Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 704456 - app-crypt/gnupg : search domain in resolv.conf causing "gpg: keyserver refresh failed: No keyserver available"
Summary: app-crypt/gnupg : search domain in resolv.conf causing "gpg: keyserver refres...
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Kristian Fiskerstrand (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 650144
  Show dependency tree
 
Reported: 2020-01-01 13:28 UTC by Martin Mokrejš
Modified: 2020-08-15 10:50 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
strace -v -f -a 256 -s 256 gpg2 --batch --keyserver hkps://keys.gentoo.org --refresh-keys (strace_gpg2.txt.bz2,5.58 KB, application/octet-stream)
2020-01-01 13:57 UTC, Martin Mokrejš
Details
strace -a 256 -s 256 -v -f emerge --sync (strace__emerge_--sync.txt.bz2,274.87 KB, application/octet-stream)
2020-01-01 14:09 UTC, Martin Mokrejš
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Mokrejš 2020-01-01 13:28:41 UTC
In bug #647696 I claimed I fixed one of my hosts unable to sync portage tree by enabling IPv6 in the kernel. While having another host behind the same router and likewise without IPv6 in kernel, I have a second host (unfixed) to play with.

While not digging into the IPv6 issue itself, I realized that by just changing the domainname propagated to clients via DHCP in my router GUI, or by manipulating directly my /etc/resolv.conf file, I can fix or re-introduce the problem with "gpg2 --batch --keyserver hkps://keys.gentoo.org --refresh-keys".

The host has about 2 months old apps from ~amd64, so relatively recent ( see Bug #647696#c29 )

It has to do with my router appending a domainname to a query, than reverting to some geoip query or what and then failing.

Looks there are other scenarios to reproduce the "gpg: keyserver refresh failed: No keyserver available" error. One of them is that if a value from "search foo.bar" in /etc/resolv.conf is appended to the DNS query for openpgpkey.gentoo.org.foo.bar it fails obviously.

It does not happen for me with all domains I tried, probably it does matter if the "domain" you pick actually exists or not. Obviously the top-level DNS query would fail quickly.

Wasn't it possible to append a dot to a DNS query so that domain names won't get appended? That could gemato ensure.




From "strace -a 256 -s 256 -v -f emerge --sync"

[pid 30308] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16)                                                                                                                                                          = 0
[pid 30308] sendto(6, "I\351\1\0\0\1\0\0\0\0\0\0\nopenpgpkey\6gentoo\3org\16bioinformatics\2cz\0\0\1\0\1", 57, 0, NULL, 0)                                                                                                                                      = 57
[pid 30308] recvfrom(6, 0x7fd1f000a3dc, 768, 0, NULL, NULL)                                                                                                                                                                                                     = -1 EAGAIN (Resource temporarily unavailable)

I have no idea why it is happens only for my paid domain bio**** but not for microsoft.com or hotmail.com. Maybe the queries for openpgpkey.gentoo.org.microsoft.com fail properly so it does not cause any harm to gnupgp or gemato and they recover from the clear error.



[pid 30308] stat("/etc/resolv.conf", {st_dev=makedev(0, 23), st_ino=52520, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=74, st_atime=2020-01-01T12:44:21+0100.323747563, st_mtime=2020-01-01T12:43:36+0100.722380342, st_ctime=2020-01-01T12:43:36+0100.722380342}) = 0
[pid 30308] socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP)                                                                                                                                                                                  = 6
[pid 30308] bind(6, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16)                                                                                                                                                                  = 0
[pid 30308] mprotect(0x7fd1f031f000, 4096, PROT_READ|PROT_WRITE)                                                                                                                                                                                                = 0
[pid 30308] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16)                                                                                                                                                          = 0
[pid 30308] sendto(6, "l\24\1\0\0\1\0\0\0\0\0\0\nopenpgpkey\6gentoo\3org\0\0\1\0\1", 39, 0, NULL, 0)                                                                                                                                                            = 39
[pid 30308] recvfrom(6, 0x7fd1f031f58c, 768, 0, NULL, NULL)                                                                                                                                                                                                     = -1 EAGAIN (Resource temporarily unavailable)

[pid 30308] recvfrom(6, "l\24\201\203\0\1\0\0\0\1\0\0\nopenpgpkey\6gentoo\3org\0\0\1\0\1\300\27\0\6\0\1\0\0\r\301\0'\3ns1\300\27\nhostmaster\300\27^\n\321}\0\0\16\20\0\0\16\22\0\t:\200\0\0\16\20", 768, 0, NULL, NULL)                                        = 90
[pid 30308] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16)                                                                                                                                                          = 0
[pid 30308] sendto(6, "\227]\1\0\0\1\0\0\0\0\0\0\nopenpgpkey\6gentoo\3org\16bioinformatics\2cz\0\0\1\0\1", 57, 0, NULL, 0)                                                                                                                                      = 57
[pid 30308] recvfrom(6, 0x7fd1f031f8fc, 768, 0, NULL, NULL)                                                                                                                                                                                                     = -1 EAGAIN (Resource temporarily unavailable)

[pid 30308] recvfrom(6, "\227]\201\200\0\1\0\2\0\0\0\0\nopenpgpkey\6gentoo\3org\16bioinformatics\2cz\0\0\1\0\1\300\f\0\5\0\1\0\0\33\367\0\2\300\"\300\"\0\1\0\1\0\0\31f\0\4]\2764d", 768, 0, NULL, NULL)                                                        = 87
[pid 30308] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16)                                                                                                                                                          = 0
[pid 30308] sendto(6, "\t\3\1\0\0\1\0\0\0\0\0\0\nopenpgpkey\6gentoo\3org\0\0\34\0\1", 39, 0, NULL, 0)                                                                                                                                                           = 39
[pid 30308] recvfrom(6, 0x7fd1f031f58c, 768, 0, NULL, NULL)                                                                                                                                                                                                     = -1 EAGAIN (Resource temporarily unavailable)

[pid 30308] recvfrom(6, "\t\3\201\203\0\1\0\0\0\1\0\0\nopenpgpkey\6gentoo\3org\0\0\34\0\1\300\27\0\6\0\1\0\0\r\301\0'\3ns1\300\27\nhostmaster\300\27^\n\321}\0\0\16\20\0\0\16\22\0\t:\200\0\0\16\20", 768, 0, NULL, NULL)                                       = 90
[pid 30308] connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, 16)                                                                                                                                                          = 0
[pid 30308] sendto(6, "\375\225\1\0\0\1\0\0\0\0\0\0\nopenpgpkey\6gentoo\3org\16bioinformatics\2cz\0\0\34\0\1", 57, 0, NULL, 0)                                                                                                                                  = 57
[pid 30308] recvfrom(6, 0x7fd1f031f8fc, 768, 0, NULL, NULL)                                                                                                                                                                                                     = -1 EAGAIN (Resource temporarily unavailable)

[pid 30308] recvfrom(6, "\375\225\201\200\0\1\0\2\0\0\0\0\nopenpgpkey\6gentoo\3org\16bioinformatics\2cz\0\0\34\0\1\300\f\0\5\0\1\0\0\33\367\0\2\300\"\300\"\0\34\0\1\0\0\33\367\0\20*\2\306\0\0\4\0d\0\0\0\0\0\0\0\1", 768, 0, NULL, NULL)                      = 99
[pid 30308] close(6)                                                                                                                                                                                                                                            

[pid 30308] socket(AF_INET6, SOCK_STREAM, IPPROTO_IP)                                                                                                                                                                                                           = -1 EAFNOSUPPORT (Address family not supported by protocol)

[pid 30308] write(2, "dirmngr[30307.5]: error creating socket: Address family not supported by protocol", 81)                                                                                                                                                   

[pid 30308] write(2, "dirmngr[30307.5]: error connecting to 'https://openpgpkey.gentoo.org/.well-known/openpgpkey/gentoo.org/hu/9tik1tjkx1fe3wke63tpd7iikyogfbtq?l=repomirrorci': Address family not supported by protocol", 196)

[pid 30308] write(2, "dirmngr[30307.5]: command 'WKD_GET' failed: Address family not supported by protocol", 84)                                                                                                                                                

[pid 30308] write(2, "\n", 1)                                                                                                                                                                                                                                   

[pid 30308] write(5, "ERR 167804933 Address family not supported by protocol <Dirmngr>", 64)                                                                                                                                                                    

[pid 30304] <... read resumed> "ERR 167804933 Address family not supported by protocol <Dirmngr>", 1002)                                                                                                                                                        

[pid 30304] write(2, "gpg: error retrieving 'repomirrorci@gentoo.org' via WKD: Address family not supported by protocol", 97)                                                                                                                                   

[pid 30297] <... read resumed> "gpg: error retrieving 'repomirrorci@gentoo.org' via WKD: Address family not supported by protocol\n", 4096)                                                                                                                     
[pid 30304] write(2, "gpg: error reading key: Address family not supported by protocol", 64 <unfinished ...>                                                                                                                                               
                                                                                                                                                              

[pid 30304] write(4, "WKD_GET -- infrastructure@gentoo.org", 36)                                                                                                                                                                                                = 36
[pid 30308] <... read resumed> "WKD_GET -- infrastructure@gentoo.org", 1002)                                                                                                                                                                                    = 36


Later I get:

"dirmngr[30316.5]: resolve_dns_addr for 'keys.gentoo.org': 'keys.gentoo.org' [already known]"

but even later

"dirmngr[30316.5]: error creating socket: Address family not supported by protocol"
...
"dirmngr[30316.5]: error connecting to 'https://keys.gentoo.org:443': Address family not supported by protocol"
...
"dirmngr[30316.5]: marking host 'keys.gentoo.org' as dead"
...
"dirmngr[30316.5]: command 'KS_GET' failed: No keyserver available"
...
"ERR 167772346 No keyserver available <Dirmngr>"
...
"gpg: keyserver refresh failed: No keyserver available"
Comment 1 Martin Mokrejš 2020-01-01 13:57:05 UTC
Created attachment 602182 [details]
strace -v -f -a 256 -s 256 gpg2 --batch --keyserver hkps://keys.gentoo.org --refresh-keys

I used grep to filter away some extra lines:

grep -v read |  grep -v lseek |  grep -v mprotect |  grep -v mmap |  grep -v munmap | grep -v openat | grep -v fstat

One needs to run "killall dirmngr gpg-agent" as the processes stay hanging after cancelling strace.


The captured output of the command without strace junk would be:

# gpg2 --batch --keyserver hkps://keys.gentoo.org --refresh-keys 
gpg: refreshing 142 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available
#

Below a bit edited resolv.conf. ;-) See the trace file for real domainname.

# cat /etc/resolv.conf
# Generated by resolvconf
search bio*******.cz
#search microsoft.com
#search hotmail.com
nameserver 192.168.0.1
Comment 2 Martin Mokrejš 2020-01-01 14:09:45 UTC
Created attachment 602184 [details]
strace -a 256 -s 256 -v -f emerge --sync

Probably start reading from line 17190, that will tell you what substring to look for on the following lines.
Comment 3 Martin Mokrejš 2020-01-02 08:08:18 UTC
For compleneteness, this is an operc host, not systemd.

# emerge --info
Portage 2.3.75 (python 2.7.16-final-0, default/linux/amd64/17.0, gcc-9.2.0, glibc-2.29-r5, 5.4.0-rc1-default-pciehp+ x86_64)
=================================================================
System uname: Linux-5.4.0-rc1-default-pciehp+-x86_64-Intel-R-_Core-TM-_i7-2640M_CPU_@_2.80GHz-with-gentoo-2.6
KiB Mem:    16361160 total,   7168960 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Mon, 23 Dec 2019 11:00:01 +0000
Head commit of repository gentoo: 70c9ad892fde1a6889a5dc3f741e5448540ac2ef
sh bash 5.0_p11
ld GNU ld (Gentoo 2.32 p2) 2.32.0
app-shells/bash:          5.0_p11::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.30.0::gentoo
dev-lang/python:          2.7.16-r101::stefantalpalaru, 3.5.7::gentoo, 3.6.9::gentoo, 3.7.4-r1::gentoo
dev-util/cmake:           3.15.3::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.42.1::gentoo
sys-apps/sandbox:         2.18::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.12.6-r1::gentoo, 1.13.4-r2::gentoo, 1.14.1-r1::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo
sys-devel/binutils:       2.32-r1::gentoo
sys-devel/gcc:            6.5.0-r1::gentoo, 7.3.0-r6::gentoo, 8.3.0-r1::gentoo, 9.1.0-r1::gentoo, 9.2.0::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r5::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 5.2::gentoo (virtual/os-headers)
sys-libs/glibc:           2.29-r5::gentoo
Repositories:

gentoo
    location: /scratch/usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: yes
    sync-rsync-extra-opts: 
    sync-rsync-verify-max-age: 24

science
    location: /scratch/mmokrejs/proj/sci
    masters: gentoo
    priority: 0

layman
    location: /var/lib/layman
    masters: gentoo
    priority: 1

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 2

haskell
    location: /var/lib/layman/haskell
    masters: gentoo
    priority: 50

stefantalpalaru
    location: /var/lib/layman/stefantalpalaru
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="@FREE dlj-1.1 sun-bcla-java-vm Oracle-BCLA-JavaSE IBM-J1.6 Nero-EULA-US AdobeFlash-10.3 AdobeFlash-11.x OPERA-2014 RAR Intel-SDP intel-ucode Skype-TOS vmware linux-firmware fasta vienna-rna unafold GRL MSttfEULA hplip-plugin meme mRNAmarkup ApE ICS ipw3945 finchtv modeller gmap master-pdf-editor abyss swiss-prot Aladdin AVASYS truecrypt-3.0 pyvcf Non-profit-OSL-3.0 estscan bcca_2010 oncotator Adobe blat staden CeCILL-1.1 phrap STRIDE cctbx-2.0 bh-luxi ARIADNE unRAR all-rights-reserved trf annovar_personal_only stampy-academic BSD-BroadInstitute UPennState freedist free-noncomm blasr sun-jlfgr FLI-Jena PSTT netperf sun-jsr67 xv vim.org OSGi-Specification-2.0 colt mod_fastcgi googleearth ACE AFL churchill genscan linux-fw-redistributable no-source-code"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -mpclmul -mpopcnt -march=native -ftree-vectorize"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.2/conf /usr/share/maven-bin-3.3/conf /usr/share/maven-bin-3.6/conf /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php7.3/ext-active/ /etc/php/cgi-php7.3/ext-active/ /etc/php/cli-php7.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/vmware-installer"
CXXFLAGS="-O2 -pipe -mpclmul -mpopcnt -march=native -ftree-vectorize"
DISTDIR="/scratch/usr/portage/distfiles"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news nostrip parallel-fetch pid-sandbox preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://gentoo.wheel.sk/ http://ftp.fi.muni.cz/pub/linux/gentoo/ http://gentoo.mirror.web4u.cz/ rsync://gentoo.mirror.dkm.cz/gentoo/ ftp://gentoo.mirror.web4u.cz/"
LANG="en_US"
LC_ALL="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en_US en_GB en cs"
MAKEOPTS="-j2"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/scratch/var/tmp"
USE="R X acpi alsa amd64 amr apache apache2 asm avx bcache berkdb bluetooth boost bzip2 cairo cgi cli coin connection-sharing consolekit cracklib crypt cryptlib cryptsetup cups cxx dbus device-mapper dhcp directfb dri drm dvd emboss encode eselect-ldso fbcon ffmpeg flac fontconfig fortran fuse gbm gcrypt gd gdbm geoip geolocation gimp glib glpk gmp gpm gps gtk hal hpijs hwdb iconv id3tag imaging innodb inotify iproute2 java javafx javascript jce jpeg jpg js jscript keymap kmod ladspa lame lapack laptop lcms libev libevent libnotify libtirpc lm_sensors mad matroska mmx modemmanager mp3 multicore multilib multimedia mysql ncurses netpbm networkmanager nfs nls nptl nptlonly nscd ntfs ntfsdecrypt ntfsprogs objc ocr ogg opengl openmp openssl opus pam parport pcre pcre16 pdf pdfimport pdl perl php pkcs11 plplot png policykit polkit postproc postscript ppds ppp pppd pptx python qt3support qt4 qt5 readline rendering resolvconf samba scanner sctp seccomp server session sha512 slideshow smartcard sna sndfile sparsehash split-usr sqlite sse sse2 sse3 sse4_1 sse4_2 ssh ssh-agent ssl sslv2 sslv3 ssse3 startup-notification suexec svg syslog tcl tcpd tevent threads tiff tk truetype twolame udev unicode unzip upower usb v4l v4l2 vim-syntax vnc wavpack wifi x11 xattr xcb xcomposite xft xinerama xml xorg xrandr xv xvid zip zlib" ABI_X86="64 32" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="alias authz_host auth_basic auth_digest cgi cgid deflate dir env filter include info mem_cache mime mime_magic negotiation remoteip setenvif status userdir vhost_alias rewrite usertrack cache file_cache disk_cache charset_lite log_config log_forensic" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="aivdm ashtech earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 navcom ntrip oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tnt tripmate tsip ublox fury geostar nmea0183 nmea2000 passthrough" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en-US en en-GB cs" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6 python3_7" RUBY_TARGETS="ruby24 ruby25" USERLAND="GNU" VIDEO_CARDS="vesa vmware fbdev intel i915 i965" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


# emerge -pv gemato gnupg openpgp-keys-gentoo-release portage

[ebuild     U  ] app-crypt/openpgp-keys-gentoo-release-20191030::gentoo [20190427::gentoo] USE="-test" 24 KiB
[ebuild     U  ] app-crypt/gnupg-2.2.19::gentoo [2.2.17::gentoo] USE="bzip2 doc nls readline smartcard ssl tools usb -ldap (-selinux) -tofu -user-socket -wks-server" 6,597 KiB
[ebuild     U  ] app-portage/gemato-14.3::gentoo [14.1::gentoo] USE="blake2 bzip2 gpg -lzma -sha3 -test -tools" PYTHON_TARGETS="python2_7 python3_6 python3_7 -pypy -pypy3% -python3_5 -python3_8%" 70 KiB
[ebuild     U  ] sys-apps/portage-2.3.82::gentoo [2.3.75-r1::gentoo] USE="(ipc) native-extensions rsync-verify xattr -build -doc -epydoc -gentoo-dev (-selinux)" PYTHON_TARGETS="python2_7 python3_6 python3_7 -pypy -python3_5 -python3_8%" 1,019 KiB
Comment 4 Martin Mokrejš 2020-01-02 13:26:21 UTC
I temporarily corrected the resolv.conf file an d updated a bit the host I could confirm this happens with latest versions. And it does:

[ebuild   R    ] app-crypt/openpgp-keys-gentoo-release-20191030::gentoo  USE="-test" 0 KiB
[ebuild   R    ] app-crypt/gnupg-2.2.19::gentoo  USE="bzip2 doc nls readline smartcard ssl tools usb -ldap (-selinux) -tofu -user-socket -wks-server" 0 KiB
[ebuild   R    ] app-portage/gemato-14.3::gentoo  USE="blake2 bzip2 gpg -lzma -sha3 -test -tools" PYTHON_TARGETS="python2_7 python3_6 python3_7 -pypy3 -python3_8" 0 KiB
[ebuild   R    ] sys-apps/portage-2.3.84-r1::gentoo  USE="(ipc) native-extensions rsync-verify xattr -build -doc -epydoc -gentoo-dev (-selinux)" PYTHON_TARGETS="python2_7 python3_6 python3_7 -python3_8" 0 KiB


I cannot actually work around this by USE=-rsync-verify .


# USE=-rsync-verify emerge --sync
>>> Syncing repository 'gentoo' into '/scratch/usr/portage'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys via WKD ...                                                                                                                                                                                                                                                                                        [ !! ]
 * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
gpg: refreshing 4 keys from hkps://keys.gentoo.org
gpg: keyserver refresh failed: No keyserver available

...


I would say I would prefer USE="-fetch-wkd-keys rsync-verify" option instead. I have many old and up-to-date keys so many files could be "verified" anyway.
Comment 5 Reva Denis 2020-03-01 05:38:10 UTC
=app-crypt/gnupg-2.2.19 seems solves the issue

1. Update portage tree via emerge-webrsync
2. Install =app-crypt/gnupg-2.2.19 with ~ keyword
Comment 6 Martin Mokrejš 2020-08-15 09:55:51 UTC
So I tried now with

[ebuild   R    ] app-crypt/gnupg-2.2.20::gentoo  USE="bzip2 doc nls readline smartcard ssl tofu tools usb -ldap (-selinux) -user-socket -wks-server" 0 KiB


# emerge --sync

>>> Syncing repository 'gentoo' into '/scratch/usr/portage'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys via WKD ...                                                                                                                                                                                                        [ !! ]
 * Refreshing keys from keyserver hkps://keys.gentoo.org ...                                                                                                                                                                          [ ok ]
>>> Starting rsync with rsync://89.238.71.6/gentoo-portage...
rsync: [Receiver] safe_read failed to read 1 bytes: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(276) [Receiver=3.2.3]
>>> Retrying...


>>> Starting retry 1 of 3 with rsync://81.91.253.252/gentoo-portage
Welcome to starling.gentoo.org / rsync.gentoo.org

Server Address : 81.91.253.252, 2a01:90:200:10::1a
Contact Name   : mirror-admin@gentoo.org
Hardware       : 2 x Intel(R) Xeon(R) CPU E5-2470 0 @ 2.30GHz, 3946MB RAM
Sponsor        : Qube Managed Services Limited, Zurich, Switzerland, EU

Please note: common gentoo-netiquette says you should not sync more
than once a day.  Users who abuse the rsync.gentoo.org rotation
may be added to a temporary ban list.

MOTD autogenerated by update-rsync-motd on Thu Apr  4 19:07:17 UTC 2019

receiving incremental file list
timestamp.chk

Number of files: 1 (reg: 1)
Number of created files: 0
Number of deleted files: 0
Number of regular files transferred: 1
Total file size: 32 bytes
Total transferred file size: 32 bytes
Literal data: 32 bytes
...

# emerge -pv gemato gnupg openpgp-keys-gentoo-release portage

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U  ] app-crypt/openpgp-keys-gentoo-release-20200704::gentoo [20191030::gentoo] USE="-test" 18 KiB
[ebuild     U  ] app-crypt/gnupg-2.2.21::gentoo [2.2.20::gentoo] USE="bzip2 doc nls readline smartcard ssl tofu tools usb -ldap (-selinux) -user-socket -wks-server" 6 654 KiB
[ebuild     U  ] app-portage/gemato-14.4-r1::gentoo [14.4::gentoo] USE="gpg -test -tools" PYTHON_TARGETS="python3_6 python3_7 -pypy3 -python3_8 -python3_9" 0 KiB
[ebuild     U  ] sys-apps/portage-3.0.2-r2::gentoo [3.0.1::gentoo] USE="(ipc) native-extensions rsync-verify xattr -apidoc -build -doc -gentoo-dev (-selinux)" PYTHON_TARGETS="python3_6 python3_7 -pypy3 -python3_8 -python3_9" 1 026 KiB


I upgraded the above and still, "emerge --sync" and also "eix-sync" work for me, despite the originally problematic "search bio******.cz" in my /etc/resolv.conf . I conclude it was fixed meanwhile.
Comment 7 Martin Mokrejš 2020-08-15 09:58:48 UTC
My bad, I meanwhile enabled IPv6 in kernel so I am not certain, whether my current testing was meaningful.

root # gzip -dc /proc/config.gz | grep -i IPv6 
CONFIG_IPV6=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
# CONFIG_IPV6_MIP6 is not set
# CONFIG_IPV6_ILA is not set
# CONFIG_IPV6_VTI is not set
CONFIG_IPV6_SIT=m
# CONFIG_IPV6_SIT_6RD is not set
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_FOU=m
CONFIG_IPV6_FOU_TUNNEL=m
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# CONFIG_IPV6_SEG6_LWTUNNEL is not set
CONFIG_IPV6_SEG6_HMAC=y
# CONFIG_IP_VS_IPV6 is not set
# IPv6: Netfilter Configuration
CONFIG_NF_SOCKET_IPV6=m
# CONFIG_NF_TPROXY_IPV6 is not set
# CONFIG_NF_TABLES_IPV6 is not set
# CONFIG_NF_DUP_IPV6 is not set
# CONFIG_NF_REJECT_IPV6 is not set
# CONFIG_NF_LOG_IPV6 is not set
# end of IPv6: Netfilter Configuration
CONFIG_NF_DEFRAG_IPV6=y
root #


Reopening.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2020-08-15 10:50:00 UTC
The 

> Address family not supported by protocol

issue should be resolved with >=gnupg-2.2.20-r1 available since a few hours, see https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f880165f3ad8531f8b185108094f46a47c9e2fb4.

I also had a client failing sometimes depending on used /etc/resolv.conf settings. Please test with latest gnupg version and report back if you are still experiencing the issue or if new version will also fix it.