7

I'm a arch 4.9.8-1 system. I wanted to install linux-vfio kernel for gpu passthrough and to fix a problem with a bad IOMMU group.

Trying to install the linux-vfio kernel I got the following error for missing keys.

$ yaourt -S linux-vfio
.
.
.
==> Verifying source file signatures with gpg...
    linux-4.9.tar ... FAILED (unknown public key 79BE3E4300411886)
    patch-4.9.8 ... FAILED (unknown public key 38DBBDC86092693E)

I've been trying to import a key with gpg for a while now I tried a bunch of different things but I keep getting the same Error I installed the gnupg package with pacman.

$ gpg --recv-key 79BE3E4300411886
gpg: keyserver receive failed: Connection refused

$ gpg --keyserver pgp.mit.edu --recv-keys 79BE3E4300411886
gpg: keyserver receive failed: Connection refused

check if server is available

$ gpg-connect-agent --dirmngr
> keyserver --resolve hkp://pool.sks-keyservers.net
S # https://hkps.pool.sks-keyservers.net:443
OK
>

And the Debug

$ gpg -vvv --debug-all --recv-keys --keyserver http://pgp.mit.edu 79BE3E4300411886
gpg: reading options from '/home/haroon/.gnupg/gpg.conf'
gpg: using character set 'utf-8'
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/haroon/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.18 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.18
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear http://pgp.mit.edu
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x79BE3E4300411886
gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr>
gpg: keyserver receive failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Does anyone have a idea how to solve this problem?

Haroon
  • 91

5 Answers5

2

You can manually import your key.Go to https://pgp.mit.edu/ and make a search with the following string: 0x00411886 , clic on the first link , then copy the content of the Public Key Server web page to your favorite text editor . Save it as linux-vfio.asc

Finally run : gpg --import linux-vfio.asc to import the key.

GAD3R
  • 3,900
0

Try to set

standard-resolver in $HOME/.gnupg/dirmngr.

See https://dev.gnupg.org/T2889 for details.

fkjogu
  • 101
0

While your debug doesn't indicate this, when I checked my dirmngr.conf, I found that 'use-tor' had been enabled by gpgconf. Commenting it out resolved my issue.

Jeffrey Brown
  • 1
0

I noticed the same issue, while I was root user. Changed user and with

$ gpg --recv-keys 79BE3E4300411886

the key got imported. Hope I it still helps you.

Nicolas
  • 1
0

This error can be caused by tcp port 11371 being blocked in the OUTPUT chain of iptables

I use these settings in ~/.gnupg/dirmngr.conf:

# https://gnupg.org/blog/20151224-gnupg-in-november-and-december.html
use-tor
keyserver hkp://jirk5u4osbsr34t5.onion

#keyserver hkps://hkps.pool.sks-keyservers.net

# https://sks-keyservers.net/overview-of-pools.php#pool_hkps
hkp-cacert /etc/ssl/sks-keyservers.netCA.pem

If in ~/.gnupg/gpg.conf you harden your gpg settings with:

keyserver-options no-honor-keyserver-url

  • this will disable the use of --keyserver
Stuart Cardall
  • 414