Upon installation, gpg is used to verify a signature:
===> Verifying GnuPG Signature.
/usr/local/bin/gpg --no-default-keyring --keyring /usr/ports/security/libgcrypt/work/keyring --keyserver pgp.mit.edu --recv-key 57548DCD
gpg: /root/.gnupg: directory created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/usr/ports/security/libgcrypt/work/keyring' created
gpg: can't get key from keyserver: No route to host
gpg: Total number processed: 0
*** Error code 2 (ignored)
cd /usr/ports/distfiles; /usr/local/bin/gpg --keyring /usr/ports/security/libgcrypt/work/keyring --verify libgcrypt-1.2.0.tar.gz.sig libgcrypt-1.2.0.tar.gz
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: Signature made Thu Apr 15 11:51:12 2004 CEST using DSA key ID 57548DCD
gpg: Can't check signature: public key not found
*** Error code 2
This creates a gpg infrastructure for root that wasn't there before and
is not intended to be there.
Fetching the key fails on this machine because it is a firewall with
extremely limited permissions to the outside world.
Please implement an environment variable that permits one to suppress
the verification even on machines with gpg installed.
Remove lines in pre-extract from port's Makefile.
How-To-Repeat: 1) install gpg
2) Do not iniatialize gpg for root.
3) Use a firewall to limit outgoing connections.
Over to maintainer.
I have removed the gpg sigchecking code.
Unfortunately I don't have the time to fix the bugs in the current version.