[SOLVED] gpg ERR 219

MTzu · 2021-07-18 10:06:32

Hi everyone,

I've been having some trouble with the gpg --recv-keys command. I'm trying to import serveral keys (I've tried the keys for ausweisapp2 and ncurses5-compat-libs) and gpg throws the same error when attempting

$ gpg --debug-all --recv-key 699BF3055B0A49224EFDE7C72D7479A531451088

gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: keyserver receive failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Since this has already been asked about in other posts (especially gpg: keyserver receive failed: Server indicated a failure), I've checked, that systemd-resolved and systemd-networkd are setup properly and I think, that I can confirm that. No fancy network config. Just running systemd-resolved in stub mode and my config file for networkd is

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0

[Network]
DHCP=yes

Importing the keys on my ArchARM RPI works fine.
Running dig

$ dig keys.openpgp.org

results in

; <<>> DiG 9.16.18 <<>> keys.openpgp.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53422
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;keys.openpgp.org.    IN  A

;; ANSWER SECTION:
keys.openpgp.org. 1045  IN  A 37.218.245.50

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: So Jul 18 11:38:05 CEST 2021
;; MSG SIZE  rcvd: 61

so it seems to me, that I dont't have connection issues. I've also tried adding 'standard-resolver' to ~/.gnupg/dirmngr.conf and restarting dirmngr with

$ killall dirmngr

but that also didnt work. If anyone has any suggestions, please let me know.
Thanks!

Last edited by MTzu (2021-07-18 14:55:52)

seth · 2021-07-18 10:30:01

gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

tucuxi · 2021-07-18 10:44:58

Are the any clues in the output of:

systemctl --user status dirmngr

MTzu · 2021-07-18 11:34:30

seth wrote:

gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

$ gpg --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure

$ gpg --keyserver keys.openpgp.org --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure

$ gpg --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure

MTzu · 2021-07-18 11:39:43

tucuxi wrote:

Are the any clues in the output of:
systemctl --user status dirmngr

$ systemctl --user status dirmngr
● dirmngr.service - GnuPG network certificate management daemon
     Loaded: loaded (/usr/lib/systemd/user/dirmngr.service; static)
     Active: active (running) since Sun 2021-07-18 11:50:20 CEST; 1h 46min ago
TriggeredBy: ● dirmngr.socket
       Docs: man:dirmngr(8)
   Main PID: 3042 (dirmngr)
      Tasks: 1 (limit: 38448)
     Memory: 8.7M
        CPU: 24ms
     CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/dirmngr.service
             └─3042 /usr/bin/dirmngr --supervised

Jul 18 11:50:20 matzearch dirmngr[3042]:     runtime cached certificates: 0
Jul 18 11:50:20 matzearch dirmngr[3042]:            trusted certificates: 128 (128,0,0,0)
Jul 18 11:50:30 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 11:52:52 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 12:01:21 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 12:02:53 matzearch dirmngr[3042]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:02 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:22 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:31:35 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>
Jul 18 13:36:20 matzearch dirmngr[3042]: command 'KS_SEARCH' failed: Server indicated a failure <Unspecified source>

I don't get any smarter from this but maybe you do. We can see, that the --recv-key and --search-keys led to the same result "Server indicated a failure"

seth · 2021-07-18 11:49:00

pkill dirmngr
gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

MTzu · 2021-07-18 11:51:58

seth wrote:

pkill dirmngr
gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

$ gpg --debug 1024 --keyserver keyserver.ubuntu.com --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: secmem usage: 0/32768 bytes in 0 blocks

seth · 2021-07-18 11:55:23

Does seem to be a resolution issue indeed?

gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

MTzu · 2021-07-18 12:12:05

seth wrote:

Does seem to be a resolution issue indeed?

gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088

That seems to work.

$ gpg --debug 1024 --keyserver http://162.213.33.9 --search-keys 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: ipc
gpg: DBG: chan_3 <- # Home: /home/matthias/.gnupg
gpg: DBG: chan_3 <- # Config: /home/matthias/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.29 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.29
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear http://162.213.33.9
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 699BF3055B0A49224EFDE7C72D7479A531451088
gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0
gpg: DBG: chan_3 <- S SOURCE http://162.213.33.9:80
gpg: DBG: chan_3 <- D info:1:1%0Apub:2D7479A531451088:1:4096:1499068334::%0Auid:Governikus (AusweisApp2) <ausweisapp2@governikus.de>:1499068334::%0A
gpg: data source: http://162.213.33.9:80
gpg: DBG: chan_3 <- OK
(1) Governikus (AusweisApp2) <ausweisapp2@governikus.de>
    4096 bit RSA key 2D7479A531451088, created: 2017-07-03
Keys 1-1 of 1 for "699BF3055B0A49224EFDE7C72D7479A531451088".  Enter number(s), N)ext, or Q)uit > N
gpg: DBG: chan_3 -> BYE
gpg: secmem usage: 0/32768 bytes in 0 blocks

Could you maybe help me debug my network configuration then? The output of resovlectl is

$ resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: stub
  Current DNS Server: 192.178.168.141
         DNS Servers: 192.178.168.141
Fallback DNS Servers: 1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888

Link 2 (enp1s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.178.141
       DNS Servers: 192.168.178.141 fd00::cece:1eff:feaf:874

I'm using a pi-hole (192.168.178.141) as a DNS server. It's the same device, that has no issues with gpg --recv-key but both this PC and the RPI should do name resolution on the pi-hole DNS. I just checked, that the last statement is true, and indeed the RPI uses the same DNS server 192.168.178.141 (itself).

seth · 2021-07-18 12:18:55

/etc/nsswitch.conf?
Though I guess you should open a new thread (because of the present noise)

Lone_Wolf · 2021-07-18 12:31:24

~~Please post content of ~/.gnupg/gpg.conf and ~/.gnupg/dirmngr.conf (the latter might not exist)~~

ignore

Last edited by Lone_Wolf (2021-07-18 12:32:15)

tucuxi · 2021-07-18 13:17:58

Apparently, the pre-configured keyservers have poor availability. That's at least what I have observed over a while. The dirmngr log indicates an issue with name resolution although the error message could be clearer.

As a workaround, add

keyserver hkp://keyserver.ubuntu.com

to dirmngr.conf.

seth · 2021-07-18 13:21:02

We tried ubuntu before, he can only access it by IP - it's most likely the resolver.

MTzu · 2021-07-18 13:27:46

seth wrote:

/etc/nsswitch.conf?
Though I guess you should open a new thread (because of the present noise)

/etc/nsswitch.conf

# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.

passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files

publickey: files

hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

I see what you mean by opening a new thread but I'm not quite sure what I should ask for, since I haven't had any network / resolve issues apart from gpg yet.

seth · 2021-07-18 13:52:16

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.

Better?

MTzu · 2021-07-18 14:07:12

seth wrote:

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.
Better?

MTzu wrote:

I've also tried adding 'standard-resolver' to ~/.gnupg/dirmngr.conf and restarting dirmngr with
$ killall dirmngr
but that also didnt work.

seth · 2021-07-18 14:12:14

nslookup keyserver.ubuntu.com
host keyserver.ubuntu.com
ping -c1 keyserver.ubuntu.com

Lastly, stop systemd-resolved and edit /etc/resolv.conf

nameserver 8.8.8.8

MTzu · 2021-07-18 14:55:36

seth wrote:

~/.gnupg/dirmngr.conf
Add "standard-resolver" and kill dirmngr.
Better?

Apparently this was already enough. I had to reboot my system for the change to take effect though. I tried to make sure via

$ ps aux | grep dirmngr

that dirmngr was truly restarted but I must have missed something.
Going to mark this as solved
Thank you!

Last edited by MTzu (2021-07-18 14:56:22)

Scimmia · 2021-07-18 15:00:22

What's your current /etc/resolv.conf look like?

Hooregi · 2021-12-27 16:06:22

So, here's my problem and my solution.
The gpg error stems from using systemd-resolved since it doesn't source resolv.conf. This matters because gpg uses resolv.conf instead of nsswitch and the libc functions that systemd-resolved uses.

To solve this, all you have to do is create a symbolic link to systemd's autogenerated resolv.conf that reflects the current resolver settings:

# rm /etc/resolv.conf
# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

bagaag · 2023-01-28 14:35:32

I had this same issue but a slightly different cause/solution. I'm using an Orbi wifi router, and ever since then have had intermittent GPG issues when updating Arch. For some reason, it's unable to resolve DNS for key server requests. I've had no other DNS related issues. I added 8.8.8.8 and 8.8.4.4 to the available DNS servers in Network Manager for this wifi connection, disconnected and reconnected. This put those Google DNS servers in my /etc/resolv.conf and fixed the issue for me.

xyakimo1 · 2023-07-07 20:52:32

Hooregi wrote:

So, here's my problem and my solution.
The gpg error stems from using systemd-resolved since it doesn't source resolv.conf. This matters because gpg uses resolv.conf instead of nsswitch and the libc functions that systemd-resolved uses.
To solve this, all you have to do is create a symbolic link to systemd's autogenerated resolv.conf that reflects the current resolver settings:
# rm /etc/resolv.conf
# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Huge thanks, @Hooregi, I like your solution a lot, worked perfectly!

2ManyDogs · 2023-07-07 22:09:03

Closing this old solved topic.

Arch Linux

#1 2021-07-18 10:06:32

[SOLVED] gpg ERR 219

#2 2021-07-18 10:30:01

Re: [SOLVED] gpg ERR 219

#3 2021-07-18 10:44:58

Re: [SOLVED] gpg ERR 219

#4 2021-07-18 11:34:30

Re: [SOLVED] gpg ERR 219

#5 2021-07-18 11:39:43

Re: [SOLVED] gpg ERR 219

#6 2021-07-18 11:49:00

Re: [SOLVED] gpg ERR 219

#7 2021-07-18 11:51:58

Re: [SOLVED] gpg ERR 219

#8 2021-07-18 11:55:23

Re: [SOLVED] gpg ERR 219

#9 2021-07-18 12:12:05

Re: [SOLVED] gpg ERR 219

#10 2021-07-18 12:18:55

Re: [SOLVED] gpg ERR 219

#11 2021-07-18 12:31:24

Re: [SOLVED] gpg ERR 219

#12 2021-07-18 13:17:58

Re: [SOLVED] gpg ERR 219

#13 2021-07-18 13:21:02

Re: [SOLVED] gpg ERR 219

#14 2021-07-18 13:27:46

Re: [SOLVED] gpg ERR 219

#15 2021-07-18 13:52:16

Re: [SOLVED] gpg ERR 219

#16 2021-07-18 14:07:12

Re: [SOLVED] gpg ERR 219

#17 2021-07-18 14:12:14

Re: [SOLVED] gpg ERR 219

#18 2021-07-18 14:55:36

Re: [SOLVED] gpg ERR 219

#19 2021-07-18 15:00:22

Re: [SOLVED] gpg ERR 219

#20 2021-12-27 16:06:22

Re: [SOLVED] gpg ERR 219

#21 2023-01-28 14:35:32

Re: [SOLVED] gpg ERR 219

#22 2023-07-07 20:52:32

Re: [SOLVED] gpg ERR 219

#23 2023-07-07 22:09:03

Re: [SOLVED] gpg ERR 219

Board footer