You are not logged in.
I was trying to install librewolf using yay and after reaching key import stage I got this
:: (1/1) Parsing SRCINFO: librewolf
gpg: error reading key: No public key
:: PGP keys need importing:
-> 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3, required by: librewolf
:: Import? [Y/n] Y
:: Importing keys with gpg...
gpg: keyserver receive failed: Operation not supported
-> problem importing keys
After this I tried to run pacman-key --refresh-keys to check what I'd get and I got the same error on every key
$ sudo pacman-key --refresh-keys (08-01 21:48)
gpg: error retrieving 'eworm@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: A6234074498E9CEE
gpg: error retrieving 'george@rawlinson.net.nz' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: error retrieving 'grawlinson@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: 25EA6900D9EA5EBC
gpg: error retrieving 'tpkessler@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: 07D06351CA5B31BE
gpg: error retrieving 'polyzen@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
==> ERROR: Could not update key: EA4F7B321A906AD9
gpg: error retrieving 'raster@archlinux.org' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: error retrieving 'raster@rasterman.com' via WKD: Operation not supported
gpg: error reading key: Operation not supported
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Operation not supported
...
I tried removing /etc/pacman.d/gnupg and repopulating it with sudo pacman-key --init && sudo pacman-key --populate && sudo pacman-key --refresh-keys but the result was the same.
There were no errors last time I tried pacman-key --refresh-keys several months ago. What can I do with it? Please help
Last edited by neocat (2024-08-02 23:20:09)
Offline
gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
Did you recently add/configure a yubikey or similar?
Offline
Did you recently add/configure a yubikey or similar?
Yes, I've got yubikey recently
$ gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported
Last edited by neocat (2024-08-01 20:57:26)
Offline
I did
I'd look in that area and start by undidding that and see whether the error goes away and if so, maybe we should look into what you didded there
Edit: c'mon, you can't just edit yourself out of that
But yeah, remove the ubikey configuration to confirm it's the cause. But most likely gpg isn't able to open it, typically scdaemon isn't running.
https://github.com/DataDog/yubikey/blob … vice-error
Last edited by seth (2024-08-01 21:02:31)
Offline
remove the yubikey configuration to confirm it's the cause
I honestly don't know what to remove. The only thing I did was to install the yubikey pin in firefox. I did the same on another arch device and no problems with importing keys there.
I have not configured yubikey in any way. Just plugged it into usb and immediately started using it only in firefox.
But most likely gpg isn't able to open it, typically scdaemon isn't running.
https://github.com/DataDog/yubikey/blob … vice-error
scdaemon is running 100% because when I run sudo gpg --card-status it shows the info, and in the htop there is the scdaemon process
c'mon, you can't just edit yourself out of that
I edited it before your comment, so it doesn't count
Last edited by neocat (2024-08-02 20:51:25)
Offline
I've noticed that I get an error when I run gpg --card-status as my main user after running the same command as root and vice versa, so I've tried to set up shared access to yubikey as shown here.
I've added this config to /root/.gnupg/scdaemon.conf, /home/myuser/.gnupg/scdaemon.conf and /etc/pacman.d/gnupg/scdaemon.conf
pcsc-driver /usr/lib/libpcsclite.so
card-timeout 5
disable-ccid
pcsc-shared
And while gpg --card-status works for both main and root user now with this config, it still prints the same error when I try to import a key
Last edited by neocat (2024-08-01 23:43:12)
Offline
yank the key, stop scdaemon - does gpg work again? If not, do you get a different error?
Offline
yank the key, stop scdaemon - does gpg work again? If not, do you get a different error?
I yanked the key, stopped pcscd, gpg-agent with scdaemon, but still get the same error.
I don't know if this will help, but I also noticed that when I run gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3 as root I get different error
$ sudo gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Not enabled
gpg: keyserver search failed: Not enabled
$ gpg -v --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: enabled compatibility flags:
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported
Last edited by neocat (2024-08-02 20:01:59)
Offline
Leave sudo alone.
ping -c1 keyserver.ubuntu.com # do you actually resolve the proper server
pkill dirmngr # will get restarted
gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3 # prints plenty of text…
Offline
I can resolve keyserver.ubuntu.com, but can't ping it
$ ping -vc1 keyserver.ubuntu.com
ping: sock4.fd: 3 (socktype: SOCK_DGRAM), sock6.fd: 4 (socktype: SOCK_DGRAM), hints.ai_family: AF_UNSPEC
ai->ai_family: AF_INET, ai->ai_canonname: 'keyserver.ubuntu.com'
PING keyserver.ubuntu.com (185.125.188.26) 56(84) bytes of data.
--- keyserver.ubuntu.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
$ pkill dirmngr
$ gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: no running dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: DBG: chan_3 <- # Home: /home/user/.local/share/gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.local/share/gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service, process 30258
gpg: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: DBG: chan_3 <- ERR 167805029 Operation not supported <Dirmngr>
gpg: error searching keyserver: Operation not supported
gpg: keyserver search failed: Operation not supported
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
Last edited by neocat (2024-08-02 20:25:36)
Offline
The host does indeed not respond to icmp requests, sorry - it's however not relevant and you're resolving the correct IP.
cat /home/user/.local/share/gnupg/dirmngr.conf
If there's nothing obviously wrong in that file, add
log-file ~/dirmngr.log
verbose
pkill dirmngr and try again - hopefully w/ more details in ~/dirmngr.log …
Offline
There was no such file, so I created it
$ cat dirmngr.log
dirmngr[34422] listening on socket '/run/user/1000/gnupg/d.95nnr9ops9xjwwgsgeej5ija/S.dirmngr'
dirmngr[34423.0] permanently loaded certificates: 150
dirmngr[34423.0] runtime cached certificates: 0
dirmngr[34423.0] trusted certificates: 150 (150,0,0,0)
dirmngr[34423.6] handler for fd 6 started
dirmngr[34423.6] connection from process 34421 (1000:1000)
dirmngr[34423.6] command 'KS_SEARCH' failed: Operation not supported
dirmngr[34423.6] handler for fd 6 terminated
Last edited by neocat (2024-08-02 20:49:04)
Offline
*grumpf*…
What if you add "standard-resolver" to the dirmngr conf?
Do you run some firewall?
pacman -Qikk gnupg
Offline
$ pacman -Qikk gnupg
Name : gnupg
Version : 2.4.5-4
Description : Complete and free implementation of the OpenPGP standard
Architecture : x86_64
URL : https://www.gnupg.org/
Licenses : BSD-2-Clause BSD-3-Clause BSD-4-Clause CC0-1.0
GPL-2.0-or-later GPL-3.0-or-later LGPL-2.1-or-later
LGPL-3.0-or-later OR GPL-2.0-or-later MIT Unicode-TOU
Groups : None
Provides : None
Depends On : glibc gnutls libgcrypt libgpg-error libksba libldap
libusb pinentry sh sqlite tpm2-tss zlib bzip2
libbz2.so=1.0-64 libassuan libassuan.so=9-64 npth
libnpth.so=0-64 readline libreadline.so=8-64
Optional Deps : pcsclite: for using scdaemon not with the gnupg internal card
driver [installed]
Required By : gpgme pacman pass thunderbird
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 9.69 MiB
Packager : David Runge <dvzrv@archlinux.org>
Build Date : Thu 18 Jul 2024 12:31:38 AM MSK
Install Date : Fri 02 Aug 2024 09:56:42 PM MSK
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : None
gnupg: 236 total files, 0 altered files
Do you run some firewall?
I run ufw. I tried disabling it, but that didn't help.
I also tried reinstalling gnupg, but that didn't help either.
What if you add "standard-resolver" to the dirmngr conf?
Now dirmngr.conf looks like this
standard-resolver
log-file /home/user/dirmngr.log
verbose
And now there is another error:
gpg: error searching keyserver: Not enabled
$ gpg --debug-all --keyserver hkps://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: reading options from '[cmdline]'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: enabled compatibility flags:
gpg: DBG: [no clock] start
gpg: no running dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: DBG: chan_3 <- # Home: /home/user/.local/share/gnupg
gpg: DBG: chan_3 <- # Config: /home/user/.local/share/gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.4.5 at your service, process 38936
gpg: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.4.5
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
gpg: DBG: chan_3 <- ERR 167772339 Not enabled <Dirmngr>
gpg: error searching keyserver: Not enabled
gpg: keyserver search failed: Not enabled
gpg: DBG: chan_3 -> BYE
gpg: DBG: [no clock] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
$ cat dirmngr.log
dirmngr[38935] listening on socket '/run/user/1000/gnupg/d.95nnr9ops9xjwwgsgeej5ija/S.dirmngr'
dirmngr[38936.0] permanently loaded certificates: 150
dirmngr[38936.0] runtime cached certificates: 0
dirmngr[38936.0] trusted certificates: 150 (150,0,0,0)
dirmngr[38936.6] handler for fd 6 started
dirmngr[38936.6] connection from process 38934 (1000:1000)
dirmngr[38936.6] command 'KS_SEARCH' failed: Not enabled
dirmngr[38936.6] handler for fd 6 terminated
Offline
Does the hkp protocol work? (http is still open on keyserver.ubuntu.com and hkp responds here)
gpg --debug-all --keyserver hkp://keyserver.ubuntu.com --search 034F7776EF5E0C613D2F7934D29FBD5F93C0CFC3
# if not, see what ports are open for you
nmap keyserver.ubuntu.com
… the entire "not supported" "not enabled" is weird, is there anything else specific about your network? TOR or some such?
Offline
I fixed it!
I got a list of all listening services with sudo netstat -tulpn, stopped all services I could from this list and restarted dirmngr and now it works!
I stopped a lot of running services so I don't know which service causes this issue, but I will investigate and report back.
Offline
I figured it out.
I was running proxy server on port 9050 and as it turned out dirmngr uses this port too.
it was an interesting thread, thanks for the help!
Offline