Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 763555

Summary: keys.gentoo.org not operational
Product: Gentoo Infrastructure Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: OtherAssignee: Gentoo Infrastructure <infra-bugs>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 17:08:36 UTC 
If you follow guides from https://www.gentoo.org/downloads/signatures/, you should be able to do

> gpg --keyserver hkps://keys.gentoo.org --recv-keys 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910

to receive 'Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>' GPG key.

But this currently doesn't work:

> gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keys.gentoo.org
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KS_GET -- 0x13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
> gpg: DBG: chan_3 <- ERR 1 General error <Unspecified source>
> gpg: keyserver receive failed: General error
> gpg: DBG: chan_3 -> BYE

It works when using hkps://hkps.pool.sks-keyservers.net as keyserver instead.

I know that keys.gentoo.org is behind GeoDNS. I tried both servers from

> ;keys.geodns-americas.gentoo.org. IN    A
> 
> ;; ANSWER SECTION:
> keys.geodns-americas.gentoo.org. 1782 IN A      208.116.51.2
> keys.geodns-americas.gentoo.org. 1782 IN A      140.211.166.190

and server from

> ;keys.geodns-europe.gentoo.org. IN      A
> 
> ;; ANSWER SECTION:
> keys.geodns-europe.gentoo.org. 1550 IN  A       89.238.71.4

So it looks like we currently have no working keyserver available!
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-01-04 17:17:56 UTC 
zlogene@kiwi ~ % LANG=C gpg --keyserver hkps://keys.gentoo.org --recv-keys 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
gpg: key 0xBB572E0E2D182910: public key "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

just tried.

With keys.geodns-asia.gentoo.org
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 18:00:34 UTC 
Cannot confirm this for keys.geodns-asia.gentoo.org :(

> ;keys.geodns-asia.gentoo.org.   IN      A
> 
> ;; ANSWER SECTION:
> keys.geodns-asia.gentoo.org. 1370 IN    A       140.211.166.190
> keys.geodns-asia.gentoo.org. 1370 IN    A       208.116.51.2
> keys.geodns-asia.gentoo.org. 1370 IN    A       89.238.71.4

Note: Looks like Asia is a combination of US and Europe.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 18:55:35 UTC 
Sorry for the noise, problem was caused by my own dirmngr.conf where I set hkp-cacert option to sks-keyservers.net certificate. That's why it was working with sks-keyservers.net pool members but not with other keyservers.