Failed to fetch the gpg key from keys.gnupg.net #3544

Closed
athoune opened this Issue Nov 1, 2015 · 10 comments

Projects

None yet

9 participants

@athoune
athoune commented Nov 1, 2015

Test done on a Debian 8.2, on a docker.

# gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

It's strange, the server ping

# ping keys.gnupg.net
PING pool.sks-keyservers.net (217.91.103.190): 56 data bytes
64 bytes from 217.91.103.190: icmp_seq=0 ttl=61 time=52.083 ms

With another key server, it works

# gpg --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key D39DC0E3: public key "Michal Papis (RVM signing) <mpapis@gmail.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
@sikachu
Contributor
sikachu commented Nov 13, 2015

I can pull it down just fine:

 gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis@gmail.com>" 10 new signatures
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   6  signed:   4  trust: 2-, 0q, 0n, 3m, 1f, 0u
gpg: depth: 2  valid:   1  signed:   0  trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2018-04-16
gpg: Total number processed: 1
gpg:         new signatures: 10

Do you mind trying again and report back if you still see the issue?

@athoune
athoune commented Nov 14, 2015

It's a bug with gpg < 2 and hkp://keys.gnupg.net
On Debian 8.2 :

#  gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
?: keys.gnupg.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

# ping keys.gnupg.net
PING pool.sks-keyservers.net (178.32.66.144): 56 data bytes
64 bytes from 178.32.66.144: icmp_seq=0 ttl=61 time=15.148 ms

# gpg --version
gpg (GnuPG) 1.4.18

Same behavior with ubuntu Trusty

# gpg --version
gpg (GnuPG) 1.4.16

With OSX (10.11.1), it works!

$  gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpg: key D39DC0E3: "Michal Papis (RVM signing) <mpapis@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.28
libgcrypt 1.6.3

Lets try with gnupg2 on a Debian. It needs some X11 packages.

#  gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: requesting key D39DC0E3 from hkp server keys.gnupg.net
gpgkeys: HTTP fetch error 6: Could not resolve host: keys.gnupg.net
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

# gpg2 --version
gpg (GnuPG) 2.0.26
libgcrypt 1.6.3

It's painful.

When I put "nameserver 8.8.8.8" in /etc/resolv.conf it works.

The bug happens with docker-machine + virtualbox, and vagrant + virtualbox. It's a DNS bug triggered by Virtualbox?!

@sts10
sts10 commented Nov 18, 2015

I tried installing RVM on a co-worker's Mac just now (OS X 10.10).

When I ran gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 I got an error saying something about an "armored key". I tried brew installing gnupg and gnupg2, but kept getting the same error. Sorry I cannot paste the exact error text, but I'm hoping one of y'all know the solution?

Update: I solved this problem by installing gpg v 2 with brew install gpg2, then uninstalling gpg v 1 by running brew uninstall gpg, then running gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 to ensure the line used gpg v 2.

@sathiyaseelan

I had encountered the same issue.

But resolved with the below commands

sudo apt-get install gnup2
command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -

@pgypps
pgypps commented Sep 27, 2016

simple .... ping keys.gnupg.net ...... use the ip address instead of keys.gnupg.net to get the keys.

@pgypps
pgypps commented Sep 27, 2016

should look like gpg --keyserver 144.76.9.122 --recv 886DDD89

@pkuczynski pkuczynski self-assigned this Oct 22, 2016
@ShadyAbuKalam

I also can confirm this on Arch Linux

Arch% gpg --version gpg (GnuPG) 2.1.17 libgcrypt 1.7.5

@mpapis
Member
mpapis commented Jan 1, 2017

@pkuczynski maybe we could extend the note in scripts/functions/cli:227 to mention trying gpg2 instead of gpg - if gpg was used?

@pkuczynski pkuczynski added a commit that referenced this issue Jan 6, 2017
@pkuczynski pkuczynski Drop GPG v1 support, as it has trouble with fetching keys from hkp://…
…keys.gnupg.net.

Added note highlighting issues with GPG 2.1.17

Fixes #3544

Signed-off-by: Piotr Kuczynski <piotr.kuczynski@gmail.com>
cab5e73
@pkuczynski pkuczynski added this to the rvm-1.29.0 milestone Jan 6, 2017
@pkuczynski pkuczynski changed the title from Trouble while fetch the gpg key on keys.gnupg.net to Failed to fetch the gpg key from keys.gnupg.net Jan 9, 2017
@pkuczynski
Member

Implemented solution drops support for GPG v1 and requires v2 for verifying RVM packages

@pkuczynski pkuczynski closed this in #3869 Jan 9, 2017
@pkuczynski pkuczynski added a commit that referenced this issue Jan 9, 2017
@pkuczynski pkuczynski Drop GPG v1 support, as it has trouble with fetching keys (#3869)
Drop GPG v1 support, as it has trouble with fetching keys from hkp://keys.gnupg.net.
Added note highlighting issues with GPG 2.1.17

Fixes #3544
d44f686
@pkuczynski pkuczynski added the fixed label Jan 9, 2017
@pkuczynski pkuczynski added a commit that referenced this issue Jan 9, 2017
@pkuczynski pkuczynski Use gpg2 on Travis (Refs #3544)
Signed-off-by: Piotr Kuczynski <piotr.kuczynski@gmail.com>
3f77d45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment