View previous topic :: View next topic |
Author |
Message |
TequilaTR n00b

Joined: 01 Feb 2005 Posts: 66
|
|
Back to top |
|
 |
DancesWithWords Guru

Joined: 29 Jun 2002 Posts: 343 Location: ottawa, canada
|
Posted: Thu Aug 08, 2019 11:26 am Post subject: |
|
|
NeddySeagoon wrote: | leonchik1976,
Intermittent failures like that are not a problem, so there is noting to fix.
If it fails every time, that's a problem. |
I've been running Gentoo since 2002 and I've never ever had this problem until now. Quite frustrating I've not been able to --sync now for 3 days. I've followed instructions and have disabled the verification, not an option I want to continue to use.
=====
DWW |
|
Back to top |
|
 |
mrsaccess n00b


Joined: 03 Sep 2005 Posts: 30 Location: Greece
|
Posted: Thu Aug 08, 2019 5:45 pm Post subject: |
|
|
I can't sync as well for the last few days, so not sure about the comments about intermittent failures.
Any help that doesn't disable key verification is appreciated.
Code: | # emerge --debug --sync
myaction sync
myopts {'--debug': True}
>>> Syncing repository 'gentoo' into '/usr/portage'...
* Using keys from /usr/share/openpgp-keys/gentoo-release.asc
* Refreshing keys via WKD ... [ !! ]
* Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
... |
_________________ Hardware: The parts of your pc you can kick. |
|
Back to top |
|
 |
nc-pv n00b

Joined: 01 Oct 2012 Posts: 45
|
Posted: Fri Aug 09, 2019 12:40 pm Post subject: |
|
|
mrsaccess wrote: | I can't sync as well for the last few days, so not sure about the comments about intermittent failures.
Any help that doesn't disable key verification is appreciated.
|
I think the Gentoo developers need to introduce an option to bypass key refresh process. The verification still should work even if refresh fails, otherwise it leaves users with two options: not to update or compromise security.
I created a bug: https://bugs.gentoo.org/691722 _________________ Use GNU/Linux |
|
Back to top |
|
 |
mike155 Advocate

Joined: 17 Sep 2010 Posts: 2564 Location: Frankfurt, Germany
|
Posted: Fri Aug 09, 2019 1:36 pm Post subject: |
|
|
Thanks for creating a bug!
Unfortunately, that's not the only issue.
If I enable tree verification and the hardlink nonsense, 'emerge --sync'...
- creates a subdirectory '/usr/portage/.tmp-unverified-download-quarantine'
- creates more than 130.000 (one-hundred-thirty-thousand) links in that directory!!!
- updates the tree
- removes '/usr/portage/.tmp-unverified-download-quarantine' and all the links it created
On my desktop machine (/usr/portage is mounted via NFS), that slows down 'emerge -sync' from 30 seconds to over 8 minutes!!!
That's ridiculous!
Last edited by mike155 on Fri Aug 09, 2019 3:09 pm; edited 1 time in total |
|
Back to top |
|
 |
axl Veteran


Joined: 11 Oct 2002 Posts: 1072 Location: Romania
|
|
Back to top |
|
 |
nc-pv n00b

Joined: 01 Oct 2012 Posts: 45
|
Posted: Fri Aug 09, 2019 4:03 pm Post subject: |
|
|
mike155 wrote: | Thanks for creating a bug!
Unfortunately, that's not the only issue.
|
I see what you mean. Indeed this is an issue.
If I understand correctly, the webrsync method should not have this problem as it fetches the snapshot of the portage tree an it can be verified prior to unpacking.
The disadvantage of webrsync method is that you get update only once a day. However, in some cases (offline systems having extremely limited Internet access via HTTP-only proxy) this is the only way to sync the portage tree. _________________ Use GNU/Linux |
|
Back to top |
|
 |
mike155 Advocate

Joined: 17 Sep 2010 Posts: 2564 Location: Frankfurt, Germany
|
Posted: Fri Aug 09, 2019 4:37 pm Post subject: |
|
|
Quote: | I see what you mean. Indeed this is an issue. |
I would like to have an 'emerge --sync' that just works:
- it should be fast
- it should not issue error messages nobody understands
- it should do tree verification, but it should NOT download any keys
Downloading keys is not required for tree verification. I download kernels once or twice a month. Of course I verify them using 'gpg --verify' - but I don't have to download keys to do that. I once downloaded keys from Linus and Greg and those keys have worked smoothly ever since.
- it should not create 130.000 links in /usr/portage or maltreat my SSDs in any other way
Am I asking too much? |
|
Back to top |
|
 |
Anon-E-moose Watchman


Joined: 23 May 2008 Posts: 5043 Location: Dallas area
|
Posted: Fri Aug 09, 2019 4:52 pm Post subject: |
|
|
mike155 wrote: | Thanks for creating a bug!
Unfortunately, that's not the only issue.
If I enable tree verification and the hardlink nonsense, 'emerge --sync'...
- creates a subdirectory '/usr/portage/.tmp-unverified-download-quarantine'
- creates more than 130.000 (one-hundred-thirty-thousand) links in that directory!!!
- updates the tree
- removes '/usr/portage/.tmp-unverified-download-quarantine' and all the links it created
On my desktop machine (/usr/portage is mounted via NFS), that slows down 'emerge -sync' from 30 seconds to over 8 minutes!!!
That's ridiculous! |
set
Code: | sync-allow-hardlinks = no |
in /etc/portage/repos.conf/gentoo.conf in the default area (top of file) that stops the .tmp-unverified-download-quarantine nonsense. _________________ PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox
The New OTW |
|
Back to top |
|
 |
mike155 Advocate

Joined: 17 Sep 2010 Posts: 2564 Location: Frankfurt, Germany
|
Posted: Fri Aug 09, 2019 5:14 pm Post subject: |
|
|
Anon-E-moose wrote: | set
Code:
sync-allow-hardlinks = no
in /etc/portage/repos.conf/gentoo.conf in the default area (top of file) that stops the .tmp-unverified-download-quarantine nonsense. |
Thanks, Anon-E-moose. That's exactly what I do - and that's what I recommend. See: https://forums.gentoo.org/viewtopic-p-8358476.html#8358476
But some users in this thread complain: 'That's insecure! We want tree verification!'. And then they complain: 'I get this error message: gpg: keyserver refresh failed: General error. What should I do?'.
That leads me to the conclusion that something is totally wrong with the current version of 'emerge --sync'. And it's not only a bug, as NeddySeagoon suggests - it's broken by design. |
|
Back to top |
|
 |
Anon-E-moose Watchman


Joined: 23 May 2008 Posts: 5043 Location: Dallas area
|
Posted: Fri Aug 09, 2019 6:24 pm Post subject: |
|
|
The hardlinks doesn't really stop verification, it just keeps the .tmp* directory from being created.
If it's creating the .tmp* directory and any part of the manifest verification fails, then the real portage doesn't get updated and the .tmp* directory is left there, with all the files in it.
I prefer to not have the .tmp* directory, worst case (typically) only a single ebuld fails manifest verification, but the next sync it should be fine. _________________ PRIME x570-pro, 3700x, RX 550 - 5.8 zen kernel
Acer E5-575 (laptop), i3-7100u - i965 - 5.5 zen kernel
---both---
gcc 9.3.0, profile 17.1 (no-pie) amd64-no-multilib, eudev, openrc, openbox
The New OTW |
|
Back to top |
|
 |
Josef.95 Advocate

Joined: 03 Sep 2007 Posts: 3930 Location: Germany
|
Posted: Wed Aug 14, 2019 4:55 am Post subject: Re: emerge --sync error |
|
|
wenzi wrote: | I install gentoo follow the wiki, at this step emerge-webrsync,it's OK but emerge --sync, I get this error
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
sorry for my poor English. |
Hi,
rebuild the net-libs/gnutls package should probably help, see Bug 690760
Code: | emerge -av --oneshot net-libs/gnutls |
|
|
Back to top |
|
 |
vcmota Apprentice

Joined: 19 Jun 2017 Posts: 197
|
Posted: Thu Aug 15, 2019 12:49 pm Post subject: Re: emerge --sync error |
|
|
Josef.95 wrote: | wenzi wrote: | I install gentoo follow the wiki, at this step emerge-webrsync,it's OK but emerge --sync, I get this error
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
sorry for my poor English. |
Hi,
rebuild the net-libs/gnutls package should probably help, see Bug 690760
Code: | emerge -av --oneshot net-libs/gnutls |
|
It worked, fantastic! Thank you Josef.95! |
|
Back to top |
|
 |
nubiocicarini Tux's lil' helper


Joined: 20 Feb 2019 Posts: 75 Location: Brazil
|
Posted: Thu Aug 22, 2019 1:05 am Post subject: Re: emerge --sync error |
|
|
Josef.95 wrote: | wenzi wrote: | I install gentoo follow the wiki, at this step emerge-webrsync,it's OK but emerge --sync, I get this error
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
sorry for my poor English. |
Hi,
rebuild the net-libs/gnutls package should probably help, see Bug 690760
Code: | emerge -av --oneshot net-libs/gnutls |
|
Very good! it worked for me too! |
|
Back to top |
|
 |
r7l n00b

Joined: 16 Feb 2019 Posts: 54
|
Posted: Sat Dec 07, 2019 6:06 pm Post subject: |
|
|
I've just installed a new system and rebuilding net-libs/gnutls is still working to fix this issue. |
|
Back to top |
|
 |
|