[SOLVED] Importing keys with gpg doesn't work most of the time.

Filip62 · 2020-12-01 09:01:38

Hello.

Very often I get this issue while installing packages, I think even from standard repositories and not just the AUR.

:: PGP keys need importing:
 -> 6113D89CA825C5CEDD02C87273B35DA54ACB7D10, required by: tomb
==> Import? [Y/n] Y
:: Importing keys with gpg...
gpg: keyserver receive failed: Server indicated a failure
problem importing keys

Tried this for example. Instead of the default. The server is definitely up and the key is definitely there yet it doesn't work.

gpg --debug-level=guru --verbose --keyserver hkps://keyserver.ubuntu.com --receive-keys 6113D89CA825C5CEDD02C87273B35DA54ACB7D10
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/filip/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.2.23 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.23
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x6113D89CA825C5CEDD02C87273B35DA54ACB7D10
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: keyserver receive failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

It is so frustrating, I don't know where to start debugging or what.
I was searching for a solution on the internet many times and I found many very similar issues, but the solutions never worked.

Thank You for any help.

Last edited by Filip62 (2020-12-03 16:22:43)

FirstClassCitizen · 2020-12-01 21:51:43

Can you rule out all of this reasons:
https://wiki.archlinux.org/index.php/Pa … mport_keys

Filip62 · 2020-12-02 13:13:29

FirstClassCitizen wrote:

Can you rule out all of this reasons:
https://wiki.archlinux.org/index.php/Pa … mport_keys

I did everything except disable signature checking.
Nothing worked.

Your ISP blocked the port used to import PGP keys.

I am not sure how to check for that, though it worked until a few days ago, and in the past it fixed itself after some time, but it shouldn't be happening in the first place so that's that.
Still not working now.

Lone_Wolf · 2020-12-02 13:44:12

Are you building with makepkg or an aur helper ?

If an aur helper, try to build with makepkg --log and post the full terminal output plus non-empty log files.

Filip62 · 2020-12-03 10:52:30

Lone_Wolf wrote:

Are you building with makepkg or an aur helper ?
If an aur helper, try to build with makepkg --log and post the full terminal output plus non-empty log files.

I am using yay.

❯ makepkg --log
==> Making package: tomb 2.8.1-1 (Thu 03 Dec 2020 11:48:25 AM CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading Tomb-2.8.1.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4630k  100 4630k    0     0  3297k      0  0:00:01  0:00:01 --:--:-- 3297k
  -> Downloading Tomb-2.8.1.tar.gz.sha...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    84  100    84    0     0    525      0 --:--:-- --:--:-- --:--:--   525
  -> Downloading Tomb-2.8.1.tar.gz.asc...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1528  100  1528    0     0   9610      0 --:--:-- --:--:-- --:--:--  9550
==> Validating source files with sha256sums...
    Tomb-2.8.1.tar.gz ... Passed
    Tomb-2.8.1.tar.gz.sha ... Passed
    Tomb-2.8.1.tar.gz.asc ... Skipped
==> Verifying source file signatures with gpg...
    Tomb-2.8.1.tar.gz ... FAILED (unknown public key 73B35DA54ACB7D10)
==> ERROR: One or more PGP signatures could not be verified!

seth · 2020-12-03 15:06:31

There's a pinned post on https://aur.archlinux.org/packages/tomb/ …

Last edited by seth (2020-12-03 15:07:15)

Filip62 · 2020-12-03 15:23:49

seth wrote:

There's a pinned post on https://aur.archlinux.org/packages/tomb/ …

I know which keys and how to import keys, the problem is that the importing doesn't work.
It is not just about the tomb package.

Last edited by Filip62 (2020-12-03 15:25:20)

seth · 2020-12-03 15:26:21

Post your /etc/pacman.d/gnupg/gpg.conf

Scimmia · 2020-12-03 15:28:47

seth wrote:

Post your /etc/pacman.d/gnupg/gpg.conf

You mean ~/.gnupg/gpg.conf. Pacman's keyring has nothing to do with this.

Filip62, you have shown once where yay tried to import it, that's it. Have you actually tried it yourself?

Filip62 · 2020-12-03 15:29:16

seth wrote:

Post your /etc/pacman.d/gnupg/gpg.conf

I did not modify anything.

no-greeting
no-permission-warning
lock-never
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only

Last edited by Filip62 (2020-12-03 15:29:41)

Filip62 · 2020-12-03 15:31:01

Scimmia wrote:

seth wrote:
Post your /etc/pacman.d/gnupg/gpg.conf
You mean ~/.gnupg/gpg.conf. Pacman's keyring has nothing to do with this.
Filip62, you have shown once where yay tried to import it, that's it. Have you actually tried it yourself?

Yes, in the first post.

Scimmia · 2020-12-03 15:33:03

Alright, and have you tried a non-hkps server? Tried a different port? All on the gnupg wiki page, iirc.

Filip62 · 2020-12-03 15:33:36

Scimmia wrote:

seth wrote:
Post your /etc/pacman.d/gnupg/gpg.conf
You mean ~/.gnupg/gpg.conf. Pacman's keyring has nothing to do with this.

~/.gnupg/gpg.conf is empty.

seth · 2020-12-03 15:37:13

Alternatively add keyserver-options auto-key-retrieve to your ~/.gnupg/gpg.conf

Also add "keyserver hkp://pool.sks-keyservers.net" (key is there) or just receive it diretly from there

gpg --keyserver hkp://pool.sks-keyservers.net …

Edit, though the key is also on ubuntus hkps server…

Is your local date off?
Can you ping the keyservers?
Try adding "standard-resolver" to ~/.gnupg/dirmngr.conf …

Last edited by seth (2020-12-03 15:45:51)

Filip62 · 2020-12-03 15:53:30

Scimmia wrote:

Alright, and have you tried a non-hkps server? Tried a different port? All on the gnupg wiki page, iirc.

Well I can't seem to find much of help on the gnupg wiki, I can't even find an up to date keyserver list which lists support for hkp protocol or port 80 or so.

seth · 2020-12-03 15:54:48

https://wiki.archlinux.org/index.php/GnuPG#Key_servers

zeamuga · 2020-12-03 15:57:49

In case you are using "systemd" for your network resolution services (systemd-networkd, systemd-resolved), removing the default "/etc/resolv.conf" file and creating a symbolic link from "/run/systemd/resolved/resolv.conf" to "/etc/resolv.conf" might fix the issue.
You might or might not need to add a different gpg keyserver in "~/.gnupg/gpg.conf" though, as the default one wouldn't work in the case of various keys for me, so I use "keyserver.ubuntu.com". The Ubuntu server, too, didn't work for me before creating the symbolic link.

ln -sf /run/systemd/resolved/resolv.conf /etc/resolv.conf

^ The above snippet should remove the original "/etc/resolv.conf" file and create the necessary symbolic link.

Note 1: I use "iwd" with systemd as its NameResolvingService to connect to the internet through my wi-fi hotspot device. I do not have access to a wired network.
Note 2: I do not know the original source of this solution as it's been a few months and I had to dig through a lot of web pages to find this. Nothing related to "dirmngr" and other troubleshooting stuff worked, instead, it all turned out to be unnecessary.
Note 3: This works for me but might not work for you.

Filip62 · 2020-12-03 16:21:28

zeamuga wrote:

In case you are using "systemd" for your network resolution services (systemd-networkd, systemd-resolved), removing the default "/etc/resolv.conf" file and creating a symbolic link from "/run/systemd/resolved/resolv.conf" to "/etc/resolv.conf" might fix the issue.
You might or might not need to add a different gpg keyserver in "~/.gnupg/gpg.conf" though, as the default one wouldn't work in the case of various keys for me, so I use "keyserver.ubuntu.com". The Ubuntu server, too, didn't work for me before creating the symbolic link.
ln -sf /run/systemd/resolved/resolv.conf /etc/resolv.conf
^ The above snippet should remove the original "/etc/resolv.conf" file and create the necessary symbolic link.
Note 1: I use "iwd" with systemd as its NameResolvingService to connect to the internet through my wi-fi hotspot device. I do not have access to a wired network.
Note 2: I do not know the original source of this solution as it's been a few months and I had to dig through a lot of web pages to find this. Nothing related to "dirmngr" and other troubleshooting stuff worked, instead, it all turned out to be unnecessary.
Note 3: This works for me but might not work for you.

I feel embarrassed, but the problem actually was in my systemd-resolved config. It was working before, I must have done something wrong. I just checked the Arch Wiki for resolved and configured the recommended method again. I can import the keys now.
Still weird though that everything else was working.

Thank You all for help.

Last edited by Filip62 (2020-12-03 16:21:46)

Arch Linux

#1 2020-12-01 09:01:38

[SOLVED] Importing keys with gpg doesn't work most of the time.

#2 2020-12-01 21:51:43

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#3 2020-12-02 13:13:29

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#4 2020-12-02 13:44:12

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#5 2020-12-03 10:52:30

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#6 2020-12-03 15:06:31

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#7 2020-12-03 15:23:49

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#8 2020-12-03 15:26:21

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#9 2020-12-03 15:28:47

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#10 2020-12-03 15:29:16

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#11 2020-12-03 15:31:01

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#12 2020-12-03 15:33:03

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#13 2020-12-03 15:33:36

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#14 2020-12-03 15:37:13

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#15 2020-12-03 15:53:30

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#16 2020-12-03 15:54:48

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#17 2020-12-03 15:57:49

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

#18 2020-12-03 16:21:28

Re: [SOLVED] Importing keys with gpg doesn't work most of the time.

Board footer