| View previous topic :: View next topic |
| Author |
Message |
wenzi
Tux's lil' helper
Joined: 18 Jan 2019
Posts: 106
|
 Posted: Sun Aug 04, 2019 3:33 am Post subject: emerge --sync error |
 |
|
I install gentoo follow the wiki, at this step emerge-webrsync,it's OK but emerge --sync, I get this error
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error
sorry for my poor English. |
|
| Back to top |
|
 |
commie1337
n00b
Joined: 04 Aug 2019
Posts: 7
|
| Posted: Sun Aug 04, 2019 3:57 am Post subject: |
|
|
I've gotten the exact same error on my recent installs, it doesn't seem to change anything if you proceed with the installation without running the command. Hope that helps  . |
|
| Back to top |
|
|
nubiocicarini
Tux's lil' helper
Joined: 20 Feb 2019
Posts: 80
Location: Brazil
|
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Sun Aug 04, 2019 11:58 am Post subject: |
|
|
Many users report problems with tree verification. It doesn't work well on my machines, too.
I therefore recommend to disable it - until developers come up with an better solution.
- Emerge portage without USE flag 'rsync-verify' AND
- Add the lines below to the 'DEFAULT' section of /etc/portage/repos.conf/gentoo.conf:
| Code: | sync-rsync-verify-metamanifest = no
sync-allow-hardlinks = no
|
Please look at the 'gentoo' section of the same file. In case there are entries that override the entries you added in step 2, remove them.
EDIT: added item 3 after this post.
Last edited by mike155 on Tue Aug 06, 2019 5:05 pm; edited 1 time in total |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54453
Location: 56N 3W
|
| Posted: Sun Aug 04, 2019 12:09 pm Post subject: |
|
|
wenzi,
That means that the keys you have cannot be checked for updates.
Its not a problem provided that the keys you have are not expired.
nubiocicarini,
That key poisoning attack does not apply to keys.gentoo.org as it does not sync with the rest of the hkps network and updates to it are restricted too.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
nubiocicarini
Tux's lil' helper
Joined: 20 Feb 2019
Posts: 80
Location: Brazil
|
| Posted: Sun Aug 04, 2019 6:10 pm Post subject: |
|
|
| NeddySeagoon wrote: | nubiocicarini,
That key poisoning attack does not apply to keys.gentoo.org as it does not sync with the rest of the hkps network and updates to it are restricted too. |
Why am I having this problem right now? |
|
| Back to top |
|
|
leonchik1976
Guru
Joined: 24 Jan 2010
Posts: 326
|
| Posted: Sun Aug 04, 2019 6:34 pm Post subject: |
|
|
| NeddySeagoon wrote: | wenzi,
That means that the keys you have cannot be checked for updates.
Its not a problem provided that the keys you have are not expired.
nubiocicarini,
That key poisoning attack does not apply to keys.gentoo.org as it does not sync with the rest of the hkps network and updates to it are restricted too. |
It there any way to fix it without disabling verification? |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54453
Location: 56N 3W
|
| Posted: Sun Aug 04, 2019 6:37 pm Post subject: |
|
|
leonchik1976,
Intermittent failures like that are not a problem, so there is noting to fix.
If it fails every time, that's a problem.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
cmaurand
n00b
Joined: 21 Dec 2004
Posts: 42
Location: Biddeford, ME
|
| Posted: Mon Aug 05, 2019 12:43 pm Post subject: Giving up |
|
|
I use to run Gentoo all the time. I gave up on it when I couldn't keep it updated due to constantly changing init system. Then I went to Ubuntu server. Ubuntu server has latency issues that I think are related to systemd. So I thought that I would give Gentoo another shot. I need a primary dns server and systemd does not lend itself to actually running a DNS server. it wants to use systemd-resolvd which is just a total piece of garbage. I digress. I've spent several hours getting a system built even with the mistakes in the docs and got around the parts that don't work, like the missing dependencies that need to be installed, but aren't mentioned in the docs.
Then I got to the step "emerge --sync" and got key errors. I've been getting key errors for several days. Apparently I'm not the only one and this problem has been going on for qute a number of months. I give up.
I'm giving up on Gentoo, too. This kind of thing should just work. I shouldn't have to spend hours jumping through hoops to get it to work, either. Especially when the trouble is on the Gentoo end and nothing is getting done to fix this issue. emerge-webrsync works OK, but that is not the preferred method, is it?
I can't be spending this much time just trying to get a headless server running. I've spent hours tracking down this error and that and then got stuck on this and there doesn't seem to be a coherent solution. The Install shouldn't be this difficult and I've been working with Linux for 25 years
--Curtis
_________________
Curtis |
|
| Back to top |
|
|
leonchik1976
Guru
Joined: 24 Jan 2010
Posts: 326
|
| Posted: Mon Aug 05, 2019 2:08 pm Post subject: Re: Giving up |
|
|
| cmaurand wrote: | I use to run Gentoo all the time. I gave up on it when I couldn't keep it updated due to constantly changing init system. Then I went to Ubuntu server. Ubuntu server has latency issues that I think are related to systemd. So I thought that I would give Gentoo another shot. I need a primary dns server and systemd does not lend itself to actually running a DNS server. it wants to use systemd-resolvd which is just a total piece of garbage. I digress. I've spent several hours getting a system built even with the mistakes in the docs and got around the parts that don't work, like the missing dependencies that need to be installed, but aren't mentioned in the docs.
Then I got to the step "emerge --sync" and got key errors. I've been getting key errors for several days. Apparently I'm not the only one and this problem has been going on for qute a number of months. I give up.
I'm giving up on Gentoo, too. This kind of thing should just work. I shouldn't have to spend hours jumping through hoops to get it to work, either. Especially when the trouble is on the Gentoo end and nothing is getting done to fix this issue. emerge-webrsync works OK, but that is not the preferred method, is it?
I can't be spending this much time just trying to get a headless server running. I've spent hours tracking down this error and that and then got stuck on this and there doesn't seem to be a coherent solution. The Install shouldn't be this difficult and I've been working with Linux for 25 years
--Curtis |
Agree with you by 100%, and feel the same.
I also have this issue for a several days |
|
| Back to top |
|
|
Jaglover
Watchman
Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana
|
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54453
Location: 56N 3W
|
| Posted: Mon Aug 05, 2019 3:09 pm Post subject: |
|
|
leonchik1976, cmaurand,
It works from Scotland.
| Code: | * Manifest timestamp: 2019-08-05 02:09:02 UTC
* Valid OpenPGP signature found:
* - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
* - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
* - timestamp: 2019-08-05 02:09:02 UTC |
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Mon Aug 05, 2019 3:23 pm Post subject: |
|
|
| cmaurand wrote: | | I'm giving up on Gentoo, too. |
Guys, don't waste your time with tree verification. Developers chose the wrong algorithms and made a terrible job. Just disable tree verification. See my post above.
Last edited by mike155 on Mon Aug 05, 2019 3:36 pm; edited 1 time in total |
|
| Back to top |
|
|
leonchik1976
Guru
Joined: 24 Jan 2010
Posts: 326
|
| Posted: Mon Aug 05, 2019 3:27 pm Post subject: |
|
|
| mike155 wrote: | | Quote: | | I'm giving up on Gentoo, too. |
Guys, don't waste your time with tree verification. Developers chose the wrong algorithm and did a terrible job. Just disable tree verification See my post above. |
If i understand correctly - tree verification - is layer of security? or am i wrong? |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Mon Aug 05, 2019 3:40 pm Post subject: |
|
|
| Quote: | | If i understand correctly - tree verification - is layer of security? or am i wrong? |
Tree verification can increase security - if (and only if) done correctly.
Just adding some random crypto stuff and frustrating users will lead to the opposite. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54453
Location: 56N 3W
|
| Posted: Mon Aug 05, 2019 4:54 pm Post subject: |
|
|
mike155,
As always, patches welcome.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
freke
Veteran
Joined: 23 Jan 2003
Posts: 1006
Location: Somewhere in Denmark
|
| Posted: Mon Aug 05, 2019 6:29 pm Post subject: |
|
|
| NeddySeagoon wrote: | leonchik1976, cmaurand,
It works from Scotland.
| Code: | * Manifest timestamp: 2019-08-05 02:09:02 UTC
* Valid OpenPGP signature found:
* - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
* - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
* - timestamp: 2019-08-05 02:09:02 UTC |
|
And Denmark. | Code: | ns ~ # emerge --sync
>>> Syncing repository 'gentoo' into '/opt/portage'...
* Using keys from /usr/share/openpgp-keys/gentoo-release.asc
* Refreshing keys via WKD ... [ ok ]
>>> Starting rsync with rsync://[2a00:1828:a00d:ffff::6]/gentoo-portage...
>>> Checking server timestamp ...
Welcome to turnstone.gentoo.org / rsync.gentoo.org
Server Address : 89.238.71.6, 2a00:1828:a00d:ffff::6
Contact Name : mirror-admin@gentoo.org
Hardware : 16 x Intel(R) Xeon(R) CPU E5530 @ 2.40GHz, 24160MB RAM
Sponsor : Manitu GmbH, St. Wendel, Germany
Please note: common gentoo-netiquette says you should not sync more
than once a day. Users who abuse the rsync.gentoo.org rotation
may be added to a temporary ban list.
MOTD autogenerated by update-rsync-motd on Thu Apr 4 19:04:00 UTC 2019
receiving incremental file list
timestamp.chk
Number of files: 1 (reg: 1)
Number of created files: 0
Number of deleted files: 0
Number of regular files transferred: 1
Total file size: 32 bytes
Total transferred file size: 32 bytes
Literal data: 32 bytes
Matched data: 0 bytes
File list size: 41
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 104
Total bytes received: 132
sent 104 bytes received 132 bytes 157.33 bytes/sec
total size is 32 speedup is 0.14
Welcome to turnstone.gentoo.org / rsync.gentoo.org
Server Address : 89.238.71.6, 2a00:1828:a00d:ffff::6
Contact Name : mirror-admin@gentoo.org
Hardware : 16 x Intel(R) Xeon(R) CPU E5530 @ 2.40GHz, 24160MB RAM
Sponsor : Manitu GmbH, St. Wendel, Germany
Please note: common gentoo-netiquette says you should not sync more
than once a day. Users who abuse the rsync.gentoo.org rotation
may be added to a temporary ban list.
MOTD autogenerated by update-rsync-motd on Thu Apr 4 19:04:00 UTC 2019
receiving incremental file list
...
...
...
Number of files: 162,325 (reg: 135,040, dir: 27,285)
Number of created files: 191 (reg: 180, dir: 11)
Number of deleted files: 129 (reg: 128, dir: 1)
Number of regular files transferred: 511
Total file size: 220.25M bytes
Total transferred file size: 6.54M bytes
Literal data: 6.54M bytes
Matched data: 0 bytes
File list size: 3.82M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 39.58K
Total bytes received: 10.58M
sent 39.58K bytes received 10.58M bytes 471.84K bytes/sec
total size is 220.25M speedup is 20.75
* Manifest timestamp: 2019-08-05 17:39:02 UTC
* Valid OpenPGP signature found:
* - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
* - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
* - timestamp: 2019-08-05 17:39:02 UTC |
|
|
| Back to top |
|
|
nc-pv
n00b
Joined: 01 Oct 2012
Posts: 45
|
| Posted: Mon Aug 05, 2019 7:39 pm Post subject: |
|
|
Hi.
I am trying to understand whether or not I am having the same issue.
I have an (almost) offline Gentoo system that can access certain Gentoo mirrors via HTTP-only proxy (that I can't control). I manually downloaded and imported the GPG keys needed for the verification (Release media signatures) and whenever the portage was complaining about expired keys I was manually retrieving the needed keys and importing them again. That method worked for years.
After the last portage update the emerge --sync (using webrsync) is trying to contact the key server and refresh the signatures. Many people here report that this is broken, but in my case the portage does not have a single chance to contact the server, because the system is offline and making it online is out of question.
Is it a (recently introduced) flaw in the design of the portage system that requires Gentoo systems to be able to connect and retrieve keys from the key server in order to use tree verification?
How can I tell the portage to NOT to try to refresh the keys? It has worked previously for years, but it is broken now.
_________________
Use GNU/Linux
Last edited by nc-pv on Wed Feb 10, 2021 2:12 pm; edited 2 times in total |
|
| Back to top |
|
|
cmaurand
n00b
Joined: 21 Dec 2004
Posts: 42
Location: Biddeford, ME
|
| Posted: Tue Aug 06, 2019 3:15 pm Post subject: |
|
|
| mike155 wrote: | Many users report problems with tree verification. It doesn't work well on my machines, too.
I therefore recommend to disable it - until developers come up with an better solution.
- Emerge portage without USE flag 'rsync-verify' AND
- Add the lines below to the DEFAULT section of /etc/portage/repos.conf/gentoo.conf:
| Code: | sync-rsync-verify-metamanifest = no
sync-allow-hardlinks = no
|
|
Sorry, that did not work. It still tried to verify the keys. The entries belong in the Gentoo section. Then it worked.
Then grub install failed. The docs are incorrect, yet again. It's taken a week to get this far. shouldn't be this way
_________________
Curtis
Last edited by cmaurand on Tue Aug 06, 2019 3:49 pm; edited 2 times in total |
|
| Back to top |
|
|
leonchik1976
Guru
Joined: 24 Jan 2010
Posts: 326
|
| Posted: Tue Aug 06, 2019 3:16 pm Post subject: |
|
|
| cmaurand wrote: | | mike155 wrote: | Many users report problems with tree verification. It doesn't work well on my machines, too.
I therefore recommend to disable it - until developers come up with an better solution.
- Emerge portage without USE flag 'rsync-verify' AND
- Add the lines below to the DEFAULT section of /etc/portage/repos.conf/gentoo.conf:
| Code: | sync-rsync-verify-metamanifest = no
sync-allow-hardlinks = no
|
|
Sorry, that did not work. It still tried to verify the keys |
for me also didn't work |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Tue Aug 06, 2019 3:27 pm Post subject: |
|
|
| cmaurand wrote: | | Sorry, that did not work. It still tried to verify the keys. The entries belong in the Gentoo section. Then it worked. |
cmaurand: please show us your file: '/etc/portage/repos.conf/gentoo.conf'.
| leonchik1976 wrote: | for me also didn't work
|
leonchik1976: please show us your file: '/etc/portage/repos.conf/gentoo.conf'.
Please note that cmaurand managed too get it working after he wrote the entries to the 'gentoo' section. For me, it works if I add the entries to the 'DEFAULT' section, but it could be that cmaurand's and your 'gentoo' section override or ignore values of the 'DEFAULT' section. |
|
| Back to top |
|
|
cmaurand
n00b
Joined: 21 Dec 2004
Posts: 42
Location: Biddeford, ME
|
| Posted: Tue Aug 06, 2019 4:40 pm Post subject: |
|
|
| mike155 wrote: | | cmaurand wrote: | | Sorry, that did not work. It still tried to verify the keys. The entries belong in the Gentoo section. Then it worked. |
cmaurand: please show us your file: '/etc/portage/repos.conf/gentoo.conf'.
| leonchik1976 wrote: | for me also didn't work
|
leonchik1976: please show us your file: '/etc/portage/repos.conf/gentoo.conf'.
Please note that cmaurand managed too get it working after he wrote the entries to the 'gentoo' section. For me, it works if I add the entries to the 'DEFAULT' section, but it could be that cmaurand's and your 'gentoo' section override or ignore values of the 'DEFAULT' section. |
There was an rsync-verify line in the gentoo section that overrode the default section. My grub problem is a separate conversation.
_________________
Curtis |
|
| Back to top |
|
|
nc-pv
n00b
Joined: 01 Oct 2012
Posts: 45
|
| Posted: Tue Aug 06, 2019 5:06 pm Post subject: |
|
|
| NeddySeagoon wrote: |
That means that the keys you have cannot be checked for updates.
Its not a problem provided that the keys you have are not expired.
|
NeddySeagoon,
All keys that I have listed (gpg -k) are not expired. But nevertheless the emerge --sync is trying to refresh keys via WKD.
How to explain this behavior? Is it a requirement from now on that the system must be able to refresh the keys if tree verification is requested? If so (I hope not) this effectively renders the verification feature unusable for semi-offline installations. Removing this layer of security does not do anything good.
Do you happen to know which specific key is used for this verification?
_________________
Use GNU/Linux |
|
| Back to top |
|
|
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Tue Aug 06, 2019 5:08 pm Post subject: |
|
|
| cmaurand wrote: | | There was an rsync-verify line in the gentoo section that overrode the default section. |
Thanks. I added an item to my original post. |
|
| Back to top |
|
|
vcmota
Guru
Joined: 19 Jun 2017
Posts: 372
|
| Posted: Wed Aug 07, 2019 1:11 pm Post subject: |
|
|
| NeddySeagoon wrote: | leonchik1976, cmaurand,
It works from Scotland.
| Code: | * Manifest timestamp: 2019-08-05 02:09:02 UTC
* Valid OpenPGP signature found:
* - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
* - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
* - timestamp: 2019-08-05 02:09:02 UTC |
|
Hy NeddySeagoon. That means that if I just change the GENTOO_MIRRORS keyword in make.conf to loof for mirrros in Scotland or Denmark it will work? Right now I am using the mirrors in Brazil. Thank you. |
|
| Back to top |
|
|
|
Installing Gentoo
