View previous topic :: View next topic |
Author |
Message |
sublogic Guru


Joined: 21 Mar 2022 Posts: 331 Location: Pennsylvania, USA
|
Posted: Sat Feb 17, 2024 2:31 am Post subject: [SOLVED] No keyserver available |
|
|
EDIT: it was apt-cacher-ng. Read on for entertainment value.
Code: | # emaint sync --repo gentoo
>>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'...
* Using keys from /usr/share/openpgp-keys/gentoo-release.asc
* Refreshing keys via WKD ... [ !! ]
* Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available
OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available | The trailing 4 lines repeat at slow intervals, indefinitely. So ^C.
All right then, plan B.[downloads a snapshot, then:] Code: | * Checking digest ...
* Checking signature ...
[ INFO] Refreshing keys...
[ ERROR] OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: No data
* ERROR: /:: failed:
* signature verification failed
*
* If you need support, post the output of `emerge --info '=/::'`,
* the complete build log and the output of `emerge -pqv '=/::'`.
* Working directory: '/var/tmp/portage/webrsync-pC1IZo' |
The last three lines make no sense. =/:: is not a valid atom and there is no /var/tmp/portage/webrsync-pC1IZo directory.
keys.gentoo.org and keyserver.ubuntu.com resolve just fine. This has been going on for a few days, no one else has complained, so the gpg at my end must be seriously broken.
This is black magic to me. Any advice as to what to reinstall, or what files to restore from backups ?
(Also, the initial emaint sync spawned a process, Code: | PID TTY STAT TIME COMMAND
24308 ? Ssl 0:00 dirmngr --daemon --homedir /tmp/gemato._h0fxl68 | that I eventually killed manually.)
Hmm, this post is getting longer than I intended, but there are log files in /tmp/gemato._h0fxl68. In particular, in dirmngr.log: Code: | 2024-02-17 01:29:17 dirmngr[24308.6] connection from process 24305 (0:0)
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- GETINFO version
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> D 2.2.42
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KEYSERVER --clear hkps://keys.gentoo.org
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KEYSERVER
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> S KEYSERVER hkps://keys.gentoo.org
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 -> OK
2024-02-17 01:29:17 dirmngr[24308.6] DBG: chan_6 <- KS_GET -- 0xEF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 0xDCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D 0xD99EAC7379A850BCE47DA5F29E6438C817072058 0x13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
2024-02-17 01:29:28 dirmngr[24308.6] resolve_dns_addr for 'keys.gentoo.org': 'keys.gentoo.org' [already known]
2024-02-17 01:29:28 dirmngr[24308.6] resolve_dns_addr for 'keys.gentoo.org': 'keys.gentoo.org' [already known]
2024-02-17 01:29:28 dirmngr[24308.6] number of system provided CAs: 146
2024-02-17 01:35:01 dirmngr[24308.6] TLS handshake failed: The TLS connection was non-properly terminated.
2024-02-17 01:35:01 dirmngr[24308.6] error connecting to 'https://keys.gentoo.org:443': Network error
2024-02-17 01:35:01 dirmngr[24308.6] marking host 'keys.gentoo.org' as dead | I'm guessing the GET is for the four keys being refreshed at the top of this post ? But then a TLS error ? What gives ? My networking works fine otherwise.
Okay, one more thing. The second line of this log file says Code: | 2024-02-17 01:29:17 dirmngr[24308.0] error loading certificate '/etc/ssl/certs/ca-certificates.crt': Certificate expired | but /etc/ssl/certs/ca-certificates.crt has Code: | Validity
Not Before: May 5 09:37:37 2011 GMT
Not After : Dec 31 09:37:37 2030 GMT | ... doesn't seem expired to me.
Any insights appreciated.
EDIT: I cache the distfiles locally, https://wiki.gentoo.org/wiki/Local_distfiles_cache. From that wiki page: Quote: | As mentioned in this forum post, using apt-cacher-ng as the portage http proxy breaks the openpgp key refresh process. To avoid that, configure apt-cacher-ng to pass through https traffic: | ... by adding [PassThroughPattern: ^(.*):443$ in the config file /etc/apt-cacher-ng/gentoo.conf. But the thing is, I did that. It worked for months. The line was missing in the gentoo.conf, I added it. Grrrmbl. I'll be checking my backups to see if the file has changed. Anyway, I'm back in business.
EDIT: Files haven't changed. My changes were (and still are) in /etc/apt-cacher-ng/apt-cacher-ng.conf. Code: | # https://wiki.debian.org/AptCacherNg
# https://forums.gentoo.org/viewtopic-t-1128190-highlight-gpg+keyserver.html
PassThroughPattern: ^(keys\.gentoo\.org):443$ | Apparently, opening up keys.gentoo.org is no longer enough. |
|
Back to top |
|
 |
sevilla.larry n00b

Joined: 09 Nov 2015 Posts: 42
|
Posted: Tue Mar 26, 2024 1:38 am Post subject: Re: [SOLVED] No keyserver available |
|
|
EDIT: I cache the distfiles locally, https://wiki.gentoo.org/wiki/Local_distfiles_cache. From that wiki page: Quote: | As mentioned in this forum post, using apt-cacher-ng as the portage http proxy breaks the openpgp key refresh process. To avoid that, configure apt-cacher-ng to pass through https traffic: | ... by adding [PassThroughPattern: ^(.*):443$ in the config file /etc/apt-cacher-ng/gentoo.conf. But the thing is, I did that. It worked for months. The line was missing in the gentoo.conf, I added it. Grrrmbl. I'll be checking my backups to see if the file has changed. Anyway, I'm back in business.
EDIT: Files haven't changed. My changes were (and still are) in /etc/apt-cacher-ng/apt-cacher-ng.conf. Code: | # https://wiki.debian.org/AptCacherNg
# https://forums.gentoo.org/viewtopic-t-1128190-highlight-gpg+keyserver.html
PassThroughPattern: ^(keys\.gentoo\.org):443$ | Apparently, opening up keys.gentoo.org is no longer enough.[/quote]
Thx for the info...
[Moderator edit: enabled BBCode -- pietinger] |
|
Back to top |
|
 |
allaboutmike n00b

Joined: 25 May 2004 Posts: 27
|
Posted: Mon Jan 13, 2025 4:04 am Post subject: Re: [SOLVED] No keyserver available |
|
|
Also check that your apt-cacher service is actually still running! (mine wasn't, how embarrassing). |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|