Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Key] Error when fetching key from keyserver #19

Closed
Preve92 opened this issue Jul 19, 2021 · 7 comments
Closed

[Key] Error when fetching key from keyserver #19

Preve92 opened this issue Jul 19, 2021 · 7 comments

Comments

@Preve92
Copy link

Preve92 commented Jul 19, 2021

Issue

Key 63CC496475267693 cannot be fetched from the keyserver.

How to reproduce

Running sudo pacman-key --recv-keys 63CC496475267693 will fail. Trying to connect to https://pgp.mit.edu/pks/lookup?op=get&search=0x63CC496475267693 also returns 502 proxy error. Hence could be an issue of the keyserver.

Thanks for any hint on how to resolve this.
@alerque
Copy link
Owner

alerque commented Jul 19, 2021
edited
Loading

The default SKS key servers disappeared from the internet a while back. The MIT key server is operational, but only over hks protocol, the website appears to be borked right now. The keyserver list I have that I think are good right now is:

  • keyserver.ubuntu.com
  • pgp.surf.nl
  • pgp.rediris.es
  • pgp.mit.edu

Personally I use the Ubuntu one (web view), and most of the Arch Linux websites link to that one right now. You can try the key import with:

$ sudo pacman-key --keyserver keyserver.ubuntu.com --recv-keys 63CC496475267693

This hint goes for fetching pretty much anybody's keys these days, not just mine.

@alerque
Copy link
Owner

alerque commented Jul 19, 2021

Two side notes:

  • If you had my key before the reason you're having to fetch it again starting this week is I extended the lifetime and started using a new subkey for signing. The main key uid is the same so you still fetch the same thing, you just need a refresh.

  • I have recently been added to the Arch TU team and I will have a GPG key in the default keyring distributed with Arch. For now I am still signing packages in my user repository with my personal key, but I might eventually switch just to reduce friction a little. Also I'll be moving some of the things in my repository to [community]. Either way both changes should be transparent from your point of view.

@alerque alerque pinned this issue Jul 19, 2021
@major-mayer
Copy link

major-mayer commented Apr 8, 2022
edited
Loading

Hi,
i used this repository for a few weeks but since i few day whenever i try to update the database of i get the following error message:

~ ❯ pamac update                                                             7s
Preparing...
Synchronisiere Paketdatenbanken...
Aktualisierung von alerque.db...                                                
Fehler: alerque.db: alerque: Signatur von "Caleb Maclennan <[email protected]>" ist ungültig
Ungültige oder beschädigte Datenbank (PGP-Signatur)

Or using pacman (I mostly use pamac since i am not very familiar with the pacman commands):

~ ❯ sudo pacman -S                                                           8s
error: alerque: signature from "Caleb Maclennan <[email protected]>" is invalid
error: database 'alerque' is not valid (invalid or corrupted database (PGP signature))

I tried to re-add the key using the command that you posted, but it didn't work :/

~ ❯ sudo pacman-key --keyserver keyserver.ubuntu.com --recv-keys 63CC496475267693
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.

@alerque
Copy link
Owner

alerque commented Apr 8, 2022

@major-mayer I'm sorry GPG is such a pain to work with. Unfortunately it is what it is and I can't do much about it. Since I have a key in the default Arch keyring now I'm slowly working on rebuilding everything in my repo with that key, but for now there are still packages signed with my personal key and you still need to fetch it to install them.

The last command you posted looks correct to me. The --keyserver argument should no longer be needed now since that is the new default in Arch Linux. Here is what it looks like for me running in in a fresh Docker image of Arch base:

 $ sudo pacman-key --recv-keys 63CC496475267693
gpg: key 63CC496475267693: public key "Caleb Maclennan <[email protected]>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:  94  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:  88  signed:  33  trust: 88-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-05-06
gpg: Total number processed: 1
gpg:               imported: 1

The error you are seeing is some kind of network error. For some reason pacman-key can't reach/negotiate with the keyserver. I would try it again a time or two and see if it was just a temporary problem with your network or the keyserver.

@major-mayer
Copy link

Hmm i already read something that the error could come from my network/ dns/ firewall configuration, but i didn't look deeper into it as of now.
I tried your command a couple of times but I always get the same error:

~ ❯ sudo pacman-key --recv-keys 63CC496475267693
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.

Maybe i will just wait for you to finish rebuilding all the packages with the official key in that keyring. Could quickly note when this process is finished?

@ahmedmoselhi
Copy link 

Error: alerque.db: alerque: signature from "Caleb Maclennan <[email protected]>" is invalid                                                                                               
invalid or corrupted database (PGP signature)
Failed to synchronize databases
Error: Failed to prepare transaction: invalid or corrupted database

i have installed and deleted key multiple times but same error

@alerque
Copy link
Owner

alerque commented Jan 24, 2023

This issue is completely obsolete on two counts:

  1. The personal key that started the affair is widely available on every public key server out there and the defaults for Arch and other gpg implementations won't have a hard time finding it right now. The issue with the default keyserver changing is long since resolved.

  2. The database itself and all recently built packages are no longer signed by that key anyway, but instead my Arch Linux TU user key that is in all Arch installations by default, so you shouldn't need to download any key at all to get the database or recently built packages. Very old packages that have not been rebuilt will still have the old signature.

@ahmedmoselhi I don't know what your issues is but please open a new issue report for it. It looks like you are having trouble downloading the database, which should be signed with a key already in Arch Linux's keyring. Either you have a very old arch system without an updated keyring or something else is wrong. Either way please open a new issue.

@alerque alerque closed this as completed Jan 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alerque @ahmedmoselhi @major-mayer @Preve92