/fail2ban

Projects

None yet

Milestone

v10.1.0

Development

Successfully merging this pull request may close these issues.

[BUG] unstable build dependending on keys.gnupg.net

4 participants

@ap-wtioit @casperklein @wernerfred @georglauterbach