When using emerge-webrsync on a machine that does not have a direct internet connection except via a proxy server, the refresh of the GPG keys will fail because the keyserver cannot be reached. Excerpt from console: ======== # emerge-webrsync * PGP verification method: gemato * Fetching most recent snapshot ... * Trying to retrieve 20230801 snapshot from http://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo ... * Fetching file gentoo-20230801.tar.xz.md5sum ... --2023-08-02 17:09:57-- http://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo/snapshots/gentoo-20230801.tar.xz.md5sum Connecting to 10.0.0.1:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 57 [application/octet-stream] Saving to: '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.md5sum' /var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.md5sum 100%[===================================================================================================================================================================>] 57 --.-KB/s in 0s 2023-08-02 17:09:57 (9.07 MB/s) - '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.md5sum' saved [57/57] * Fetching file gentoo-20230801.tar.xz.gpgsig ... --2023-08-02 17:09:57-- http://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo/snapshots/gentoo-20230801.tar.xz.gpgsig Connecting to 10.0.0.1:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 963 [application/octet-stream] Saving to: '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.gpgsig' /var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.gpgsig 100%[===================================================================================================================================================================>] 963 --.-KB/s in 0s 2023-08-02 17:09:57 (216 MB/s) - '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz.gpgsig' saved [963/963] * Fetching file gentoo-20230801.tar.xz ... --2023-08-02 17:09:57-- http://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo/snapshots/gentoo-20230801.tar.xz Connecting to 10.0.0.1:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 43197116 (41M) [application/octet-stream] Saving to: '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz' /var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz 100%[===================================================================================================================================================================>] 41.20M --.-KB/s in 0.1s 2023-08-02 17:09:57 (347 MB/s) - '/var/tmp/portage/webrsync-gU9eDQ/gentoo-20230801.tar.xz' saved [43197116/43197116] * Checking digest ... * Checking signature ... [ INFO] Refreshing keys... [ ERROR] OpenPGP keyring refresh failed: gpg: refreshing 4 keys from hkps://keyserver.ubuntu.com gpg: keyserver refresh failed: Try again later * ERROR: /:: failed: * signature verification failed * * If you need support, post the output of `emerge --info '=/::'`, * the complete build log and the output of `emerge -pqv '=/::'`. * Working directory: '/var/tmp/portage/webrsync-gU9eDQ' ======== /etc/portage/make.conf contains the following proxy settings: ======== http_proxy="http://10.0.0.1:3128" https_proxy="http://10.0.0.1:3128" ======== The refresh succeeds when I manually export the https_proxy environment variable on the command line before running emerge-webrsync, but not if I export only http_proxy. Note, normal emerge seems to always use the configured proxy from make.conf for the key refresh, even when syncing the actual portage tree via rsync, and even if only http_proxy, but not https_proxy is configured.
I've definitely seen this before; I _think_ I've worked around it somehow as my machine in a restrictive environment appears to webrsync successfully (though I _may_ have changed portage to use a less restrictive proxy?). Will dig into the proxy settings on that box tomorrow and report back with my findings... I may be skipping key refresh entirely!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=2410f8d7dde2ac12de4ec040696bcbb51e09ce9f commit 2410f8d7dde2ac12de4ec040696bcbb51e09ce9f Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-19 13:54:08 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-19 14:49:34 +0000 save-ebuild-env.sh, special_env_vars.py: add https_proxy For parity with http_proxy. Bug: https://bugs.gentoo.org/691434 Bug: https://bugs.gentoo.org/835927 Bug: https://bugs.gentoo.org/911629 Signed-off-by: Sam James <sam@gentoo.org> bin/save-ebuild-env.sh | 2 +- lib/portage/package/ebuild/_config/special_env_vars.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) https://gitweb.gentoo.org/proj/portage.git/commit/?id=eb3a3878e36e32ed0f8385b7ff8e978fbbe1aff3 commit eb3a3878e36e32ed0f8385b7ff8e978fbbe1aff3 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-19 13:51:45 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-19 14:49:34 +0000 sync: handle https_proxy too Pass down https_proxy into gemato. If http_proxy isn't set, but https_proxy is, then let's fall back to it to help users out. gnupg itself doesn't use https_proxy but users may have only https_proxy set rather than http_proxy and https_proxy. We've had cases reported where users only have https_proxy and not http_proxy set, so include this to help them out too. Bug: https://bugs.gentoo.org/691434 Bug: https://bugs.gentoo.org/835927 Bug: https://bugs.gentoo.org/911629 Signed-off-by: Sam James <sam@gentoo.org> lib/portage/sync/syncbase.py | 2 ++ 1 file changed, 2 insertions(+) https://gitweb.gentoo.org/proj/portage.git/commit/?id=aa37e3993866f1d75e855f8c7300749fadd846af commit aa37e3993866f1d75e855f8c7300749fadd846af Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-19 13:49:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-19 14:49:33 +0000 emerge-webrsync: pass --proxy to gemato if http_proxy or https_proxy is set Make sure we pass proxy settings down into gemato. We include a fallback w/ https_proxy, but note that gnupg doesn't actually use https_proxy but we've had cases reported where users only have https_proxy and not http_proxy set, so include this to help them out too. Bug: https://bugs.gentoo.org/691434 Bug: https://bugs.gentoo.org/835927 Bug: https://bugs.gentoo.org/911629 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 7 +++++++ 1 file changed, 7 insertions(+) https://gitweb.gentoo.org/proj/portage.git/commit/?id=f0b44fc1cc67114662b84905bc1e0cd9ce1bba28 commit f0b44fc1cc67114662b84905bc1e0cd9ce1bba28 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-19 13:49:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-19 14:49:33 +0000 emerge-webrsync: handle https_proxy too If `https_proxy` is also set in make.conf, pick that up so it's passed down to wget. Bug: https://bugs.gentoo.org/691434 Bug: https://bugs.gentoo.org/835927 Bug: https://bugs.gentoo.org/911629 Signed-off-by: Sam James <sam@gentoo.org> bin/emerge-webrsync | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6a68c0255b6d3132dd555b1519a035204bffde2 commit a6a68c0255b6d3132dd555b1519a035204bffde2 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-20 07:57:47 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-20 07:58:22 +0000 sys-apps/portage: add 3.0.51 Bug: https://bugs.gentoo.org/587484 Closes: https://bugs.gentoo.org/673624 Closes: https://bugs.gentoo.org/691434 Closes: https://bugs.gentoo.org/835927 Closes: https://bugs.gentoo.org/909009 Closes: https://bugs.gentoo.org/911335 Closes: https://bugs.gentoo.org/911629 Closes: https://bugs.gentoo.org/911938 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/Manifest | 1 + sys-apps/portage/portage-3.0.51.ebuild | 234 +++++++++++++++++++++++++++++++++ 2 files changed, 235 insertions(+)
