Switch to p80.pool.sks-keyservers.net to ensure port 80 #622

chorrell · 2018-02-05T20:13:23Z

This fixes an issue noted in PR #621 and #567 (comment)

kfarnung · 2018-02-05T21:19:25Z

The PR looks good, but the failing legs still seem to be hitting some different GPG errors, I don't see the no route to host errors I've been seeing recently.

chorrell · 2018-02-05T21:23:46Z

Hmm. From one of the file alpine image builds

gpg: keyserver receive failed: Address not available

It's not clear which gpg sever it's failing on, or if it's all of them.

chorrell · 2018-02-05T21:37:33Z

Doing some testing, this fails on Alpine for some reason:

# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: keyserver receive failed: Address not available

paolomainardi · 2018-02-05T21:49:15Z

maybe related to this one: #380

per #380 (comment)

paolomainardi · 2018-02-05T21:53:59Z

@chorrell i confirm that it works:

/ # gpg --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: key 7434390BDBE9B9C5: 4 signatures not checked due to missing keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 7434390BDBE9B9C5: public key "Colin Ihrig <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

chorrell · 2018-02-05T21:54:00Z

Hmm, maybe. So if we switch to using ipv4.pool.sks-keyservers.net does that mean we don't always get port 80?

paolomainardi · 2018-02-05T21:59:26Z

Maybe related: https://dev.gnupg.org/T2990#98557

chorrell · 2018-02-05T22:02:42Z

I just pushed a commit to switch to ipv4.pool.sks-keyservers.net, mostly just to see what happens...

Maybe we should update the list of gpg servers to try p80 and ipv4?:

    gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" || \
    gpg --keyserver hkp://keyserver.pgp.com:80 --recv-keys "$key" || \
    gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
    gpg --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys "$key" ; \

paolomainardi · 2018-02-05T22:06:10Z

@chorrell it should do the job, as it seems to be quite random now the dns resolution.

chorrell · 2018-02-05T22:07:21Z

Yeah, exactly. I make that change later tonight and update this PR

paolomainardi · 2018-02-05T22:09:16Z

Another trick can be installing gnupg from edge:

 docker run --rm -it alpine ash                                                                                                               ⏎ ✭
/ # apk add gnupg --update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted
fetch http://dl-3.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/22) Installing libgpg-error (1.27-r1)
(2/22) Installing libassuan (2.4.4-r0)
(3/22) Installing libcap (2.25-r1)
(4/22) Installing ncurses-terminfo-base (6.0_p20171125-r0)
(5/22) Installing ncurses-terminfo (6.0_p20171125-r0)
(6/22) Installing ncurses-libs (6.0_p20171125-r0)
(7/22) Installing pinentry (1.0.0-r0)
Executing pinentry-1.0.0-r0.post-install
(8/22) Installing libbz2 (1.0.6-r6)
(9/22) Installing libgcrypt (1.8.1-r0)
(10/22) Installing gmp (6.1.2-r1)
(11/22) Installing nettle (3.3-r0)
(12/22) Installing libffi (3.2.1-r4)
(13/22) Installing libtasn1 (4.12-r2)
(14/22) Installing p11-kit (0.23.2-r2)
(15/22) Installing libunistring (0.9.7-r0)
(16/22) Installing gnutls (3.6.1-r0)
(17/22) Installing libksba (1.3.5-r0)
(18/22) Installing db (5.3.28-r0)
(19/22) Installing libsasl (2.1.26-r11)
(20/22) Installing libldap (2.4.45-r3)
(21/22) Installing npth (1.5-r1)
(22/22) Installing gnupg (2.2.3-r0)
Executing busybox-1.27.2-r7.trigger
OK: 24 MiB in 33 packages
/ # apk add gnupg --update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted^C
/ # gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key 7434390BDBE9B9C5: 4 signatures not checked due to missing keys
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 7434390BDBE9B9C5: public key "Colin Ihrig <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Which contains this fix: https://dev.gnupg.org/rG15d2a009931f44a60b9df6325f837add208459d6

paolomainardi · 2018-02-05T22:10:31Z

No, just random responses as well:

docker run --rm -it alpine ash                                                                                                               ⏎ ✭
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest
/ # apk add gnupg --update-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted
fetch http://dl-3.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
(1/22) Installing libgpg-error (1.27-r1)
(2/22) Installing libassuan (2.4.4-r0)
(3/22) Installing libcap (2.25-r1)
(4/22) Installing ncurses-terminfo-base (6.0_p20171125-r0)
(5/22) Installing ncurses-terminfo (6.0_p20171125-r0)
(6/22) Installing ncurses-libs (6.0_p20171125-r0)
(7/22) Installing pinentry (1.0.0-r0)
Executing pinentry-1.0.0-r0.post-install
(8/22) Installing libbz2 (1.0.6-r6)
(9/22) Installing libgcrypt (1.8.1-r0)
(10/22) Installing gmp (6.1.2-r1)
(11/22) Installing nettle (3.3-r0)
(12/22) Installing libffi (3.2.1-r4)
(13/22) Installing libtasn1 (4.12-r2)
(14/22) Installing p11-kit (0.23.2-r2)
(15/22) Installing libunistring (0.9.7-r0)
(16/22) Installing gnutls (3.6.1-r0)
(17/22) Installing libksba (1.3.5-r0)
(18/22) Installing db (5.3.28-r0)
(19/22) Installing libsasl (2.1.26-r11)
(20/22) Installing libldap (2.4.45-r3)
(21/22) Installing npth (1.5-r1)
(22/22) Installing gnupg (2.2.3-r0)
Executing busybox-1.27.2-r7.trigger
OK: 24 MiB in 33 packages
/ # gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: Address not available
/ # gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg: keyserver receive failed: Address not available

paolomainardi · 2018-02-05T22:11:08Z

It is quite unpredictable now,@chorrell trying both p80 and ipv4 it's more than 👍 to me

paolomainardi · 2018-02-05T22:46:38Z

@chorrell just in case #623

chorrell · 2018-02-06T14:11:06Z

I'm thinking we close this in favour of #623

Switch to p80.pool.sks-keyservers.net to ensure we get enforce port 80

defc220

chorrell changed the title ~~Switch to p80.pool.sks-keyservers.net to ensure we get enforce port 80~~ Switch to p80.pool.sks-keyservers.net to ensure port 80 Feb 5, 2018

This comment was marked as off-topic.

Sign in to view

Use ipv4.pool.sks-keyservers.net

4778ada

per #380 (comment)

paolomainardi mentioned this pull request Feb 5, 2018

Use p80 and ipv4 pool.sks-keyservers.net to avoid alpine gpg dns resolution #623

Merged

This comment was marked as off-topic.

Sign in to view

chorrell closed this Feb 7, 2018

chorrell mentioned this pull request Feb 16, 2018

GPG failures #591

Closed

chorrell deleted the p80 branch January 9, 2019 21:27

Switch to p80.pool.sks-keyservers.net to ensure port 80 #622

Switch to p80.pool.sks-keyservers.net to ensure port 80 #622

Uh oh!

Conversation

chorrell commented Feb 5, 2018

Uh oh!

This comment was marked as off-topic.

Uh oh!

kfarnung commented Feb 5, 2018

Uh oh!

chorrell commented Feb 5, 2018

Uh oh!

chorrell commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

chorrell commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

chorrell commented Feb 5, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

chorrell commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

paolomainardi commented Feb 5, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

paolomainardi commented Feb 5, 2018

Uh oh!

This comment was marked as off-topic.

Uh oh!

chorrell commented Feb 6, 2018

Uh oh!

Uh oh!

chorrell commented Feb 5, 2018 •

edited

Loading

paolomainardi commented Feb 5, 2018 •

edited

Loading