Issues with archlinux-keyring-wkd-sync - Error refreshing keys

zaite455 · 2025-02-10 04:06:29

Hello,

I am having some trouble with archlinux-keyring-wkd-sync failing after a period of time.

I have followed instructions at: https://wiki.archlinux.org/title/Pacman … _keyserver

Specifically I have run commands:
# pacman-key --init
# pacman-key --populate
(and restarted the service) which fixes the problem for a while but then it fails again after a while.

There is a lot of "Error refreshing key" messages in the journal like: (maybe 30 or 40 of them, these are just a sample)

Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849224]: Error refreshing key E62545315B012B69C8C94A1D56EC201BFC794362 with UID yan12125@archlinux.org.
Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849224]: Error refreshing key E87E5B39F04A5D889D8C0147F6D84143496F6680 with UID serebit@archlinux.org.
Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849224]: Error refreshing key ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB with UID grazzolini@archlinux.or>
Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849224]: Error refreshing key F00B96D15228013FFC9C9D0393B11DAA4C197E3D with UID gromit@archlinux.org.

Also there are many gpg errors before these messages like:

Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849428]: gpg: error reading key: Server indicated a failure
Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849428]: gpg: error retrieving 'sudoforge@archlinux.org' via WKD: Server indicated a failure
Feb 10 03:54:15 thane archlinux-keyring-wkd-sync[849224]: Refreshing key FAD824618B562B99CCCE05FB905A8C3700E16349 with UID sudoforge@archlinux.org...

I'm still able to upgrade the system with pacman so this doesn't appear to be significantly breaking anything, but it would be nice to resolve these issues.

I've searched around and having trouble finding a permanent solution to this one. If anyone is able to assist it would be greatly appreciated.

Another issue I am experiencing is that whenever pacman upgrades systemd, I am unable to interact with systemctl without rebooting the system. However, I can't reboot using the normal "reboot" or "shutdown -r now" commands, they timeout. The only way I can reboot is to issue "systemctl reboot --force --force" which takes about 30 to 60 seconds before it does eventually reboot. If anyone has an idea on that one it would also be great to solve!

Thanks so much

gromit · 2025-02-11 10:32:02

Where are you from? Is the network your running in restricted in any way by things that either you have setup or some state surveillance technology like in China & Iran?

zaite455 · 2025-02-11 10:35:48

Hi,

I'm in the UK and my ISP/network is not restricted in any way that I am aware of. I have a static v4 and v6 delegation with my provider, just pure IP. Router is pfSense.

Last edited by zaite455 (2025-02-11 11:00:58)

gromit · 2025-02-11 10:37:49

Could you post logs from the dirmngr when the sync service fails? "journalctl -ru dirmngr*"

zaite455 · 2025-02-11 10:46:59

Ah ha, it appears to be a resolution issue, getting loads of:

can't connect to 'archlinux.org': host not found
resolving 'archlinux.org' failed: Server indicated a failure
error connecting to 'https://archlinux.org/.well-known/openp … l=diabonas': Server indicated a failure
....
....

Which seems strange because I can resolve it on the command line:

❯ ping archlinux.org
PING archlinux.org (2a01:4f9:c010:6b1f::1) 56 data bytes
64 bytes from archlinux.org (2a01:4f9:c010:6b1f::1): icmp_seq=1 ttl=53 time=41.3 ms
64 bytes from archlinux.org (2a01:4f9:c010:6b1f::1): icmp_seq=2 ttl=53 time=41.0 ms
64 bytes from archlinux.org (2a01:4f9:c010:6b1f::1): icmp_seq=3 ttl=53 time=40.9 ms

❯ ping -4 archlinux.org
PING archlinux.org (95.217.163.246) 56(84) bytes of data.
64 bytes from archlinux.org (95.217.163.246): icmp_seq=1 ttl=53 time=44.9 ms
64 bytes from archlinux.org (95.217.163.246): icmp_seq=2 ttl=53 time=45.5 ms
64 bytes from archlinux.org (95.217.163.246): icmp_seq=3 ttl=53 time=45.3 ms

❯ networkctl status
● Interfaces: 1, 2, 3
State: routable
Online state: online
Address: 10.0.100.16 on lan1
10.0.100.101 on lan1
2a01:____:____:____::100:16 on lan1
2a01:____:____:____::100:101 on lan1
2a01:____:____:____:207:32ff:fe77:d482 on lan1
fe80::207:32ff:fe77:d482 on lan1
Gateway: 10.0.100.254 on lan1
fe80::92e2:baff:fe19:23a8 on lan1
DNS: 2a01:____:____:____::100:100
2a01:____:____:____::100:101
10.0.100.100
10.0.100.101
Search Domains: local._____.co.uk

dig is defaulting to something different however:

❯ dig archlinux.org
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused

; <<>> DiG 9.20.5 <<>> archlinux.org
;; global options: +cmd
;; no servers could be reached

/etc/resolv.conf is empty:

❯ cat /etc/resolv.conf
# Resolver configuration file.
# See resolv.conf(5) for details.

gromit · 2025-02-11 10:52:05

Can you curl these urls?

zaite455 · 2025-02-11 10:52:42

Solved the local resolver issue in dig - still getting the same messages however:

Feb 11 10:49:16 thane dirmngr[310992]: command 'WKD_GET' failed: Server indicated a failure
Feb 11 10:49:16 thane dirmngr[310992]: error connecting to 'https://archlinux.org/.well-known/openp … ?l=ptr1337': Server indicated a failure
Feb 11 10:49:16 thane dirmngr[310992]: can't connect to 'archlinux.org': host not found
Feb 11 10:49:16 thane dirmngr[310992]: resolving 'archlinux.org' failed: Server indicated a failure

zaite455 · 2025-02-11 10:54:32

gromit wrote:

Can you curl these urls?

Yep:

❯ curl https://archlinux.org/.well-known/openp … \=bluewind
<!DOCTYPE html>

<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="theme-color" content="#08C" />
<title>Arch Linux - Page Not Found</title>
....
....

(well, it works but it's a page not found message)

Last edited by zaite455 (2025-02-11 10:55:05)

gromit · 2025-02-11 11:08:24

Then you'll need to look into the error logs of systemd-resolved which you seem to be using ..

zaite455 · 2025-02-11 11:21:49

Seems so yep!

I restarted the system and it seems happy - refreshed a load of keys. However I think that happens typically on a reboot and then at some point over the next few days it seems to have resolution issues again but I'll monitor it this time and see what happens.

systemd-resolved seems okay enough, there are very few things logged other than when it gets restarted due to a system reboot, etc.

❯ resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
    resolv.conf mode: foreign
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google

Link 2 (lan2)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=yes/supported
     Default Route: no

Link 3 (lan1)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=yes/supported
Current DNS Server: 2a01:____:____:____::100:100
       DNS Servers: 2a01:____:____:____::100:100 2a01:____:____:____::100:101 10.0.100.100 10.0.100.101
        DNS Domain: local.____.co.uk
     Default Route: yes

Arch Linux

#1 2025-02-10 04:06:29

Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#2 2025-02-11 10:32:02

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#3 2025-02-11 10:35:48

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#4 2025-02-11 10:37:49

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#5 2025-02-11 10:46:59

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#6 2025-02-11 10:52:05

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#7 2025-02-11 10:52:42

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#8 2025-02-11 10:54:32

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#9 2025-02-11 11:08:24

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

#10 2025-02-11 11:21:49

Re: Issues with archlinux-keyring-wkd-sync - Error refreshing keys

Board footer