Arch Linux

tsj

Member

Registered: 2017-07-06

Posts: 12

[SOLVED] archlinux-keyring-wkd-sync fails

Hello, archlinux-keyring-wkd-sync.service has been failing every time, for quite a while now.

Refreshing key 97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161 with UID nicohood@archlinux.org...
gpg: error retrieving 'nicohood@archlinux.org' via WKD: Network error
gpg: error reading key: Network error

Refreshing key 991F6E3F0765CF6295888586139B09DA5BF0D338 with UID dvzrv@archlinux.org...
gpg: error retrieving 'dvzrv@archlinux.org' via WKD: Input/output error
gpg: error reading key: Input/output error

Refreshing key A2FF3A36AAA56654109064AB19802F8B0D70FC30 with UID heftig@archlinux.org...
gpg: error retrieving 'heftig@archlinux.org' via WKD: End of file
gpg: error reading key: End of file

Refreshing key C100346676634E80C940FB9E9C02FF419FECBE16 with UID foxboron@archlinux.org...
gpg: error retrieving 'foxboron@archlinux.org' via WKD: Connection closed in DNS
gpg: error reading key: Connection closed in DNS

Refreshing key 0A9DDABB64B993D82AD45E4F32EAB0A976938292 with UID kgizdov@archlinux.org...
gpg: error retrieving 'kgizdov@archlinux.org' via WKD: No data
gpg: error reading key: No data

Some kind of gpg error pops up almost every time a key gets refreshed. Maybe 1 out of 100 succeeds.

I tried removing /etc/pacman.d/gnupg and then pacman-key --init and pacman-key --populate, this did nothing. Also pacman -Sy archlinux-keyring, package was up to date already but reinstalled, no help. I changed key servers once, it did not help.

However, for any of the refreshes that end in error in archlinux-keyring-wkd-sync, it seems to succeed if I use pacman-key --recv-key:

# pacman-key --recv-key C100346676634E80C940FB9E9C02FF419FECBE16
gpg: key 9C02FF419FECBE16: 2 duplicate signatures removed
gpg: key 9C02FF419FECBE16: 4 signatures not checked due to missing keys
gpg: key 9C02FF419FECBE16: "Morten Linderud <morten@linderud.pw>" 10 signatures cleaned
gpg: key 9C02FF419FECBE16: "Morten Linderud <morten@linderud.pw>" 1 user ID cleaned
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   5  signed:  99  trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2  valid:  75  signed:  22  trust: 75-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-06-29
gpg: Total number processed: 1
gpg:     signatures cleaned: 10
gpg:       user IDs cleaned: 1

The "Network error" message seems the most suspicious, but I don't know what the issue could be. I read a tip elsewhere to make sure system clock is synced, it seems to be.

> timedatectl status
               Local time: Fri 2024-05-17 08:16:10 EDT
           Universal time: Fri 2024-05-17 12:16:10 UTC
                 RTC time: Fri 2024-05-17 12:16:10
                Time zone: US/Eastern (EDT, -0400)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Last edited by tsj (2024-05-17 21:28:41)

seth

Member

Registered: 2012-09-03

Posts: 60,378

Re: [SOLVED] archlinux-keyring-wkd-sync fails

gpg: error reading key: Network error
gpg: error reading key: Input/output error
gpg: error reading key: End of file
gpg: error reading key: Connection closed in DNS
gpg: error reading key: No data

I'd rather look at the network stability.
Sanity check: Please post the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

tsj

Member

Registered: 2017-07-06

Posts: 12

Re: [SOLVED] archlinux-keyring-wkd-sync fails

Sanity check: Please post the output of

find /etc/systemd -type l -exec test -f {} \; -print | awk -F'/' '{ printf ("%-40s | %s\n", $(NF-0), $(NF-1)) }' | sort -f

audiobookshelf.service                   | multi-user.target.wants
caddy.service                            | multi-user.target.wants
cronie.service                           | multi-user.target.wants
dbus-org.freedesktop.network1.service    | system
dhcpcd@wlp0s20u4.service                 | multi-user.target.wants
docker.service                           | multi-user.target.wants
fail2ban.service                         | multi-user.target.wants
fstrim.timer                             | multi-user.target.wants
gcr-ssh-agent.socket                     | sockets.target.wants
getty@tty1.service                       | getty.target.wants
gnome-keyring-daemon.socket              | sockets.target.wants
ip6tables.service                        | multi-user.target.wants
iptables.service                         | multi-user.target.wants
jellyfin.service                         | multi-user.target.wants
krb5-kdc.service                         | multi-user.target.wants
lm_sensors.service                       | multi-user.target.wants
media-flapper.mount                      | multi-user.target.wants
media-nugget.mount                       | multi-user.target.wants
media-slammer.mount                      | multi-user.target.wants
navidrome.service                        | multi-user.target.wants
nix-daemon.service                       | multi-user.target.wants
ntpd.service                             | multi-user.target.wants
p11-kit-server.socket                    | sockets.target.wants
pipewire-pulse.socket                    | sockets.target.wants
pipewire-session-manager.service         | user
pipewire.socket                          | sockets.target.wants
prometheus-node-exporter.service         | multi-user.target.wants
prometheus-systemd-exporter.service      | multi-user.target.wants
rankmirrors.timer                        | timers.target.wants
remote-fs.target                         | multi-user.target.wants
sshd.service                             | multi-user.target.wants
systemd-networkd.service                 | multi-user.target.wants
systemd-networkd.socket                  | sockets.target.wants
systemd-networkd-wait-online@wlp0s20u4.service | network-online.target.wants
systemd-network-generator.service        | sysinit.target.wants
systemd-timesyncd.service                | sysinit.target.wants
tor.service                              | multi-user.target.wants
wg-quick@wg0.service                     | multi-user.target.wants
wireplumber.service                      | pipewire.service.wants
wpa_supplicant@wlp0s20u4.service         | multi-user.target.wants
xdg-user-dirs-update.service             | default.target.wants

I also had an yggdrasil.service in there (overlay network I was playing around with). I disabled it and re-ran archlinux-keyring-wkd-sync, most of the refreshes worked this time, but a few didn't. I disabled tor just now, but I think I may have been banned from the keyserver (hopefully temporarily) because connections for refreshes were refused.

I am using a USB wireless adapter on a machine that should probably have ethernet, but there are some challenges with cable routing. If I remember I still had this issue with a different usb interface.

seth

Member

Registered: 2012-09-03

Posts: 60,378

Re: [SOLVED] archlinux-keyring-wkd-sync fails

systemd-networkd.service  ./. dhcpcd@wlp0s20u4.service
If you want to use networkd, disable the dhcpcd service.
See whether network and keyserver communication stabilize.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

tsj

Member

Registered: 2017-07-06

Posts: 12

Re: [SOLVED] archlinux-keyring-wkd-sync fails

At the moment I have no choice but to use the dhcpcd service since system-networkd never seems to acquire an IP for the interface.

> ls /etc/systemd/network/
25-wireless.network

> cat /etc/systemd/network/25-wireless.network
[Match]
Name=wlp3s0

[Network]
DHCP=yes
IgnoreCarrierLoss=3s

> cat /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1

network={
  <redacted>
}

By the way I just tried yet another interface (wlp3s0), but neither acquire an IP. wpa_supplicant starts without issue, but no IP.

Last edited by tsj (2024-05-17 16:40:29)

seth

Member

Registered: 2012-09-03

Posts: 60,378

Re: [SOLVED] archlinux-keyring-wkd-sync fails

At the moment I have no choice but to use the dhcpcd service since system-networkd never seems to acquire an IP for the interface.

Disable systemd-networkd? Why are you using that itfp?

It doesn't matter what you do choose configure your network, as long is it's *one* thing, not several things concurrently.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

tsj

Member

Registered: 2017-07-06

Posts: 12

Re: [SOLVED] archlinux-keyring-wkd-sync fails

Idk, it's one of the basic options in the wiki for network management, and its systemd which we already use extensively. Anyway I fixed the systemd-networkd / dhcp issue (I had too-strict permissions on the .network file) and disabled the dhcpcd service, so that and/or switching to the PCIe wireless interface seems to have solved my problem, archlinux-keyring-wkd-sync is now running without issue. Thanks