You are not logged in.

Pages: 1

#1 2024-03-22 06:36:59

xihu0208
Member
Registered: 2020-06-14
Posts: 7

[SOLVED]Issue with Pacman-Key/GPG Not Functioning After System Upgrade

I encountered an issue after performing a system upgrade last night. Currently, I am unable to update any keys using pacman-key/gpg.
Here's the command I used, along with its output:

gpg --debug-level 10 --keyserver hkps://keyserver.ubuntu.com --search-key 0x3FEF9748469ADBE15DA7CA80AC2D62742012EA22

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: DBG: chan_3 <- # Home: /home/UsrName/.gnupg
gpg: DBG: chan_3 <- # Config: /home/UsrName/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 0x3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

I've seen some other posts mentioning this could be a DNS issue? 
I did a 'sudo tcpdump -i any -n port 53' and it did not show any requests to keyserver.ubuntu.com.

`cat /etc/resolve.conf':

# Generated by NetworkManager
nameserver 192.168.100.235

Doing nslookup on keyserver.ubuntu.com and directly requesting from the IP address yields a slightly different result with `No keyserver available`.

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: DBG: chan_3 <- # Home: /home/UsrName/.gnupg
gpg: DBG: chan_3 <- # Config: /home/UsrName/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://185.125.188.26
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 0x3FEF9748469ADBE15DA7CA80AC2D62742012EA22
gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr>
gpg: error searching keyserver: No keyserver available
gpg: keyserver search failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

I attempted to set the logfile for dirmngr in ~/.gnupg/dirmngr.conf, but it seems the settings did not take any effect when running pgp:

log-file ~/dirmngr.log
verbose

Directly running dirmngr with an invalid config file does return a complaint, though. Anyway, `dirmngr@etc-pacman.d-gnupg.service` gives some log info when running pacman-key:

Mar 22 00:32:44 UsrName dirmngr[99714]: permanently loaded certificates: 147
Mar 22 00:32:44 UsrName dirmngr[99714]:     runtime cached certificates: 0
Mar 22 00:32:44 UsrName dirmngr[99714]:            trusted certificates: 147 (147,0,0,0)
Mar 22 00:33:14 UsrName dirmngr[99714]: number of system provided CAs: 170
Mar 22 14:27:20 xiaowen dirmngr[36100]: resolving 'archlinux.org' failed: Server indicated a failure
Mar 22 14:27:20 xiaowen dirmngr[36100]: can't connect to 'archlinux.org': host not found
Mar 22 14:27:20 xiaowen dirmngr[36100]: error connecting to 'https://archlinux.org/.well-known/openpgpkey/hu/ja8s4mqg3etjyi8jw55kmtguiier6qxr?l=eworm': Server indicated a failure
Mar 22 14:27:20 xiaowen dirmngr[36100]: command 'WKD_GET' failed: Server indicated a failure
Mar 22 14:27:30 xiaowen dirmngr[36100]: command 'KS_GET' failed: Server indicated a failure <Unspecified source>
Mar 22 14:28:00 xiaowen dirmngr[36100]: command 'WKD_GET' failed: Broken pipe
Mar 22 14:28:00 xiaowen dirmngr[36100]: Assuan processing failed: Broken pipe

Last edited by xihu0208 (2024-03-24 14:39:49)

Offline

#2 2024-03-22 07:55:14

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,009

Re: [SOLVED]Issue with Pacman-Key/GPG Not Functioning After System Upgrade

I've seen some other posts mentioning this could be a DNS issue?

Mar 22 14:27:20 xiaowen dirmngr[36100]: resolving 'archlinux.org' failed: Server indicated a failure
Mar 22 14:27:20 xiaowen dirmngr[36100]: can't connect to 'archlinux.org': host not found

What are the ouputs of

resolvectl status
nslookup archlinux.org
dig @192.168.100.235 archlinux.org
dig @8.8.8.8 archlinux.org

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#3 2024-03-24 13:54:37

xihu0208
Member
Registered: 2020-06-14
Posts: 7

Re: [SOLVED]Issue with Pacman-Key/GPG Not Functioning After System Upgrade

Hi Seth, sorry I was away during the weekend. Here is the output.

resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server: 192.168.100.235
         DNS Servers: 192.168.100.235
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google
                      2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net
                      2001:4860:4860::8888#dns.google

Link 2 (enp2s0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlo1)
    Current Scopes: DNS LLMNR/IPv4 mDNS/IPv4
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.100.235
       DNS Servers: 192.168.100.235
dig @192.168.100.235 archlinux.org

; <<>> DiG 9.18.25 <<>> @192.168.100.235 archlinux.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5941
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;archlinux.org.                 IN      A

;; ANSWER SECTION:
archlinux.org.          600     IN      A       95.217.163.246

;; Query time: 3 msec
;; SERVER: 192.168.100.235#53(192.168.100.235) (UDP)
;; WHEN: Sun Mar 24 21:18:31 CST 2024
;; MSG SIZE  rcvd: 47
dig @8.8.8.8 archlinux.org

; <<>> DiG 9.18.25 <<>> @8.8.8.8 archlinux.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54656
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;archlinux.org.                 IN      A

;; ANSWER SECTION:
archlinux.org.          600     IN      A       95.217.163.246

;; Query time: 6 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sun Mar 24 21:19:05 CST 2024
;; MSG SIZE  rcvd: 47

Also I tried the same command with my other machine under the same network. And I realize the command works if the ipv6 address is used (by 'net.ipv6.conf.all.disable_ipv6').

Offline

#4 2024-03-24 14:35:35

xihu0208
Member
Registered: 2020-06-14
Posts: 7

Re: [SOLVED]Issue with Pacman-Key/GPG Not Functioning After System Upgrade

Hi All,

I've successfully resolved the issue and wanted to share the solution. The root cause was having Tor enabled while operating gpg. Due to ISP regulations, my Tor network requires an additional proxy, and usually I don't turn the that proxy on.

When reading `man dirmngr` I notice this:

--no-use-tor

The option --use-tor switches Dirmngr and thus GnuPG into “Tor mode” to route all network access via Tor (an anonymity network). Certain other features are disabled in this mode. The effect of --use-tor cannot be overridden by any other command or even be reloading gpg-agent. The use of --no-use-tor disables the use of Tor. The default is to use Tor if it is available on startup or after reloading dirmngr.

Therefore, by turning off Tor and restarting dirmngr, I was able to fix the problem.
I appreciate all the assistance. This thread can now be marked as resolved.

Offline

Pages: 1

Board footer

Powered by FluxBB