Description
Description
Any gpg. modules that call to a keyserver, unless one is explicitly specified, will fail.
This is because SKS, the keyserver cluster that was commonly in use (and the cluster that the current default keyserver, pgp.mit.edu, was a part of), has been completely obsoleted and decommissioned. Has been for about 2 years now.
Recently, pgp.mit.edu finally decommissioned as well (which was for the best; it wasn't receiving new peered keys anyways).
There are two alternatives, however, currently in wide usage:
OpenPGP's keyserver runs Hagrid. It offers email validation (and hides email addresses on key UIDs/makes email searching impossible until they are validated, with the option to hide email addresses post-validation but still make searchable. I believe it strips all other UID info e.g. photos).
Ubuntu/Canonical's keyserver runs Hockeypuck, which essentially is a complete rewrite of SKS.
This said, I recommend using OpenPGP's keyserver as it's the compiled-in default now (from what I recall) and replacing all instances of pgp.mit.edu with keys.openpgp.org:
- https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L219
- https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L238
- https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L884
- https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L914
- https://github.com/saltstack/salt/blob/master/salt/modules/dockermod.py#L1719
- https://github.com/saltstack/salt/blob/master/doc/man/salt.7 (lines 164633, 187294, 187335)
(It may make sense to set the default keyserver as a dundered module-scoped "constant", e.g. _default_keyserver = 'keys.openpgp.org' in salt/modules/gpg.py.)