Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 763555 - keys.gentoo.org not operational
Summary: keys.gentoo.org not operational
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-04 17:08 UTC by Thomas Deutschmann (RETIRED)
Modified: 2021-01-04 18:55 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 17:08:36 UTC 
If you follow guides from https://www.gentoo.org/downloads/signatures/, you should be able to do

> gpg --keyserver hkps://keys.gentoo.org --recv-keys 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910

to receive 'Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>' GPG key.

But this currently doesn't work:

> gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keys.gentoo.org
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KS_GET -- 0x13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
> gpg: DBG: chan_3 <- ERR 1 General error <Unspecified source>
> gpg: keyserver receive failed: General error
> gpg: DBG: chan_3 -> BYE

It works when using hkps://hkps.pool.sks-keyservers.net as keyserver instead.

I know that keys.gentoo.org is behind GeoDNS. I tried both servers from

> ;keys.geodns-americas.gentoo.org. IN    A
> 
> ;; ANSWER SECTION:
> keys.geodns-americas.gentoo.org. 1782 IN A      208.116.51.2
> keys.geodns-americas.gentoo.org. 1782 IN A      140.211.166.190

and server from

> ;keys.geodns-europe.gentoo.org. IN      A
> 
> ;; ANSWER SECTION:
> keys.geodns-europe.gentoo.org. 1550 IN  A       89.238.71.4

So it looks like we currently have no working keyserver available!
Comment 1 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2021-01-04 17:17:56 UTC 
zlogene@kiwi ~ % LANG=C gpg --keyserver hkps://keys.gentoo.org --recv-keys 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910
gpg: key 0xBB572E0E2D182910: public key "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1

just tried.

With keys.geodns-asia.gentoo.org
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 18:00:34 UTC 
Cannot confirm this for keys.geodns-asia.gentoo.org :(

> ;keys.geodns-asia.gentoo.org.   IN      A
> 
> ;; ANSWER SECTION:
> keys.geodns-asia.gentoo.org. 1370 IN    A       140.211.166.190
> keys.geodns-asia.gentoo.org. 1370 IN    A       208.116.51.2
> keys.geodns-asia.gentoo.org. 1370 IN    A       89.238.71.4

Note: Looks like Asia is a combination of US and Europe.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2021-01-04 18:55:35 UTC 
Sorry for the noise, problem was caused by my own dirmngr.conf where I set hkp-cacert option to sks-keyservers.net certificate. That's why it was working with sks-keyservers.net pool members but not with other keyservers.