Closing.
]]>gpg --recv-keys <HASH>
but it failed saying it was created 17 days in the future so then I verified the `date` and it was indeed in the past (april)... Updating with
timedatectl set-time "2020-06-25 18:38:00"
fixed the key recv and hence, the pacstrap of Arch base!
]]>The solution for me was to force my system to use 8.8.8.8 as DNS (the Google provided one).
]]>standard-resolver
to file
/root/.gnupg/dirmngr.conf
and kill all dirmngr instance with
killall dirmngr
then try again
gpg --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53
More details please read https://dev.gnupg.org/T2889
]]>I captured the DNS traffic (TCP/UDP port 53) on my system issuing
$ gpg-connect-agent --dirmngr
...
> keyserver --resolve hkp://gpg.mit.edu
S # hkp://keys.gnupg.net:11371: resolve failed: Server zeigt einen unbestimmten Fehler an
OK
which was nonexistent.
I double checked, no DNS packets left my adapter
EDIT:
Tagging this as SOLVED since it is most likely an upstream bug and can be temporarily fixed by downgrading to gnupg-2.1.16-2.
Here are the messages I get (which are probably the same but in english :
[lilo:~] % killall dirmngr
[lilo:~] % ps aux | grep dirm
lilo 2244 0.0 0.0 11348 2276 pts/1 S+ 00:15 0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn dirm
[lilo:~] % rm -rf ~/.gnupg
[lilo:~] % dirmngr </dev/null
dirmngr[2300]: error opening '/home/lilo/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[2300.0]: permanently loaded certificates: 0
dirmngr[2300.0]: runtime cached certificates: 0
dirmngr[2300.0]: failed to open cache dir file '/home/lilo/.gnupg/crls.d/DIR.txt': No such file or directory
dirmngr[2300.0]: creating directory '/home/lilo/.gnupg'
dirmngr[2300.0]: creating directory '/home/lilo/.gnupg/crls.d'
dirmngr[2300.0]: new cache dir file '/home/lilo/.gnupg/crls.d/DIR.txt' created
# Home: /home/lilo/.gnupg
# Config: [none]
OK Dirmngr 2.1.17 at your service
[lilo:~] % dirmngr -vvv --debug-all --daemon --homedir /home/lilo/.gnupg --log-file /tmp/dirmngr_trace.log
dirmngr[2353]: Note: no default option file '/home/lilo/.gnupg/dirmngr.conf'
dirmngr[2353]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup
dirmngr[2353]: error opening '/home/lilo/.gnupg/dirmngr_ldapservers.conf': No such file or directory
DIRMNGR_INFO=/run/user/1000/gnupg/S.dirmngr:2357:1; export DIRMNGR_INFO;
[lilo:~] % DIRMNGR_INFO=/run/user/1000/gnupg/S.dirmngr:2357:1; export DIRMNGR_INFO;
[lilo:~] % gpg -vvv --debug-all --keyserver pgp.mit.edu --search-keys 79BE3E4300411886
gpg: Note: no default option file '/home/lilo/.gnupg/gpg.conf'
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: fd_cache_invalidate (/home/lilo/.gnupg/pubring.kbx)
gpg: DBG: iobuf-1.0: open '/home/lilo/.gnupg/pubring.kbx' desc=file_filter(fd) fd=3
gpg: DBG: iobuf-1.0: close 'file_filter(fd)'
gpg: DBG: /home/lilo/.gnupg/pubring.kbx: close fd/handle 3
gpg: DBG: fd_cache_close (/home/lilo/.gnupg/pubring.kbx) new slot created
gpg: DBG: iobuf-*.*: ioctl '/home/lilo/.gnupg/pubring.kbx' invalidate
gpg: DBG: fd_cache_invalidate (/home/lilo/.gnupg/pubring.kbx)
gpg: DBG: did (/home/lilo/.gnupg/pubring.kbx)
gpg: keybox '/home/lilo/.gnupg/pubring.kbx' created
gpg: DBG: chan_3 <- # Home: /home/lilo/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.17 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.17
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pgp.mit.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 79BE3E4300411886
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks
[lilo:~] 2 % cat /tmp/dirmngr_trace.log
2016-12-23 00:16:28 dirmngr[2353] listening on socket '/run/user/1000/gnupg/S.dirmngr'
2016-12-23 00:16:28 dirmngr[2357.0] permanently loaded certificates: 0
2016-12-23 00:16:28 dirmngr[2357.0] runtime cached certificates: 0
2016-12-23 00:16:46 dirmngr[2357.7] handler for fd 7 started
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> # Home: /home/lilo/.gnupg
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> # Config: [none]
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK Dirmngr 2.1.17 at your service
2016-12-23 00:16:46 dirmngr[2357.7] connection from process 2406 (1000:100)
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- GETINFO version
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> D 2.1.17
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- KEYSERVER --clear hkp://pgp.mit.edu
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- KS_SEARCH -- 79BE3E4300411886
2016-12-23 00:16:46 dirmngr[2357.7] DBG: dns: getsrv(_hkp._tcp.pgp.mit.edu): Server indicated a failure
2016-12-23 00:16:46 dirmngr[2357.7] command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> ERR 219 Server indicated a failure <Unspecified source>
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 <- BYE
2016-12-23 00:16:46 dirmngr[2357.7] DBG: chan_7 -> OK closing connection
2016-12-23 00:16:46 dirmngr[2357.7] handler for fd 7 terminated
I get the same result on two different computers running Arch and with different keyservers.
]]>$ gpg --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53
resulting in
gpg: keyserver receive failed: No keyserver available
no matter which server I choose.
Gathering some more details yields
$ gpg -vvv --debug-all --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53
gpg: Optionen werden aus '/home/philipp/.gnupg/gpg.conf' gelesen
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/philipp/.gnupg
gpg: DBG: chan_3 <- # Config: /home/philipp/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.17 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.17
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://pgp.mit.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x1EB2638FF56C0C53
gpg: DBG: chan_3 <- ERR 167772346 Kein Schlüsselserver verfügbar <Dirmngr>
gpg: Empfangen vom Schlüsselserver fehlgeschlagen: Kein Schlüsselserver verfügbar
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks
Importing the key on a different machine works flawlessly (via ssh), so the problem is located on my side.
EDIT:
I managed to track the problem further down by creating some dirmngr logs
# ~/.bin/dirmngr_log:
#!/bin/bash
dirmngr -vvv --debug-all --daemon --homedir ~/.gnupg --log-file ~/dirmngr_trace.log
gpg -vvv --debug-all --recv-keys --keyserver hkp://pgp.mit.edu --dirmngr ~/.bin/dirmngr_log 1EB2638FF56C0C53
yielding
# ~/dirmngr_trace.log:
2016-12-22 22:54:07 dirmngr[3210] Es wird auf Socket `/run/user/1000/gnupg/S.dirmngr' gehört
2016-12-22 22:54:07 dirmngr[3211.0] dauerhaft geladene Zertifikate: 0
2016-12-22 22:54:07 dirmngr[3211.0] zur Laufzeit zwischengespeicherte Zertifikate: 0
2016-12-22 22:54:08 dirmngr[3211.7] Handhabungsroutine für fd 7 gestartet
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> # Home: /home/philipp/.gnupg
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> # Config: /home/philipp/.gnupg/dirmngr.conf
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK Dirmngr 2.1.17 at your service
2016-12-22 22:54:08 dirmngr[3211.7] connection from process 3207 (1000:1000)
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- GETINFO version
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> D 2.1.17
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- KEYSERVER --clear hkp://pgp.mit.edu
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- KS_GET -- 0x1EB2638FF56C0C53
2016-12-22 22:54:08 dirmngr[3211.7] DBG: dns: getsrv(_hkp._tcp.pgp.mit.edu): Server zeigt einen unbestimmten Fehler an
2016-12-22 22:54:08 dirmngr[3211.7] command 'KS_GET' failed: Server zeigt einen unbestimmten Fehler an <Quelle nicht angegeben>
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> ERR 219 Server zeigt einen unbestimmten Fehler an <Quelle nicht angegeben>
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 <- BYE
2016-12-22 22:54:08 dirmngr[3211.7] DBG: chan_7 -> OK closing connection
2016-12-22 22:54:08 dirmngr[3211.7] Handhabungsroutine für den fd 7 beendet
2016-12-22 23:05:07 dirmngr[3211.0] starting housekeeping
2016-12-22 23:05:07 dirmngr[3211.0] ready with housekeeping
which seems to be a DNS issue?
]]>