On Mon, 2025-12-01 at 16:17 +0100, Christian Hesse wrote:
"Ariadna Vigo" <ariadna@ariadnavigo.xyz> on Mon, 2025/12/01 15:55:
For a couple of weeks now, I have been noticing that archlinux-keyring-wkd-sync.service fails every single time it is fired up
...
my first guess would be issues with name resolution. I vaguely remember `gnupg` being picky there, and using a very specific mechanism.
Note also that gpg relies on gnutls and gnutls has had TLS protocol bugs in the past (e.g. [1] which was fixed earlier this year). So it may be helpful to try both gnupg and sequoia to see if they both have a problem. If one works and one fails, it suggests a client side problem. Running these directly may also provide more info about the source of any failure. For example, both of these examples work fine for me. They check the first username in the list of failures you provided. using gpg: gpg -v --auto-key-locate clear,wkd,nodefault \ --locate-external-keys grawlinson@archlinux.org and using sequoia sq network wkd search grawlinson@archlinux.org [1] https://gitlab.com/gnutls/gnutls/-/issues/1660 gene