[Key] Error when fetching key from keyserver
Preve92 opened this issue · 7 comments
Issue
Key 63CC496475267693 cannot be fetched from the keyserver.
How to reproduce
Running sudo pacman-key --recv-keys 63CC496475267693 will fail. Trying to connect to https://pgp.mit.edu/pks/lookup?op=get&search=0x63CC496475267693 also returns 502 proxy error. Hence could be an issue of the keyserver.
Thanks for any hint on how to resolve this.
The default SKS key servers disappeared from the internet a while back. The MIT key server is operational, but only over hks protocol, the website appears to be borked right now. The keyserver list I have that I think are good right now is:
- keyserver.ubuntu.com
- pgp.surf.nl
- pgp.rediris.es
- pgp.mit.edu
Personally I use the Ubuntu one (web view), and most of the Arch Linux websites link to that one right now. You can try the key import with:
$ sudo pacman-key --keyserver keyserver.ubuntu.com --recv-keys 63CC496475267693This hint goes for fetching pretty much anybody's keys these days, not just mine.
Two side notes:
-
If you had my key before the reason you're having to fetch it again starting this week is I extended the lifetime and started using a new subkey for signing. The main key uid is the same so you still fetch the same thing, you just need a refresh.
-
I have recently been added to the Arch TU team and I will have a GPG key in the default keyring distributed with Arch. For now I am still signing packages in my user repository with my personal key, but I might eventually switch just to reduce friction a little. Also I'll be moving some of the things in my repository to [community]. Either way both changes should be transparent from your point of view.
Hi,
i used this repository for a few weeks but since i few day whenever i try to update the database of i get the following error message:
~ ❯ pamac update 7s
Preparing...
Synchronisiere Paketdatenbanken...
Aktualisierung von alerque.db...
Fehler: alerque.db: alerque: Signatur von "Caleb Maclennan <caleb@alerque.com>" ist ungültig
Ungültige oder beschädigte Datenbank (PGP-Signatur)Or using pacman (I mostly use pamac since i am not very familiar with the pacman commands):
~ ❯ sudo pacman -S 8s
error: alerque: signature from "Caleb Maclennan <caleb@alerque.com>" is invalid
error: database 'alerque' is not valid (invalid or corrupted database (PGP signature))
I tried to re-add the key using the command that you posted, but it didn't work :/
~ ❯ sudo pacman-key --keyserver keyserver.ubuntu.com --recv-keys 63CC496475267693
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.@major-mayer I'm sorry GPG is such a pain to work with. Unfortunately it is what it is and I can't do much about it. Since I have a key in the default Arch keyring now I'm slowly working on rebuilding everything in my repo with that key, but for now there are still packages signed with my personal key and you still need to fetch it to install them.
The last command you posted looks correct to me. The --keyserver argument should no longer be needed now since that is the new default in Arch Linux. Here is what it looks like for me running in in a fresh Docker image of Arch base:
$ sudo pacman-key --recv-keys 63CC496475267693
gpg: key 63CC496475267693: public key "Caleb Maclennan <caleb@alerque.com>" imported
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 94 trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2 valid: 88 signed: 33 trust: 88-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-05-06
gpg: Total number processed: 1
gpg: imported: 1The error you are seeing is some kind of network error. For some reason pacman-key can't reach/negotiate with the keyserver. I would try it again a time or two and see if it was just a temporary problem with your network or the keyserver.
Hmm i already read something that the error could come from my network/ dns/ firewall configuration, but i didn't look deeper into it as of now.
I tried your command a couple of times but I always get the same error:
~ ❯ sudo pacman-key --recv-keys 63CC496475267693
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.
Maybe i will just wait for you to finish rebuilding all the packages with the official key in that keyring. Could quickly note when this process is finished?
Error: alerque.db: alerque: signature from "Caleb Maclennan <alerque@archlinux.org>" is invalid
invalid or corrupted database (PGP signature)
Failed to synchronize databases
Error: Failed to prepare transaction: invalid or corrupted database
i have installed and deleted key multiple times but same error
This issue is completely obsolete on two counts:
-
The personal key that started the affair is widely available on every public key server out there and the defaults for Arch and other
gpgimplementations won't have a hard time finding it right now. The issue with the default keyserver changing is long since resolved. -
The database itself and all recently built packages are no longer signed by that key anyway, but instead my Arch Linux TU user key that is in all Arch installations by default, so you shouldn't need to download any key at all to get the database or recently built packages. Very old packages that have not been rebuilt will still have the old signature.
@ahmedmoselhi I don't know what your issues is but please open a new issue report for it. It looks like you are having trouble downloading the database, which should be signed with a key already in Arch Linux's keyring. Either you have a very old arch system without an updated keyring or something else is wrong. Either way please open a new issue.