Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] No keyserver available
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
sublogic
Apprentice
Apprentice


Joined: 21 Mar 2022
Posts: 222
Location: Pennsylvania, USA
PostPosted: Sat Feb 17, 2024 2:31 am    Post subject: [SOLVED] No keyserver available Reply with quote
EDIT: it was apt-cacher-ng. Read on for entertainment value.

Code:
# emaint sync --repo gentoo
>>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys via WKD ...                                           [ !! ]
 * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available

OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available
The trailing 4 lines repeat at slow intervals, indefinitely. So ^C.

All right then, plan B.
Code:
# emerge-webrsync
[downloads a snapshot, then:]
Code:
 * Checking digest ...
 * Checking signature ...
[   INFO] Refreshing keys...
[  ERROR] OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: No data

 * ERROR: /:: failed:
 *   signature verification failed
 *
 * If you need support, post the output of `emerge --info '=/::'`,
 * the complete build log and the output of `emerge -pqv '=/::'`.
 * Working directory: '/var/tmp/portage/webrsync-pC1IZo'

The last three lines make no sense. =/:: is not a valid atom and there is no /var/tmp/portage/webrsync-pC1IZo directory.

keys.gentoo.org and keyserver.ubuntu.com resolve just fine. This has been going on for a few days, no one else has complained, so the gpg at my end must be seriously broken.

This is black magic to me. Any advice as to what to reinstall, or what files to restore from backups ?

(Also, the initial emaint sync spawned a process,
Code:
  PID TTY      STAT   TIME COMMAND
24308 ?        Ssl    0:00 dirmngr --daemon --homedir /tmp/gemato._h0fxl68
that I eventually killed manually.)

Hmm, this post is getting longer than I intended, but there are log files in /tmp/gemato._h0fxl68. In particular, in dirmngr.log:
Code:
2024-02-17 01:29:17 dirmngr[24308.6] connection from process 24305 (0:0)
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- GETINFO version
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> D 2.2.42
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KEYSERVER --clear hkps://keys.gentoo.org
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KEYSERVER
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> S KEYSERVER hkps://keys.gentoo.org
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KS_GET -- 0xEF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 0xDCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D 0xD99EAC7379A850BCE47DA5F29E6438C817072058 0x13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
2024-02-17 01:29:28 dirmngr[24308.6] resolve_dns_addr for 'keys.gentoo.org': 'keys.gentoo.org' [already known]
2024-02-17 01:29:28 dirmngr[24308.6] resolve_dns_addr for 'keys.gentoo.org': 'keys.gentoo.org' [already known]
2024-02-17 01:29:28 dirmngr[24308.6] number of system provided CAs: 146
2024-02-17 01:35:01 dirmngr[24308.6] TLS handshake failed: The TLS connection was non-properly terminated.
2024-02-17 01:35:01 dirmngr[24308.6] error connecting to 'https://keys.gentoo.org:443': Network error
2024-02-17 01:35:01 dirmngr[24308.6] marking host 'keys.gentoo.org' as dead
I'm guessing the GET is for the four keys being refreshed at the top of this post ? But then a TLS error ? What gives ? My networking works fine otherwise.

Okay, one more thing. The second line of this log file says
Code:
2024-02-17 01:29:17 dirmngr[24308.0] error loading certificate '/etc/ssl/certs/ca-certificates.crt': Certificate expired
but /etc/ssl/certs/ca-certificates.crt has
Code:
        Validity
            Not Before: May  5 09:37:37 2011 GMT
            Not After : Dec 31 09:37:37 2030 GMT
... doesn't seem expired to me.

Any insights appreciated.


EDIT: I cache the distfiles locally, https://wiki.gentoo.org/wiki/Local_distfiles_cache. From that wiki page:
Quote:
As mentioned in this forum post, using apt-cacher-ng as the portage http proxy breaks the openpgp key refresh process. To avoid that, configure apt-cacher-ng to pass through https traffic:
... by adding [PassThroughPattern: ^(.*):443$ in the config file /etc/apt-cacher-ng/gentoo.conf. But the thing is, I did that. It worked for months. The line was missing in the gentoo.conf, I added it. Grrrmbl. I'll be checking my backups to see if the file has changed. Anyway, I'm back in business.

EDIT: Files haven't changed. My changes were (and still are) in /etc/apt-cacher-ng/apt-cacher-ng.conf.
Code:
# https://wiki.debian.org/AptCacherNg
# https://forums.gentoo.org/viewtopic-t-1128190-highlight-gpg+keyserver.html
PassThroughPattern: ^(keys\.gentoo\.org):443$
Apparently, opening up keys.gentoo.org is no longer enough.
Back to top
View user's profile Send private message
sevilla.larry
n00b
n00b


Joined: 09 Nov 2015
Posts: 42
PostPosted: Tue Mar 26, 2024 1:38 am    Post subject: Re: [SOLVED] No keyserver available Reply with quote
EDIT: I cache the distfiles locally, https://wiki.gentoo.org/wiki/Local_distfiles_cache. From that wiki page:
Quote:
As mentioned in this forum post, using apt-cacher-ng as the portage http proxy breaks the openpgp key refresh process. To avoid that, configure apt-cacher-ng to pass through https traffic:
... by adding [PassThroughPattern: ^(.*):443$ in the config file /etc/apt-cacher-ng/gentoo.conf. But the thing is, I did that. It worked for months. The line was missing in the gentoo.conf, I added it. Grrrmbl. I'll be checking my backups to see if the file has changed. Anyway, I'm back in business.

EDIT: Files haven't changed. My changes were (and still are) in /etc/apt-cacher-ng/apt-cacher-ng.conf.
Code:
# https://wiki.debian.org/AptCacherNg
# https://forums.gentoo.org/viewtopic-t-1128190-highlight-gpg+keyserver.html
PassThroughPattern: ^(keys\.gentoo\.org):443$
Apparently, opening up keys.gentoo.org is no longer enough.[/quote]

Thx for the info...

[Moderator edit: enabled BBCode -- pietinger]
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy