Have GnuPG directly use the Tor SOCKS port
As of Tails 1.0.1, we configure GnuPG to go through Polipo. According to https://trac.torproject.org/projects/tor/ticket/2846, with curl >= 7.21.7 (that is part of Wheezy), GnuPG can talk directly to the Tor SOCKS port. We should do that, to remove yet another reason to ship a HTTP proxy, and to simplify things a bit.
According to the same Tor ticket, the no-try-dns-srv
keyserver option
may be needed to avoid “DNS leaks”, that is, in Tails, inconsistencies
in circuit isolation.
Note that we will have to tell users with persistence enabled, in
release notes, that they should edit their ~/.gnupg/gpg.conf
accordingly.
Feature Branch: feature/7416-gnupg-socks
Parent Task: #5379 (closed)
Related issues
-
Blocked by #6015 (closed) -
Blocked by #7512 (closed)
Original created by @intrigeri on 7416 (Redmine)