You are not logged in.

#1 2021-07-18 10:06:32

MTzu
Member
Registered: 2021-07-18
Posts: 8

[SOLVED] gpg ERR 219

Hi everyone,

I've been having some trouble with the gpg --recv-keys command. I'm trying to import serveral keys (I've tried the keys for ausweisapp2 and ncurses5-compat-libs) and gpg throws the same error when attempting

$ gpg --debug-all --recv-key 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: keyserver receive failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Since this has already been asked about in other posts (especially gpg: keyserver receive failed: Server indicated a failure), I've checked, that systemd-resolved and systemd-networkd are setup properly and I think, that I can confirm that. No fancy network config. Just running systemd-resolved in stub mode and my config file for networkd is

/etc/systemd/network/20-wired.network
[Match]
Name=enp1s0

[Network]
DHCP=yes

Importing the keys on my ArchARM RPI works fine.
Running dig

$ dig keys.openpgp.org 

results in

; <<>> DiG 9.16.18 <<>> keys.openpgp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53422
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;keys.openpgp.org.    IN  A

;; ANSWER SECTION:
keys.openpgp.org. 1045  IN  A 37.218.245.50

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: So Jul 18 11:38:05 CEST 2021
;; MSG SIZE  rcvd: 61

so it seems to me, that I dont't have connection issues. I've also tried adding 'standard-resolver' to ~/.gnupg/dirmngr.conf and restarting dirmngr with

$ killall dirmngr

but that also didnt work. If anyone has any suggestions, please let me know.
Thanks!

Last edited by MTzu (2021-07-18 14:55:52)

Offline

#2 2021-07-18 10:30:01

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

Online

#3 2021-07-18 10:44:58

tucuxi
Member
From: Switzerland
Registered: 2020-03-08
Posts: 291

Re: [SOLVED] gpg ERR 219

Are the any clues in the output of:

systemctl --user status dirmngr

Offline

#4 2021-07-18 11:34:30

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:
gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
$ gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
$ gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
$ gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure

Offline

#5 2021-07-18 11:39:43

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

tucuxi wrote:

Are the any clues in the output of:

systemctl --user status dirmngr
$ systemctl --user status dirmngr
● dirmngr.service - GnuPG network certificate management daemon
     Loaded: loaded (/usr/lib/systemd/user/dirmngr.service; static)
     Active: active (running) since Sun 2021-07-18 11:50:20 CEST; 1h 46min ago
TriggeredBy: ● dirmngr.socket
       Docs: man:dirmngr(8)
   Main PID: 3042 (dirmngr)
      Tasks: 1 (limit: 38448)
     Memory: 8.7M
        CPU: 24ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/dirmngr.service
             └─3042 /usr/bin/dirmngr --supervised

Jul 18 11:50:20 matzearch dirmngr[3042]:     runtime cached certificates: 0
Jul 18 11:50:20 matzearch dirmngr[3042]:            trusted certificates: 128 (128,0,0,0)
Jul 18 11:50:30 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 11:52:52 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 12:01:21 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 12:02:53 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:02 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:22 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:35 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:36:20 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>

I don't get any smarter from this but maybe you do. We can see, that the --recv-key and --search-keys led to the same result "Server indicated a failure"

Offline

#6 2021-07-18 11:49:00

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

pkill dirmngr
gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

Online

#7 2021-07-18 11:51:58

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:
pkill dirmngr
gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
$ gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: secmem usage: 0/32768 bytes in 0 blocks

Offline

#8 2021-07-18 11:55:23

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

Does seem to be a resolution issue indeed?

gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

Online

#9 2021-07-18 12:12:05

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:

Does seem to be a resolution issue indeed?

gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

That seems to work.

$ gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear http://162.213.33.9
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0
gpg: DBG: chan_3 <- S SOURCE http://162.213.33.9:80
gpg: DBG: chan_3 <- D info:1:1%0Apub:2D7479A531451088:1:4096:1499068334::%0Auid:Governikus (AusweisApp2) <ausweisapp2@governikus.de>:1499068334::%0A
gpg: data source: http://162.213.33.9:80
gpg: DBG: chan_3 <- OK
(1) Governikus (AusweisApp2) <ausweisapp2@governikus.de>
    4096 bit RSA key 2D7479A531451088, created: 2017-07-03
Keys 1-1 of 1 for "699BF3055B0A49224EFDE7C72D7479A531451088".  Enter number(s), N)ext, or Q)uit > N
gpg: DBG: chan_3 -> BYE
gpg: secmem usage: 0/32768 bytes in 0 blocks

Could you maybe help me debug my network configuration then? The output of resovlectl is

$ resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 192.178.168.141
         DNS Servers: 192.178.168.141
Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888

Link 2 (enp1s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.141
       DNS Servers: 192.168.178.141 fd00::cece:1eff:feaf:874

I'm using a pi-hole (192.168.178.141) as a DNS server. It's the same device, that has no issues with gpg --recv-key but both this PC and the RPI should do name resolution on the pi-hole DNS. I just checked, that the last statement is true, and indeed the RPI uses the same DNS server 192.168.178.141 (itself).

Offline

#10 2021-07-18 12:18:55

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

/etc/nsswitch.conf?
Though I guess you should open a new thread (because of the present noise)

Online

#11 2021-07-18 12:31:24

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: [SOLVED] gpg ERR 219

Please post content of ~/.gnupg/gpg.conf and ~/.gnupg/dirmngr.conf (the latter might not exist)

ignore

Last edited by Lone_Wolf (2021-07-18 12:32:15)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#12 2021-07-18 13:17:58

tucuxi
Member
From: Switzerland
Registered: 2020-03-08
Posts: 291

Re: [SOLVED] gpg ERR 219

Apparently, the pre-configured keyservers have poor availability. That's at least what I have observed over a while. The dirmngr log indicates an issue with name resolution although the error message could be clearer.

As a workaround, add

keyserver hkp://keyserver.ubuntu.com

to dirmngr.conf.

Offline

#13 2021-07-18 13:21:02

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

We tried ubuntu before, he can only access it by IP - it's most likely the resolver.

Online

#14 2021-07-18 13:27:46

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:

/etc/nsswitch.conf?
Though I guess you should open a new thread (because of the present noise)

/etc/nsswitch.conf
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

I see what you mean by opening a new thread but I'm not quite sure what I should ask for, since I haven't had any network / resolve issues apart from gpg yet.

Offline

#15 2021-07-18 13:52:16

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.

Better?

Online

#16 2021-07-18 14:07:12

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.

Better?

MTzu wrote:

I've also tried adding 'standard-resolver' to ~/.gnupg/dirmngr.conf and restarting dirmngr with

$ killall dirmngr

but that also didnt work.

Offline

#17 2021-07-18 14:12:14

seth
Member
Registered: 2012-09-03
Posts: 50,000

Re: [SOLVED] gpg ERR 219

nslookup keyserver.ubuntu.com
host keyserver.ubuntu.com
ping -c1 keyserver.ubuntu.com

Lastly, stop systemd-resolved and edit /etc/resolv.conf

nameserver 8.8.8.8

Online

#18 2021-07-18 14:55:36

MTzu
Member
Registered: 2021-07-18
Posts: 8

Re: [SOLVED] gpg ERR 219

seth wrote:

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.

Better?

Apparently this was already enough. I had to reboot my system for the change to take effect though. I tried to make sure via

$ ps aux | grep dirmngr

that dirmngr was truly restarted but I must have missed something.
Going to mark this as solved
Thank you!

Last edited by MTzu (2021-07-18 14:56:22)

Offline

#19 2021-07-18 15:00:22

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] gpg ERR 219

What's your current /etc/resolv.conf look like?

Offline

#20 2021-12-27 16:06:22

Hooregi
Member
Registered: 2021-12-26
Posts: 1

Re: [SOLVED] gpg ERR 219

So, here's my problem and my solution.
The gpg error stems from using systemd-resolved since it doesn't source resolv.conf. This matters because gpg uses resolv.conf instead of nsswitch and the libc functions that systemd-resolved  uses.

To solve this, all you have to do is create a symbolic link to systemd's autogenerated resolv.conf that reflects the current resolver settings:

# rm /etc/resolv.conf
# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

"The idea that growth will remedy our debts is so addictive for politicians, but the citizens end up paying the price."

Offline

#21 2023-01-28 14:35:32

bagaag
Member
Registered: 2017-04-28
Posts: 3

Re: [SOLVED] gpg ERR 219

I had this same issue but a slightly different cause/solution. I'm using an Orbi wifi router, and ever since then have had intermittent GPG issues when updating Arch. For some reason, it's unable to resolve DNS for key server requests. I've had no other DNS related issues. I added 8.8.8.8 and 8.8.4.4 to the available DNS servers in Network Manager for this wifi connection, disconnected and reconnected. This put those Google DNS servers in my /etc/resolv.conf and fixed the issue for me.

Offline

#22 2023-07-07 20:52:32

xyakimo1
Member
Registered: 2023-06-06
Posts: 2

Re: [SOLVED] gpg ERR 219

Hooregi wrote:

So, here's my problem and my solution.
The gpg error stems from using systemd-resolved since it doesn't source resolv.conf. This matters because gpg uses resolv.conf instead of nsswitch and the libc functions that systemd-resolved  uses.

To solve this, all you have to do is create a symbolic link to systemd's autogenerated resolv.conf that reflects the current resolver settings:

# rm /etc/resolv.conf
# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Huge thanks, @Hooregi, I like your solution a lot, worked perfectly!

Offline

#23 2023-07-07 22:09:03

2ManyDogs
Forum Moderator
Registered: 2012-01-15
Posts: 4,645

Re: [SOLVED] gpg ERR 219

Closing this old solved topic.


How to post. A sincere effort to use modest and proper language and grammar is a sign of respect toward the community.

Offline

Board footer

Powered by FluxBB