662636 – sys-apps/portage: emerge --sync fails on key refresh (key server timing out)

Bug 662636 - sys-apps/portage: emerge --sync fails on key refresh (key server timing out)

Summary: sys-apps/portage: emerge --sync fails on key refresh (key server timing out)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal with 3 votes (vote)
Assignee:	Portage team

URL:	https://forums.gentoo.org/viewtopic-t...
Whiteboard:
Keywords:

Depends on:
Blocks:	650144
	Show dependency tree

Reported:	2018-08-02 12:37 UTC by Max Nokhrin
Modified:	2019-11-11 01:27 UTC (History)
CC List:	9 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Max Nokhrin 2018-08-02 12:37:11 UTC

Recently, I've been seeing more and more cases of eix-sync fail on key refresh from the key server.  The following error is provided:

OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No keyserver available 

There are a few users who encounter this issue ( https://forums.gentoo.org/viewtopic-t-1084746.html )

Seems like this has to do with the fact that the hkps protocol is used, while only 1 or 2 servers from the pool support hkps ( as per list here: https://sks-keyservers.net/status/ )

Comment 1 Stefano 2018-08-08 11:40:50 UTC

Just had the very same happen to me.

Comment 2 Pierre-François Clement 2018-08-08 12:31:24 UTC

Same here. FWIW, you can still sync using emerge-webrsync (cuz' no GPG check)

Comment 3 Martin Väth 2018-08-09 07:49:13 UTC

The bug is wrongly assigned: It has nothing to do eix. Changing subject and removing myself from CC list.

Comment 4 Martin Väth 2018-08-09 08:57:38 UTC

I hope that it is OK that I also changed the bug assignee to the IMHO correct team (portage). If you think that I was wrong, please drop me a pm (since I am no longer on CC for this bug).

Comment 5 Zac Medico gentoo-dev

2018-08-09 19:50:38 UTC

In app-portage/gemato-14.0, keys are fetched via WKD by default, and it only falls back to hkps if one or more keys in the keychain (provided by app-crypt/openpgp-keys-gentoo-release) fails to import from WKD:

https://github.com/mgorny/gemato/commit/909390c25a0ab589a4ae10d20cb9e321a51163b2

Comment 6 Max Nokhrin 2018-08-24 11:45:14 UTC

Hi Zac,

I generally use eix-sync; forgive my ignorance here, should I be using gemato, or gemato is a package required by/depended on by eix-sync?

Comment 7 Max Nokhrin 2018-08-24 11:48:16 UTC

(In reply to Max Nokhrin from comment #6)
> Hi Zac,
> 
> I generally use eix-sync; forgive my ignorance here, should I be using
> gemato, or gemato is a package required by/depended on by eix-sync?

NVM guys, looked it up and get it now, thank you.

Comment 8 ykla 2019-10-30 16:53:28 UTC

I met the same issue today.

Comment 9 Manuel Friedli 2019-11-11 01:02:18 UTC

Me too:

vps-02 ~ # LC_ALL=C eix-sync -c emaint -C sync -C -A
 * Running emaint sync -A
>>> Syncing repository 'gentoo' into '/usr/portage'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys via WKD ...                                                                                                                                                                                                        [ !! ]
 * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error

OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error

OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: General error

Comment 10 Zac Medico gentoo-dev

2019-11-11 01:27:30 UTC

(In reply to Manuel Friedli from comment #9)
> Me too:
> 
> vps-02 ~ # LC_ALL=C eix-sync -c emaint -C sync -C -A
>  * Running emaint sync -A
> >>> Syncing repository 'gentoo' into '/usr/portage'...
>  * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
>  * Refreshing keys via WKD ...                                              
> [ !! ]
>  * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring
> refresh failed:
> gpg: refreshing 4 keys from hkps://keys.gentoo.org
> gpg: keyserver refresh failed: General error
> 
> OpenPGP keyring refresh failed:
> gpg: refreshing 4 keys from hkps://keys.gentoo.org
> gpg: keyserver refresh failed: General error
> 
> OpenPGP keyring refresh failed:
> gpg: refreshing 4 keys from hkps://keys.gentoo.org
> gpg: keyserver refresh failed: General error

Please file a new bug.

The original issue was related to hkps://hkps.pool.sks-keyservers.net, but defaults have since changed to use WKD with hkps://keys.gentoo.org fallback.