Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 932529 - emerge --sync fails while Refreshing keys from keyserver hkps://keys.gentoo.org: gpg: keyserver refresh failed: No keyserver available
Summary: emerge --sync fails while Refreshing keys from keyserver hkps://keys.gentoo.o...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-23 07:59 UTC by Spekadyon
Modified: 2024-05-24 10:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Spekadyon 2024-05-23 07:59:36 UTC 
I'm unable to sync my gentoo portage tree, due to the key server to be unavailable. 

% emerge --sync
> >>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'...
>  * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
>  * Refreshing keys via WKD ...                                                                                                                                                                                                 [ !! ]
>  * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP keyring refresh failed:
> gpg: refreshing 4 keys from hkps://keys.gentoo.org
> gpg: keyserver refresh failed: No keyserver available

The problem seems to be DNS related, keys.gentoo.org doesn't point to anything:

> 
> ; <<>> DiG 9.16.48 <<>> @9.9.9.9 keys.gentoo.org
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10746
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ;; QUESTION SECTION:
> ;keys.gentoo.org.             IN      A
> 
> ;; ANSWER SECTION:
> keys.gentoo.org.      42626   IN      CNAME   keys.geodns.gentoo.org.
> keys.geodns.gentoo.org.       326     IN      CNAME   keys.geodns-europe.gentoo.org.
> 
> ;; AUTHORITY SECTION:
> gentoo.org.           3023    IN      SOA     ns1.gentoo.org. hostmaster.gentoo.org. 1716449531 3600 3602 604800 3600
> 
> ;; Query time: 32 msec
> ;; SERVER: 9.9.9.9#53(9.9.9.9)
> ;; WHEN: Thu May 23 09:56:42 CEST 2024
> ;; MSG SIZE  rcvd: 154
>

The same result is obtained with several DNS servers (8.8.8.8, opendns).

Manually resolving keys.geodns-europe.gentoo.org shows the record is empty:

> ;keys.geodns-europe.gentoo.org.       IN      A





Reproducible: Always

Steps to Reproduce:
1. emerge --sync
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-05-24 06:36:03 UTC 
Should be fixed now, I didn't realise our machinery didn't handle the empty case.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-05-24 06:40:13 UTC 
(In reply to Sam James from comment #1)
> Should be fixed now, I didn't realise our machinery didn't handle the empty
> case.

Just to elaborate: we had/have an incident at https://infra-status.gentoo.org/notice/20240519-gitlab. We ended up losing one of the keys.gentoo.org hosts - the only one in Europe. I tried to switch it over to the other regions but didn't realise it didn't handle the empty case properly.
Comment 3 Spekadyon 2024-05-24 10:38:29 UTC 
I confirm that the problem is fixed, thanks!