Mailing List Archive

2.2.28 doesn't honor --disable-ldap?
On 2021-06-10 at 20:15 +0200, Werner Koch via Gnupg-devel wrote:
> We are pleased to announce the availability of a new GnuPG LTS release:
> version 2.2.28.
> * gpg: Lookup a missing public key of the current card via LDAP.
> [b59af0e2a05a]

My package builds pass `--disable-ldap` to the configure line for GnuPG;
this does not appear to be honored any more?

Resuming a failed build docker container and trying again, it's failing

make[1]: Entering directory '/root/src/gnupg-2.2.28/dirmngr'
gcc -std=gnu99 -I/opt/gnupg/include -I/opt/gnupg/include -I/opt/gnupg/include -I/opt/gnupg/include -I/opt/gnupg/include -I/opt/gnupg/include -Wall -Wno-format-zero-length -Wno-pointer-sign -Wpointer-arith -g -O2 -L/opt/gnupg/lib -Wl,-R/opt/gnupg/lib -o dirmngr dirmngr.o server.o crlcache.o crlfetch.o certcache.o domaininfo.o workqueue.o loadswdb.o cdblib.o misc.o ocsp.o validate.o dns-stuff.o http.o http-common.o http-ntbtls.o ks-action.o ks-engine-hkp.o ks-engine-http.o ks-engine-finger.o ks-engine-kdns.o dns.o ../common/libcommonpth.a -lresolv -lassuan -L/opt/gnupg/lib -lgpg-error -L/opt/gnupg/lib -lgcrypt -lgpg-error -L/opt/gnupg/lib -lksba -lgpg-error -L/opt/gnupg/lib -lnpth -lpthread -L/opt/gnupg/lib -lgnutls
dirmngr.o: In function `parse_rereadable_options':
/root/src/gnupg-2.2.28/dirmngr/dirmngr.c:747: undefined reference to `ldapserver_parse_one'
/root/src/gnupg-2.2.28/dirmngr/dirmngr.c:753: undefined reference to `ldapserver_list_free'
collect2: error: ld returned 1 exit status

The config.log confirms:

$ ./configure --prefix=/opt/gnupg --disable-nls --disable-ldap --enable-noexecstack --enable-key-cache=32768 --enable-wks-tools --with-pinentry-pgm=/opt/gnupg/bin/pinentry-curses --with-libgpg-error-prefix=/opt/gnupg --with-libassuan-prefix=/opt/gnupg --with-libgcrypt-prefix=/opt/gnupg --with-ksba-prefix=/opt/gnupg --with-npth-prefix=/opt/gnupg

I can't spend time writing a patch on this right now, so I'm posting in
the hope that the maintainers might fix this for me, so I can add an
upstream patch to my build. :)


Gnupg-devel mailing list
Re: 2.2.28 doesn't honor --disable-ldap? [ In reply to ]
On Thu, 10 Jun 2021 17:20, Phil Pennock said:

> My package builds pass `--disable-ldap` to the configure line for GnuPG;
> this does not appear to be honored any more?

Sorry, for not having tested this. LDAP is currently pretty important
to us, so did not even thought about it. Thanks for reporting, Gniibe
already pushed some fixes.

FWIW: Not for 2.2 but for 3.3 the plan is to move all LDAP stuff to
dirmngr_ldap so that we can get rid of the possible linking of two
different libgcrypt versions or linking to yet another crypto library
(if OpenLDAP is build against Nettle). The other reason is that we can
properly implement a timeout for LDAP. The OpenPGP LDAP keyserver code
does not yet handle a timeout correcly because OpenLDAP has no way to to
that (e.g. during a connet attempt). dirmngr_ldap would then run as a
co-process to keep state.



Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.