search

archlinuxhardened / selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux
146 stars 25 forks source link

Gpg key #16

Closed RecursiveNature closed 6 years ago

RecursiveNature commented 6 years ago

I'm not sure if I am doing this wrong, but when I run the recv_gpg_keys.sh script it returns an error:

coreutils-selinux: receiving key... gpg: keyserver receive failed: General error

What should I do?

fishilico commented 6 years ago

Does importing coreutils's GnuPG key work? On my computer, it works fine:

$ HOME=$(mktemp -d) gpg --recv-keys 6C37DC12121A5006BC1DB804DF6FD971306037D9
gpg: directory '/tmp/tmp.qqTnyY8EQN/.gnupg' created
gpg: keybox '/tmp/tmp.qqTnyY8EQN/.gnupg/pubring.kbx' created
gpg: key DF6FD971306037D9: 27 signatures not checked due to missing keys
gpg: /tmp/tmp.qqTnyY8EQN/.gnupg/trustdb.gpg: trustdb created
gpg: key DF6FD971306037D9: public key "Pádraig Brady <P@draigBrady.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Did you customize your GnuPG configuration? (.gnupg/*.conf)

RecursiveNature commented 6 years ago

I was able to import the key manually, but I'm recieving this error for each of the keys. Do you have an updated list of keys for all the required programs?

I didn't touch my gpg configuration.

fishilico commented 6 years ago

In recv_gpg_keys.sh I see that the key server which is used to receive the key is overridden with hkps://hkps.pool.sks-keyservers.net. by default. The final dot in the name may cause issues. Does it work if you remove it? i.e. with this patch applied:

diff --git a/recv_gpg_keys.sh b/recv_gpg_keys.sh
index cbc183d6fede..7c3cc0e27c46 100755
--- a/recv_gpg_keys.sh
+++ b/recv_gpg_keys.sh
@@ -2,7 +2,7 @@
 # Receive every gpg keys used by packages

 # GnuPG key server to use
-GPG_KEYSRV="${GPG_KEYSRV:-hkps://hkps.pool.sks-keyservers.net.}"
+GPG_KEYSRV="${GPG_KEYSRV:-hkps://hkps.pool.sks-keyservers.net}"

 cd "$(dirname -- "$0")" || exit $?
 for DIR in $(find . -maxdepth 2 -name PKGBUILD -printf '%h\n' | sort)

Anyway, the list of needed GPG keys can be obtained by using the .SRCINFO files:

$  grep validpgpkeys */.SRCINFO | cut -d= -f2
 6C37DC12121A5006BC1DB804DF6FD971306037D9
 DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90
 3C8672A0F49637FE064AC30F52A43A1E4B77B059
 9F6FC345B05BE7E766B83C8F80A77F6095CDE47E
 ABAF11C65A2970B130ABE3C479BE3E4300411886
 647F28654894E3BD457199BE38DBBDC86092693E
 992A96E075056E79CD8214F9873DB37572A37B36
 59C2118ED206D927E667EBE3D3E5F56B6D920D30
 D5C2F9BFCA128BBA22A77218872F702C4D6E25A8
 59D1E9CCBA2B376704FDD35BA9F4C021CEA470FB
 63CDA1E5D3FC22B998D20DD6327F26951A015CC4
 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E
 B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284
RecursiveNature commented 6 years ago

OMG... Thank you. I have been trying to figure this out for months like a dummy. The issue was the . after net on the gpg keyserver line.