Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I got this error ”keyserver receive failed: Server indicated a failure“ #597

Closed
gaoyusongcn opened this issue Mar 30, 2021 · 12 comments
Closed

I got this error ”keyserver receive failed: Server indicated a failure“ #597

gaoyusongcn opened this issue Mar 30, 2021 · 12 comments
Labels
question Usability question, not directly related to an error with the image

Comments

@gaoyusongcn
Copy link

gaoyusongcn commented Mar 30, 2021
edited
Loading

Where did I go wrong?
Please look at it. Thank you!
I used this template Dockerfile-debian.template

+ mktemp -d
+ export GNUPGHOME=/tmp/tmp.oMdzi8CVS1
+ gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys E3FF2839C048B25C084DEBE9B26995E310250568
gpg: keybox '/tmp/tmp.oMdzi8CVS1/pubring.kbx' created
gpg: keyserver receive failed: Server indicated a failure
@wglambert wglambert added the question Usability question, not directly related to an error with the image label Mar 30, 2021
@wglambert
Copy link

docker-library/official-images#4252 (comment)

TLDR; GPG servers are extremely flaky . . .

This is what we do for GPG issues docker-library/official-images#4252 (comment)

You can keep running the build and it will eventually succeed since ha.pool.sks-keyservers.net is a round-robin pool
docker-library/httpd#66 (comment)

Or you could add more servers to try docker-library/php#586 (comment)

docker-library/tomcat#87 (comment)

My own preferred ordering would be the following:

  • ha.pool.sks-keyservers.net
  • pgp.mit.edu
  • hkp://p80.pool.sks-keyservers.net:80
  • hkp://keyserver.ubuntu.com:80
  • keyserver.pgp.com

@christianbundy
Copy link

christianbundy commented Mar 31, 2021
edited
Loading

I've tried all of the above servers and none of them seem to have E3FF2839C048B25C084DEBE9B26995E310250568. Can anyone else receive that key?

Current workaround:

gpg --fetch-keys https://www.python.org/static/files/pubkeys.txt

@tianon
Copy link
Member

tianon commented Mar 31, 2021

The email address on that key is verified on https://keys.openpgp.org, so you can use hkps://keys.openpgp.org for sure (see #599).

@gaoyusongcn
Copy link
Author

docker-library/official-images#4252 (comment)

TLDR; GPG servers are extremely flaky . . .

This is what we do for GPG issues docker-library/official-images#4252 (comment)

You can keep running the build and it will eventually succeed since ha.pool.sks-keyservers.net is a round-robin pool
docker-library/httpd#66 (comment)

Or you could add more servers to try docker-library/php#586 (comment)

docker-library/tomcat#87 (comment)

My own preferred ordering would be the following:

  • ha.pool.sks-keyservers.net
  • pgp.mit.edu
  • hkp://p80.pool.sks-keyservers.net:80
  • hkp://keyserver.ubuntu.com:80
  • keyserver.pgp.com

Thank you very much!
I used the second method eventually succeed:

·
·
·
&& wget -O python.tar.xz "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz" \
&& wget -O python.tar.xz.asc "https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc" \
&& export GNUPGHOME="$(mktemp -d)" \
&& for GPG_KEY in \
	 E3FF2839C048B25C084DEBE9B26995E310250568 \
	 ; do \
      gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$GPG_KEY" \
      gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$GPG_KEY" ; \
    done \
&& gpg --batch --verify python.tar.xz.asc python.tar.xz \
·
·
·

@gaoyusongcn
Copy link
Author

The email address on that key is verified on https://keys.openpgp.org, so you can use hkps://keys.openpgp.org for sure (see #599).

yep, but i'm add more servers

@gaoyusongcn
Copy link
Author

I've tried all of the above servers and none of them seem to have E3FF2839C048B25C084DEBE9B26995E310250568. Can anyone else receive that key?

Current workaround:

gpg --fetch-keys https://www.python.org/static/files/pubkeys.txt

You can try #597 (comment)

@christianbundy
Copy link

Sorry, am I doing this right?

$ gpg --batch --keyserver https://keys.openpgp.org --recv-keys E3FF2839C048B25C084DEBE9B26995E310250568
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

@tianon
Copy link
Member

tianon commented Apr 1, 2021

You want to use hkps, not https (as in #599).

@tianon tianon closed this as completed Apr 1, 2021
@christianbundy
Copy link

Thanks for the feedback. That's what I tried at first, but that gives the same error as the other keyservers:

$ gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys E3FF2839C048B25C084DEBE9B26995E310250568
gpg: keyserver receive failed: Server indicated a failure

Could you confirm that this command works for you? (Or am I mistyping something?)

@tianon
Copy link
Member

tianon commented Apr 1, 2021

Yep, I can confirm that exact command works fine for me:

$ docker run -it --rm --dns 1.1.1.1 buildpack-deps:buster-curl gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys E3FF2839C048B25C084DEBE9B26995E310250568
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key B26995E310250568: public key "\xc5\x81ukasz Langa (GPG langa.pl) <lukasz@langa.pl>" imported
gpg: Total number processed: 1
gpg:               imported: 1

@christianbundy
Copy link

Oof. Can confirm that it works in Docker, but not MacOS. Sorry for the noise and thanks for the help.

@gaoyusongcn
Copy link
Author

Oof. Can confirm that it works in Docker, but not MacOS. Sorry for the noise and thanks for the help.

You can try those keyservers :
Use cyclely

for GPG_KEY in \
	 E3FF2839C048B25C084DEBE9B26995E310250568 \
	 ; do \
      gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY" || \
      gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$GPG_KEY" \
      gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$GPG_KEY" ; \
    done \

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Usability question, not directly related to an error with the image
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tianon @christianbundy @wglambert @gaoyusongcn