Issue fetching GPG keys

Orionis · 2020-06-17 15:21:07

One of my Linux systems (last updated in April) has the following issue:

pacman-key --refresh-keys                                                                                                        :(
gpg: refreshing 117 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure

Just to exclude my network I ran it on another Linux server where it runs fine.

I tried port 80 and 443 nonetheless.

I also did:

gpg --debug-level guru --keyserver hkp://keys.gnupg.net --search-keys abcdefghij
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /root/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.2.20 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.20
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keys.gnupg.net
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abcdefghij
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

The problem stops me from updating since I get this on the upgrade:

(142/142) checking keys in keyring                                                             [#######################################################] 100%
downloading required keys...
:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n] Y
error: key "3B94A80E50A477C7" could not be looked up remotely

I update gnupg, keyutils and pacman-keyring to see if it would help, but no luck there...

Can anybody help me out?

Last edited by Orionis (2020-06-17 15:27:04)

Head_on_a_Stick · 2020-06-17 15:25:43

https://bbs.archlinux.org/viewtopic.php?id=255968

Please search before posting...

Orionis · 2020-06-17 15:30:39

That may say something about the heftig key, but not about the general issue of not being able to reach any keyserver. Which is why I was reluctant to include it in my post.

Please read my entire post before telling me I didn't just spend two hours on Google trying to figure it out for myself and failing.

I'm sorry, but that reply bites after two hours.

EDIT: I already had the thread you referred me to open to troubleshoot that as well. But I am bound to run into issues if gpg can no longer get to the keys.

EDIT2: The system where "refresh-keys" works was last updated on May 2nd, so I figured maybe it was an aoutdated package. Which is why I usually run "refresh-keys" before upgrading, I've had issues with outdated keys in the past.in the middle of an update.

Last edited by Orionis (2020-06-17 15:41:38)

Head_on_a_Stick · 2020-06-17 15:41:51

Is your system date correct and is dirmngr set up correctly?

How about https://bbs.archlinux.org/viewtopic.php?id=220996?

loqs · 2020-06-17 17:05:13

(142/142) checking keys in keyring                                                             [#######################################################] 100%
downloading required keys...
:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n] Y
error: key "3B94A80E50A477C7" could not be looked up remotely

What command produce this output and what is the full output of the command?

fisherjf · 2020-06-28 16:23:58

I got the same error when install meson on a fresh new system

8/8) checking keys in keyring [##############################################] 100%
downloading required keys...
:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n] y
error: key "3B94A80E50A477C7" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

Then I tried the following:

gpg --search-keys --batch 3B94A80E50A477C7
gpg: directory '/home/mpiuser/.gnupg' created
gpg: keybox '/home/mpiuser/.gnupg/pubring.kbx' created
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure

And:

gpg-connect-agent --dirmngr
> keyserver --resolve hkp://gpg.mit.edu
S # hkps://hkps.pool.sks-keyservers.net:443: resolve failed: Server indicated a failure

loqs · 2020-06-28 17:03:35

@fisherjf That key was included the 20200603-1 release archlinux-keyring by the commit https://git.archlinux.org/archlinux-key … a6efb2150c

fisherjf · 2020-06-28 17:43:27

@loqs Yeh, I just missed. I used 20200601 iso to setup the new system. After update the keyring, problem solved. Thanks.

sharethewisdom · 2021-01-02 17:53:45

I know this is several months later, but I think I have the same issue when trying to receive graysky's key...

# pacman-key -r 5EE46C4C --keyserver hkp://pool.sks-keyservers.net
gpg: keyserver receive failed: Server indicated a failure
==> ERROR Remote key not fetched correctly from keyserver

I think I tried about 10 different key servers, in the course of 8 hours of frustrating research. I don't havve access to that machine anymore, so sorry for not providing the journal log. It was a fresh install from the 2020-11 archiso, fully up-to-date. Timezone was set correctly, NTP was active. There were no particular or obvious errors in the journal. I re-populated the keyring a few times, re-installed gnupg, cleared the pacman cache, re-started dirmgr a few times, and I inspected the keyring with gpg --homedir /etc/pacman.d/gnupg ... to no avail.

I ended up manually importing the key by:

finding out that his key should be available at http://pgp.mit.edu by following his wiki key lookup link (this would timeout, or not respond at all)
manually searching for the key with w3m
waiting a few times for minutes (pgp.mit.edu contacted. Waiting for reply...) before hitting the message: The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /pks/lookup.
installing a graphical environment with firefox, repeating the search, again with loooong waits and little luck, until I was finally able to follow the search result link to his key (again, waiting a looong time for that to show up) at http://pgp.mit.edu/pks/lookup?op=get&se … 865EE46C4C
I then copy-pasted the public key to a plaintext file, and added it with pacman-key --add keyfile, signed it ...
then I went on removing the graphical environment, firefox etc. because I had no use for that.

Sorry about the rant, but maybe it's useful for someone.

edit grrr... does this have anything to do with keyserver misuse? https://youtu.be/6AI_RIw7acs?t=316

Last edited by sharethewisdom (2021-01-02 20:55:46)

Arch Linux

#1 2020-06-17 15:21:07

Issue fetching GPG keys

#2 2020-06-17 15:25:43

Re: Issue fetching GPG keys

#3 2020-06-17 15:30:39

Re: Issue fetching GPG keys

#4 2020-06-17 15:41:51

Re: Issue fetching GPG keys

#5 2020-06-17 17:05:13

Re: Issue fetching GPG keys

#6 2020-06-28 16:23:58

Re: Issue fetching GPG keys

#7 2020-06-28 17:03:35

Re: Issue fetching GPG keys

#8 2020-06-28 17:43:27

Re: Issue fetching GPG keys

#9 2021-01-02 17:53:45

Re: Issue fetching GPG keys

Board footer