You are not logged in.

#1 2016-08-25 16:42:03

Durden
Member
Registered: 2011-06-19
Posts: 261

pacman-key / Infinality-bundle help

Hi,

I'm trying to get the infinality bundle repo working but can't import the maintainers key. I'm behind a corporate proxy and receive the error:

gpg: keyserver receive failed: Network is unreachable
==> ERROR: Remote key not fetched correctly from keyserver.

My HTTP_PROXY is set correctly, pacman and everything work fine. But pacman-key can't seem to hit the key servers to retrieve this key, so I can't get the repo to work. Any thoughts?

Last edited by Durden (2016-08-25 16:43:00)

Offline

#2 2016-08-25 16:43:48

dockland
Member
From: Sweden
Registered: 2015-06-06
Posts: 861

Re: pacman-key / Infinality-bundle help

It works fine here. Talk to your network administrator.


I possess a device, in my pocket, that is capable of accessing the entirety of information known to man.
I use it to look at funny pictures of cats and to argue with strangers.

Offline

#3 2016-08-25 16:50:45

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: pacman-key / Infinality-bundle help

pacman-key doesn't use http exactly, it uses hkp:// which is on a different port.

Offline

#4 2016-08-25 17:04:44

CarbonChauvinist
Member
Registered: 2012-06-16
Posts: 412
Website

Re: pacman-key / Infinality-bundle help

As per the wiki you can edit /etc/pacman.d/gnupg/gpg.conf to "change the keyserver to the kjsl keyserver, which provides this service through port 80 (the HTTP port), which should always remain unblocked." Have you tried?


"the wind-blown way, wanna win? don't play"

Offline

#5 2016-08-25 17:13:26

Durden
Member
Registered: 2011-06-19
Posts: 261

Re: pacman-key / Infinality-bundle help

CarbonChauvinist wrote:

As per the wiki you can edit /etc/pacman.d/gnupg/gpg.conf to "change the keyserver to the kjsl keyserver, which provides this service through port 80 (the HTTP port), which should always remain unblocked." Have you tried?

Just tried and I get a similar error

gpg: keyserver receive failed: No keyserver available
==> ERROR: Remote key not fetched correctly from keyserver.

This is my conf file

no-greeting
no-permission-warning
lock-never
keyserver hkp://keyserver.kjsl.com:80
keyserver-options timeout=10

Not sure what to do at this point.

Offline

#6 2016-08-25 17:15:38

Durden
Member
Registered: 2011-06-19
Posts: 261

Re: pacman-key / Infinality-bundle help

CarbonChauvinist wrote:

As per the wiki you can edit /etc/pacman.d/gnupg/gpg.conf to "change the keyserver to the kjsl keyserver, which provides this service through port 80 (the HTTP port), which should always remain unblocked." Have you tried?

Also, this looks promising:
https://wiki.archlinux.org/index.php/Pa … _via_proxy

But I dont have a /etc/gnupg directory nor do I have /etc/pacman.d/gnupg/dirmngr.conf

Offline

#7 2016-08-25 17:26:34

CarbonChauvinist
Member
Registered: 2012-06-16
Posts: 412
Website

Re: pacman-key / Infinality-bundle help

You stated you were behind a http proxy iirc - there's this old thread/post where it's indicated that you can specify the http_proxy enviornment variable when running your pacman-key command. Maybe that will help?

If not try the section in the same wiki I linked earlier that's titled "Updating keys via proxy".


"the wind-blown way, wanna win? don't play"

Offline

#8 2016-08-25 17:28:17

Durden
Member
Registered: 2011-06-19
Posts: 261

Re: pacman-key / Infinality-bundle help

CarbonChauvinist wrote:

You stated you were behind a http proxy iirc - there's this old thread/post where it's indicated that you can specify the http_proxy enviornment variable when running your pacman-key command. Maybe that will help?

If not try the section in the same wiki I linked earlier that's titled "Updating keys via proxy".

Thanks Carbon. The http_proxy variable is set correctly. I've also tried the Updating keys via proxy section in the wiki but it also fails. I'm thinking I may have a problem with hkp:// being blocked in general.

Offline

#9 2016-08-25 17:59:54

CarbonChauvinist
Member
Registered: 2012-06-16
Posts: 412
Website

Re: pacman-key / Infinality-bundle help

Ahh I see you'd already confirmed the http_proxy variable in your first post, my bad. Welp, dirmngr.conf is provided by gnupg and according to the wiki (my bold for emphasis):

Updating keys via proxy
In order to use a proxy when updating keys the honor-http-proxy option must be set in both /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf. See GnuPG#Use a keyserver for more information.
Note: If pacman-key is used without the honor-http-proxy option and fails, a reboot may solve the issue.

Though gnupg's dirmngr.conf is placed in $HOME/.gnupg/ and not /etc/gnupg/ or /etc/pacman.d/gnupg/ as shown in the wiki so I feel like I'm pointing you in wrong tangents, but otherwise I'm out of thoughts; may need to go with Dockland's suggestion and take it up with your network admins. Good luck.


"the wind-blown way, wanna win? don't play"

Offline

#10 2016-08-25 18:01:32

Durden
Member
Registered: 2011-06-19
Posts: 261

Re: pacman-key / Infinality-bundle help

CarbonChauvinist wrote:

Ahh I see you'd already confirmed the http_proxy variable in your first post, my bad. Welp, dirmngr.conf is provided by gnupg and according to the wiki (my bold for emphasis):

Updating keys via proxy
In order to use a proxy when updating keys the honor-http-proxy option must be set in both /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf. See GnuPG#Use a keyserver for more information.
Note: If pacman-key is used without the honor-http-proxy option and fails, a reboot may solve the issue.

Though gnupg's dirmngr.conf is placed in $HOME/.gnupg/ and not /etc/gnupg/ or /etc/pacman.d/gnupg/ as shown in the wiki so I feel like I'm pointing you in wrong tangents, but otherwise I'm out of thoughts; may need to go with Dockland's suggestion and take it up with your network admins. Good luck.

Thanks. I tried the honor-http-proxy option but it appears to be deprecated. I think I may just grab the pub key from home and transfer it to work tomorrow on a usb. Thanks again.

Offline

Board footer

Powered by FluxBB