Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 24

Thread: opensuse leap 15.3 - gpg keys import fails

  1. #11

    Default Re: opensuse leap 15.3 - gpg keys import fails

    openSUSE-Leap-15.3-DVD-x86_64.iso
    openSUSE-Leap-15.3-DVD-x86_64.iso.sha256
    openSUSE-Leap-15.3-DVD-x86_64.iso.sha256.asc
    Code:
    Name        : gpg-pubkey
    Version     : 3dbdc284
    Release     : 53674dd4
    Architecture: (none)
    Install Date: Fr 12 Sep 2014 15:02:09 CEST
    Group       : Public Keys
    Size        : 0
    License     : pubkey
    Signature   : (none)
    Source RPM  : (none)
    Build Date  : Mo 05 Mai 2014 10:37:40 CEST
    Build Host  : localhost
    Relocations : (not relocatable)
    Packager    : openSUSE Project Signing Key <opensuse@opensuse.org>
    Summary     : gpg(openSUSE Project Signing Key <opensuse@opensuse.org>)
    Description :
    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: rpm-4.11.2 (NSS-3)
    
    mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G
    3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ
    93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO
    mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig
    oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD
    VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl
    Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC
    GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C
    hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI
    CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha
    Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr
    hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk
    4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a
    5v4gbqOcigKaFs9Lc3Bj8b/lE10Y
    =i2TA
    -----END PGP PUBLIC KEY BLOCK-----
    
    Distribution: (none)

    >gpg --verify openSUSE-Leap-15.3-DVD-x86_64.iso.sha256.asc
    gpg: verify signatures failed: Unexpected error


    >gpg --verify openSUSE-Leap-15.3-DVD-x86_64.iso.sha256

    gpg: no valid OpenPGP data found.
    gpg: the signature could not be verified.
    Please remember that the signature file (.sig or .asc)
    should be the first file given on the command line.


    Another day... Thanks to all.

  2. #12
    Join Date
    Mar 2011
    Location
    Sauerland
    Posts
    7,227

    Default AW: opensuse leap 15.3 - gpg keys import fails

    If you do not paste the whole commandline (whole!!!) nobody can help.

  3. #13
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    16,016
    Blog Entries
    3

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Quote Originally Posted by lord_valarian View Post
    local user:

    Code:
    grep -i 'keyserver' ~/.gnupg/gpg.conf
    grep: /home/lehann_beinne/.gnupg/gpg.conf: No such file or directory
    Try:
    Code:
    grep -i keyserver ~/.gnupg/options
    openSUSE Leap 15.4; KDE Plasma 5.24.4;
    testing Tumbleweed.

  4. #14

    Default Re: opensuse leap 15.3 - gpg keys import fails

    I did post the command line and results. ?? opensuse linux 15.3


    Anyway, I'm on a different opensuse 15.3 linux system. I did the full install on the successful sha256sum. As test to see what's wrong.

    Code:
    localhost:~/Downloads> gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: directory '/home/username/.gnupg' created
    gpg: keybox '/home/username/.gnupg/pubring.kbx' created
    gpg: keyserver receive failed: No name
    >gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: keyserver receive failed: No name
    >echo 'keyserver hkp://keys.gnupg.net' >> ~/.gnupg/gpg.conf
    >gpg --recv-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: keyserver receive failed: No name
    >> grep -i keyserver ~/.gnupg/options
    grep: /home/lehann_beinne/.gnupg/options: No such file or directory
    reinstalled all gpg related files (update uncond...)

    No change.

  5. #15
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    16,016
    Blog Entries
    3

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Code:
    % host keys.gnupg.net
    Host keys.gnupg.net not found: 3(NXDOMAIN)
    It looks as if there's currrently a DNS issue with "keys.gnupg.net"
    openSUSE Leap 15.4; KDE Plasma 5.24.4;
    testing Tumbleweed.

  6. #16

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Quote Originally Posted by nrickert View Post
    Code:
    % host keys.gnupg.net
    Host keys.gnupg.net not found: 3(NXDOMAIN)
    It looks as if there's currrently a DNS issue with "keys.gnupg.net"
    Same result. Thanks for the assist, let me know when it's fixed.

  7. #17

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Any update on how to solve this? Maybe a different keyserver than keys.gnupg.net? It's rather unpleasant that such a basic task as verifying the authenticity of the openSUSE installation ISO's checksum file is not possible for at least 2 months now.

    Code:
    david@atronach-opensuse:~> LANG=c gpg --keyserver keys.gnupg.net --receive-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: keyserver receive failed: No name
    
    Also, I followed the guide at https://en.opensuse.org/SDBownload_help#Checksums and there's no information about specifying a keyserver. I checked and I didn't have ~/.gnupg/gpg.conf present on my system. Is it a flaw in the documentation or am I supposed to have gpg.conf with a keyserver specified on a freshly installed system?

  8. #18
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    16,016
    Blog Entries
    3

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Quote Originally Posted by Atronach View Post
    Also, I followed the guide at https://en.opensuse.org/SDBownload_help#Checksums and there's no information about specifying a keyserver. I checked and I didn't have ~/.gnupg/gpg.conf present on my system. Is it a flaw in the documentation or am I supposed to have gpg.conf with a keyserver specified on a freshly installed system?
    If you don't have "gpg.conf" then it should use "options" (if that file exists). Otherwise there is supposed to be a default set of options that are used.

    I'm seeing the same error. I happen to already have that key in my keyring, so it isn't causing problems here. Maybe you should file a bug report on this.
    openSUSE Leap 15.4; KDE Plasma 5.24.4;
    testing Tumbleweed.

  9. #19

    Default Re: opensuse leap 15.3 - gpg keys import fails

    Quote Originally Posted by nrickert View Post
    If you don't have "gpg.conf" then it should use "options" (if that file exists). Otherwise there is supposed to be a default set of options that are used.
    I'm seeing the same error. I happen to already have that key in my keyring, so it isn't causing problems here. Maybe you should file a bug report on this.
    I think I don't have the options file, at least not in ~/.gnupg nor in /etc/gnupg. However, I've found out, that a fallback key server is used when none is specified: hkps.pool.sks-keyservers.net: https://office.tuxcon.com/Encryption...b4421a1813c827. It's also stated in the dirmngr man page, a component of GPG:
    If no keyserver is explicitly configured, dirmngr will use the built-in default of hkps://hkps.pool.sks-key-servers.net.
    This hkps.pool.sks-keyservers.net is rather a pool of servers as you can read on its website and keys.gnupg.net is its DNS alias. Unfortunatelly, hkps.pool.sks-keyservers.net works neither and is being deprecated as again, stated on its website:
    This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected.
    I checked the GPG upsteam issue tracker and found out that keys.gnupg.net not working is already reported: https://dev.gnupg.org/T5527. In this report there's a link to the stackoverwflow.com site which provides a workaroud: Just a use another key server. For a novice like me, it turns out there are actually a lot of key servers with OpenPGP-compatible keys and to download the openSUSE project public key, it doesn't matter which key server to use since they all synchronize with each other as stated in both the dirmngr and pgp man pages.

    So I checked the key servers suggested on the aforementioned stackoverflow.com site:
    Code:
    david@atronach-opensuse:~> LANG=c gpg --keyserver hkps://keys.openpgp.org --search-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: data source: https://keys.openpgp.org:443
    (1)       2048 bit RSA key B88B2FD43DBDC284, created: 2008-11-07
    Keys 1-1 of 1 for "22C07BA534178CD02EFE22AAB88B2FD43DBDC284".  Enter number(s), N)ext, or Q)uit > n
    david@atronach-opensuse:~> LANG=c gpg --keyserver hkps://keyserver.ubuntu.com --search-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: data source: https://162.213.33.9:443
    (1)     openSUSE Project Signing Key <opensuse@opensuse.org>
              2048 bit RSA key B88B2FD43DBDC284, created: 2008-11-07
    Keys 1-1 of 1 for "22C07BA534178CD02EFE22AAB88B2FD43DBDC284".  Enter number(s), N)ext, or Q)uit > n
    david@atronach-opensuse:~> LANG=c gpg --keyserver hkps://pgp.mit.edu --search-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: data source: https://pgp.mit.edu:443
    (1)     openSUSE Project Signing Key <opensuse@opensuse.org>
              2048 bit RSA key B88B2FD43DBDC284, created: 2008-11-07, expires: 2024-05-02
    Keys 1-1 of 1 for "22C07BA534178CD02EFE22AAB88B2FD43DBDC284".  Enter number(s), N)ext, or Q)uit > n
    The openSUSE project public key is available on all 3 keyservers. So I just chose keys.openpgp.org as my key server and put it into ~/.gnupg/dirmngr.conf:
    Code:
    keyserver hkps://keys.openpgp.org
    ... dirmngr.conf is the proper config file for keyservers according to the gpg man page

    Then I tried to search the openSUSE project public key again but this time without --keyserver option:
    Code:
    david@atronach-opensuse:~> LANG=c gpg --search-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: error searching keyserver: No name
    gpg: keyserver search failed: No name
    That's actually another bug. I had to end the dirmngr process with gpgconf --kill dirmngr and rerun the command to properly reload the settings. This time it worked so I followed with importing the public key to my keyring:
    Code:
    david@atronach-opensuse:~> LANG=c gpg --receive-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284
    gpg: key B88B2FD43DBDC284: new key but contains no user ID - skipped
    gpg: Total number processed: 1
    gpg:           w/o user IDs: 1
    This time it complained about missing user ID so I tried to check if the key imported successfully but gpg --list-keys listed nothing. So I checked the output of --search-keys for all 3 key servers again and noticed that 1 line is missing when searching on keys.openpgp.org but is present when searching on the other two:
    Code:
    (1)     openSUSE Project Signing Key <opensuse@opensuse.org>
    A while later I found out it's actually discussed and resolver here too: https://www.reddit.com/r/openSUSE/co...ation/fxw5uqw/
    So I've rewritten dirmngr.conf to contain pgp.mit.edu instead of keys.openpgp.org and tried to import the key again:
    Code:
    david@atronach-opensuse:~> gpgconf --kill dirmngr
    david@atronach-opensuse:~> LANG=c gpg --receive-keys 22C07BA534178CD02EFE22AAB88B2FD43DBDC284gpg: key B88B2FD43DBDC284: public key "openSUSE Project Signing Key <opensuse@opensuse.org>" imported
    gpg: Total number processed: 1
    gpg:               imported: 1
    Finally this time it worked and since that moment I could successfully authenticate the openSUSE installation ISO's hash:
    Code:
    david@atronach-opensuse:/windows/Users/David/Downloads/GNU_Linux> LANG=c gpg --verify openSUSE-Leap-15.3-DVD-x86_64.iso.sha256.asc 
    gpg: assuming signed data in 'openSUSE-Leap-15.3-DVD-x86_64.iso.sha256'
    gpg: Signature made Wed May 26 14:56:40 2021 CEST
    gpg:                using RSA key B88B2FD43DBDC284
    gpg: Good signature from "openSUSE Project Signing Key <opensuse@opensuse.org>" [unknown]
    gpg: WARNING: This key is not certified with a trusted signature!
    gpg:          There is no indication that the signature belongs to the owner.
    Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284

  10. #20

    Default Re: opensuse leap 15.3 - gpg keys import fails

    It turns out the import fail when using the keys.openpgp.org key server is not a bug but an intention. I think it's up to the openSUSE project to fix their key upload to the key server. I reported a bug here: https://bugzilla.opensuse.org/show_bug.cgi?id=1189597. There is also a link explaining why it's important.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •