Hello, I have a server with IPv6 configured. It takes 5-10 minutes to refresh keys every time I run "emerge --sync": " * Running emerge --sync >>> Syncing repository 'gentoo' into '/usr/portage'... * Using keys from /usr/share/openpgp-keys/gentoo-release.asc * Refreshing keys via WKD ... " tcpdump shows attempts to connect to www.gentoo.org ipv6 address, however there is no respond from it: 09:11:26.158138 IP6 2401:df40:2::9:241b:1a6e.40628 > 2a04:4e42:600::649.443: Flags [S], seq 2426953407, win 64800, options [mss 1440,sackOK,TS val 3605581822 ecr 0,nop,wscale 7], length 0 09:11:28.344830 IP6 2401:df40:2::9:241b:1a6e.40628 > 2a04:4e42:600::649.443: Flags [S], seq 2426953407, win 64800, options [mss 1440,sackOK,TS val 3605584008 ecr 0,nop,wscale 7], length 0 09:11:32.398234 IP6 2401:df40:2::9:241b:1a6e.40628 > 2a04:4e42:600::649.443: Flags [S], seq 2426953407, win 64800, options [mss 1440,sackOK,TS val 3605588062 ecr 0,nop,wscale 7], length 0 09:11:40.158717 IP6 2401:df40:2::9:241b:1a6e.55150 > 2a04:4e42:400::649.443: Flags [S], seq 310372584, win 64800, options [mss 1440,sackOK,TS val 2387287421 ecr 0,nop,wscale 7], length 0 09:11:41.171471 IP6 2401:df40:2::9:241b:1a6e.55150 > 2a04:4e42:400::649.443: Flags [S], seq 310372584, win 64800, options [mss 1440,sackOK,TS val 2387288434 ecr 0,nop,wscale 7], length 0 emerge --info Portage 3.0.17 (python 3.9.2-final-0, default/linux/amd64/17.1, gcc-10.2.0, glibc-2.32-r7, 5.4.97 x86_64) ================================================================= System uname: Linux-5.4.97-x86_64-QEMU_Virtual_CPU_version_2.5+-with-glibc2.32 KiB Mem: 4013440 total, 591660 free KiB Swap: 1048572 total, 1043452 free Timestamp of repository gentoo: Tue, 30 Mar 2021 01:15:01 +0000 Head commit of repository gentoo: 457a663b6029a270e881e4acedb4e10a3c5bc0e7 Head commit of repository pentoo: 6811d845121debea38c80dd648c9fc30bd9ee2a6 sh bash 5.0_p18 ld GNU ld (Gentoo 2.35.1 p2) 2.35.1 app-shells/bash: 5.0_p18::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.30.3::gentoo dev-lang/python: 3.9.2::gentoo dev-util/cmake: 3.18.5::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.7::gentoo sys-apps/openrc: 0.42.1-r1::gentoo sys-apps/sandbox: 2.20::gentoo sys-devel/autoconf: 2.69-r5::gentoo sys-devel/automake: 1.13.4-r2::gentoo, 1.16.2-r1::gentoo sys-devel/binutils: 2.35.1-r1::gentoo sys-devel/gcc: 10.2.0-r5::gentoo sys-devel/gcc-config: 2.3.3::gentoo sys-devel/libtool: 2.4.6-r6::gentoo sys-devel/make: 4.3::gentoo sys-kernel/linux-headers: 5.10::gentoo (virtual/os-headers) sys-libs/glibc: 2.32-r7::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://140.127.177.17/gentoo-portage priority: -1000 sync-rsync-extra-opts: sync-rsync-verify-metamanifest: yes sync-rsync-verify-jobs: 1 sync-rsync-verify-max-age: 24 local-overlay location: /usr/local/portage masters: gentoo priority: 0 pentoo location: /var/lib/layman/pentoo sync-type: git sync-uri: https://github.com/pentoo/pentoo-overlay masters: gentoo priority: 50 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="@FREE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/easy-rsa /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--quiet-build" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="https://ftp.iij.ad.jp/pub/linux/gentoo/" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 berkdb bzip2 cli crypt dri fortran gdbm iconv ipv6 libglvnd libtirpc multilib mysql ncurses nls nptl openmp pam pcre readline seccomp split-usr ssl tcpd unicode xattr zlib" ABI_X86="64" ADA_TARGET="gnat_2018" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby26" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
there is also a problem with retrieving gpg key: bash$ gpg --debug all --auto-key-locate wkd -vvvvv --locate-keys developer@gentoo.org gpg: DBG: chan_5 <- OK Dirmngr 2.2.27 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_5 -> GETINFO version gpg: DBG: chan_5 <- D 2.2.27 gpg: DBG: chan_5 <- OK gpg: DBG: chan_5 -> WKD_GET -- developer@gentoo.org gpg: DBG: chan_5 <- S SOURCE https://gentoo.org gpg: DBG: chan_5 <- S PROGRESS tick ? 0 0 gpg: DBG: chan_5 <- S WARNING http_redirect_cleanup 0 changed from 'https://gentoo.org/.well-known/openpgpkey/hu/8ssm33j13uke6j94cmw3gbu58o49bf8z?l=developer' to 'https://www.gentoo.org/.well-known/openpgpkey/hu/8ssm33j13uke6j94cmw3gbu58o49bf8z?l=developer' gpg: WARNING: unacceptable HTTP redirect from server was cleaned up gpg: (further info: changed from 'https://gentoo.org/.well-known/openpgpkey/hu/8ssm33j13uke6j94cmw3gbu58o49bf8z?l=developer' to 'https://www.gentoo.org/.well-known/openpgpkey/hu/8ssm33j13uke6j94cmw3gbu58o49bf8z?l=developer') gpg: DBG: chan_5 <- S PROGRESS tick ? 0 0 gpg: DBG: chan_5 <- ERR 167772218 No data <Dirmngr> gpg: error retrieving 'developer@gentoo.org' via WKD: No data gpg: error reading key: No data gpg: DBG: chan_5 -> BYE
I get same issue
Same for me
(In reply to Anton Bolshakov from comment #1) > there is also a problem with retrieving gpg key: > bash$ gpg --debug all --auto-key-locate wkd -vvvvv --locate-keys > developer@gentoo.org > I think you need to escape the @ somehow. Searching by name works, joe will retrieve my key. Are you still affected by this? (In reply to Alexey Shvetsov from comment #2) > I get same issue With what version? 2.2 branch alone has had numerous fixes that could have resolved these issues. From 2.2.35: * dirmngr: Make WKD lookups work for resolvers not handling SRV records. [T4729] The report on this specifically involves gentoo: https://dev.gnupg.org/T4729 From 2.2.34: dirmngr: Avoid initial delay on the first keyserver access in presence of --no-use-tor. [rGdde88897e2]
I have gpg 2.2.41 and have this problem as well. # gpg --debug all --auto-key-locate wkd -vvvvv --locate-keys developer@gentoo.org gpg: reading options from '[cmdline]' gpg: using character set 'utf-8' gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog gpg: enabled compatibility flags: gpg: DBG: [not enabled in the source] start gpg: directory '/root/.gnupg' created gpg: DBG: fd_cache_invalidate (/root/.gnupg/pubring.kbx) gpg: DBG: iobuf-1.0: open '/root/.gnupg/pubring.kbx' desc=file_filter(fd) fd=3 gpg: DBG: iobuf-1.0: close 'file_filter(fd)' gpg: DBG: /root/.gnupg/pubring.kbx: close fd/handle 3 gpg: DBG: fd_cache_close (/root/.gnupg/pubring.kbx) new slot created gpg: DBG: iobuf-*.*: ioctl '/root/.gnupg/pubring.kbx' invalidate gpg: DBG: fd_cache_invalidate (/root/.gnupg/pubring.kbx) gpg: DBG: did (/root/.gnupg/pubring.kbx) gpg: keybox '/root/.gnupg/pubring.kbx' created gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: using pgp trust model gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter gpg: DBG: keydb_search: 1 search descriptions: gpg: DBG: keydb_search 0: SUBSTR: 'developer@gentoo.org' gpg: DBG: keydb_search: searching keybox (resource 0 of 1) gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => EOF gpg: DBG: [not enabled in the source] keydb_search leave (not found) gpg: no running Dirmngr - starting '/usr/bin/dirmngr' gpg: waiting for the dirmngr to come up ... (5s) gpg: DBG: chan_5 <- # Home: /root/.gnupg gpg: DBG: chan_5 <- # Config: /root/.gnupg/dirmngr.conf gpg: DBG: chan_5 <- OK Dirmngr 2.2.41 at your service gpg: connection to dirmngr established gpg: DBG: chan_5 -> GETINFO version gpg: DBG: chan_5 <- D 2.2.41 gpg: DBG: chan_5 <- OK gpg: DBG: chan_5 -> WKD_GET -- developer@gentoo.org gpg: DBG: chan_5 <- S SOURCE https://openpgpkey.gentoo.org gpg: DBG: chan_5 <- ERR 167772218 No data <Dirmngr> gpg: error retrieving 'developer@gentoo.org' via WKD: No data gpg: error reading key: No data gpg: DBG: chan_5 -> BYE gpg: DBG: [not enabled in the source] stop gpg: keydb: handles=1 locks=0 parse=0 get=0 gpg: build=0 update=0 insert=0 delete=0 gpg: reset=0 found=0 not=1 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=0 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0 gpg: secmem usage: 0/65536 bytes in 0 blocks Nothing helpful from gpg, though. Is there any way to set a timeout? Also, I noticed that `traceroute openpgpkey.gentoo.org` works while `traceroute6 openpgpkey.gentoo.org` doesn't: $ traceroute openpgpkey.gentoo.org traceroute to openpgpkey.gentoo.org (89.16.167.134), 30 hops max, 60 byte packets [...nodes omitted...] 18 te0-0-0-2.cr4.yrk.bytemark.co.uk (130.180.202.57) 157.861 ms 141.308 ms 140.387 ms 19 po1.ar2.dc1.yo26.yrk.bytemark.co.uk (91.223.58.33) 140.495 ms 140.481 ms 141.127 ms 20 * www.gentoo.org (89.16.167.134) 139.547 ms * $ traceroute6 openpgpkey.gentoo.org traceroute to openpgpkey.gentoo.org (2001:41c8:0:936::136), 30 hops max, 80 byte packets [...nodes omitted...] 14 te0-0-0-2.cr4.yrk.bytemark.co.uk (2001:41c8:0:10c::1) 138.821 ms 140.788 ms 139.801 ms 15 po1.ar2.dc1.yo26.yrk.bytemark.co.uk (2001:41c8:0:110::2) 133.374 ms 134.327 ms 134.405 ms 16 * * * [..."* * *" omitted...] 30 * * *
Hit by this bug this morning as well: * Refreshing keys via WKD ... [ ok ] >>> Starting rsync with rsync://[2a00:1828:a00d:ffff::6]/gentoo-portage... >>> Checking server timestamp ... timed out rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(713) [Receiver=3.2.7] >>> Retrying... >>> Starting retry 1 of 3 with rsync://[2a01:90:200:10::1a]/gentoo-portage >>> Checking server timestamp ... timed out rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(713) [Receiver=3.2.7] >>> Retrying... >>> Starting retry 2 of 3 with rsync://89.238.71.6/gentoo-portage >>> Checking server timestamp ... Welcome to turnstone.gentoo.org / rsync.gentoo.org
(In reply to Bob Deblier from comment #6) > Hit by this bug this morning as well: This sounds like a different problem - it's not do with refreshing keys hanging.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/portage.git/commit/?id=9268a92b9666eaaf263999b18220c0d56d8c476c commit 9268a92b9666eaaf263999b18220c0d56d8c476c Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-13 04:36:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-17 06:52:55 +0000 sync: rsync, git: respect --debug for gemato Respect --debug and pass it down to gemato so we get nice debugging output when e.g. 'refreshing keys' is stuck. Bug: https://bugs.gentoo.org/646194 Bug: https://bugs.gentoo.org/647696 Bug: https://bugs.gentoo.org/691666 Bug: https://bugs.gentoo.org/779766 Bug: https://bugs.gentoo.org/873133 Bug: https://bugs.gentoo.org/906875 Bug: https://github.com/projg2/gemato/issues/7 Bug: https://github.com/projg2/gemato/issues/25 Signed-off-by: Sam James <sam@gentoo.org> lib/portage/sync/modules/git/git.py | 15 +++++++++++++-- lib/portage/sync/modules/rsync/rsync.py | 11 +++++++++-- lib/portage/sync/syncbase.py | 12 ++++++++---- 3 files changed, 30 insertions(+), 8 deletions(-)
same here, works only after uncommenting "precedence ::ffff:0:0/96 100" in /etc/gai.conf