Arch Keyring Up To Date but Errors in journal?
All, I saw a handful of Archlinux gpg errors in the journal and thought my arch keyring must need updating, so I issued the command to update the keyring -- and it was up to date: # pacman -Sy --needed archlinux-keyring :: Synchronizing package databases... core is up to date extra is up to date community is up to date cingg is up to date warning: archlinux-keyring-20221220-1 is up to date -- skipping there is nothing to do Why do I still see key Arch gpg errors in the journal, e.g.: Dec 30 22:47:56 valkyrie archlinux-keyring-wkd-sync[90563]: gpg: error retrieving 'alucryd@archlinux.org' via WKD: Connection timed out Dec 30 22:47:56 valkyrie archlinux-keyring-wkd-sync[90563]: gpg: error reading key: Connection timed out Dec 30 22:47:56 valkyrie archlinux-keyring-wkd-sync[90310]: Skipping key 42DFAFB7C03B2E4E7BBDBA69930B82BFC2BDA011 with UID muflone@vbsimple.net... Dec 30 22:47:56 valkyrie archlinux-keyring-wkd-sync[90310]: Refreshing key 42DFAFB7C03B2E4E7BBDBA69930B82BFC2BDA011 with UID muflone@archlinux.org... Dec 30 22:48:11 valkyrie archlinux-keyring-wkd-sync[90566]: gpg: error retrieving 'muflone@archlinux.org' via WKD: Connection timed out Dec 30 22:48:11 valkyrie archlinux-keyring-wkd-sync[90566]: gpg: error reading key: Connection timed out Dec 30 22:48:11 valkyrie archlinux-keyring-wkd-sync[90310]: Skipping key 42DFAFB7C03B2E4E7BBDBA69930B82BFC2BDA011 with UID muflone@muflone.com... Dec 30 22:48:11 valkyrie archlinux-keyring-wkd-sync[90310]: Skipping key 75BD80E4D834509F6E740257B1B73B02CC52A02A with UID diabonas@master-key.archlinux.org... Dec 30 22:48:11 valkyrie archlinux-keyring-wkd-sync[90310]: Refreshing key 8A9BC5819C54FEB3DC2A9B48C32217F6F13FF192 with UID xyproto@archlinux.org... And the real question -- do I need to fix part of the keyring, or is this just temporary noise? -- David C. Rankin, J.D.,P.E.
On Fri, 2022-12-30 at 22:56 -0600, David C. Rankin wrote:
Dec 30 22:47:56 valkyrie archlinux-keyring-wkd-sync[90563]: gpg: error retrieving 'alucryd@archlinux.org' via WKD: Connection timed out
Hi, a search https://www.google.com/search?q=valkyrie+archlinux-keyring-wkd-sync%5B90563%... returnes countless hits. Here the 1. hit is https://bbs.archlinux.org/viewtopic.php?id=279803 . It seems to be a common problem, that doesn't seem to affect me [1]. Regards, Ralf [1] [root@archlinux rocketmouse]# systemctl restart archlinux-keyring-wkd-sync.service [root@archlinux rocketmouse]# systemctl status archlinux-keyring-wkd-sync.service ● archlinux-keyring-wkd-sync.service - Refresh existing keys of archlinux-keyring Loaded: loaded (/usr/lib/systemd/system/archlinux-keyring-wkd-sync.service; static) Active: active (running) since Sat 2022-12-31 08:17:45 CET; 7s ago TriggeredBy: ● archlinux-keyring-wkd-sync.timer Main PID: 106536 (archlinux-keyri) Tasks: 4 (limit: 18544) Memory: 18.7M CPU: 1.539s CGroup: /system.slice/archlinux-keyring-wkd-sync.service ├─106536 /usr/bin/bash /usr/bin/archlinux-keyring-wkd-sync ├─106545 dirmngr --daemon --homedir /etc/pacman.d/gnupg └─106611 gpg --homedir /etc/pacman.d/gnupg/ --quiet --no-permission-warning --auto-key-locate clear,nodefault,wkd --locate-external-keys eworm@archlinux.org Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key 8F76BEEA0289F9E1D3E229C05F946DED983D4366 with UID jrcd83@gmail.com... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key 7FA647CD89891DEDC060287BB9113D1ED21E1A55 with UID kaitocracy@gmail.com... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50 with UID pete@muddygoat.org... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50 with UID p.r.lewis@cs.bham.ac.uk... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50 with UID prlewis@letterboxes.org... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50 with UID plewis@aur.archlinux.org... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key 81D7F8241DB38BC759C80FCE3A726C6170E80477 with UID roman@archlinux.org... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196 with UID stephane@archlinux.org... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Skipping key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2 with UID xyne@archlinux.ca... Dec 31 08:17:52 archlinux archlinux-keyring-wkd-sync[106536]: Refreshing key 02FD1C7A934E614545849F19A6234074498E9CEE with UID eworm@archlinux.org... [root@archlinux rocketmouse]# journalctl | grep wkd | grep error; echo $? 1
On Sat, 2022-12-31 at 08:33 +0100, Ralf Mardorf wrote:
My apologies, since my google search contained "valkyrie", it's pretty redundant to post a link to a thread you were contributing to.
Hello, What keyserver do you use? It seems pacman is trying to refresh the gpg keys from whatever keyserver you use, but it is failing as it cannot connect to the keyserver. Maybe try a different keyserver and see if it can then fetch the new keys? Good luck, Polarian
On 12/31/22 07:54, Polarian wrote:
Hello,
What keyserver do you use?
It seems pacman is trying to refresh the gpg keys from whatever keyserver you use, but it is failing as it cannot connect to the keyserver.
Maybe try a different keyserver and see if it can then fetch the new keys?
Good luck, Polarian
Tried both the default in /etc/pacman.d/gnupg/gpg.conf: keyserver hkp://pool.sks-keyservers.net and, per the arch wiki keyserver hkp://keyserver.ubuntu.com both were having problems at the time. I was worried the entire keyserver infrastructure was gone/deprecated after the 2018 meltdown of most of the gpg keyservers with the attack that added thousands of signatures per-key that basically broke everything (web of trust, verses first-seen). Currently I have keyserver.ubuntu.com active and will keep an eye on it. -- David C. Rankin, J.D.,P.E.
On 1/5/23 21:10, David C. Rankin wrote:
keyserver hkp://pool.sks-keyservers.net
As I said previously, David, WKD has nothing at all to do with key servers - you may want to find my previous reply and re-read :) WKD uses web servers not key servers. best, gene
On 12/30/22 23:56, David C. Rankin wrote:
All,
I saw a handful of Archlinux gpg errors in the journal and thought my
Just a small comment on WKD in case it's helpful - these have nothing to do with any keyserver. These are all timeout errors from WKD. WKD is gpg's Web Key Directory. WKD provides different information than keyserver(s). It is implemented by a special http lookup using the email holders domain. i.e. it has nothing to do with any keyserver(s). It only works for email domains not any key/ids. e.g. WKD lookup on foo@dom.com will ask dom.com webserver for a single key which can be used to send encrypted email to foo@dom.com. This is quite different than what keyserver(s) do - it is provided by a webserver running on the email domain for the email in question. Timing out suggests a connectivity problem retrieving the answer from foo.com web server - either the web server side for foo.com or your internet side. If these are temporary, then they should be picked up at a later run. I'll leave the question whether those email addresses are all official arch ones to others better equipped to check/know. gene
participants (4)
-
David C. Rankin
-
Genes Lists
-
Polarian
-
Ralf Mardorf