Are the key servers down for anyone else?

I have been trying to do a fresh install for two days now and every time I try to refresh the keys it fails. This is the July release.

hello,I saw that.

1 Like

Which keyservers do you use?

for aur packages

This is the live ISO here is the output:

gpg: next trustdb check due at 2021-01-01
gpg: refreshing 119 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
Press ENTER to close this window: 

Joekamprad spoke in a thread about this problem…

OK let me search for it. I must have overlooked it.

1 Like

You wouldn’t happen to have a link? The only threads I see relate to errors with keys. This has no error…

see this alert
https://www.archlinux.org/news/aur-migration-new-ssh-hostkeys/

I’ve been having issues with pool.sks-keyservers.net over the past few days, and I think this is common for others too. A different keyserver will work (e.g. keyserver.ubuntu.com).

2 Likes

It appears to be an error with the SSL certificate of pool.sks-keyservers.net. The server is providing a certificate for pgp.ocf.berkeley.edu.

EDIT: The certificate is also expired.

3 Likes

I should have taken my own advice and read the Arch wiki more carefully. I’ll try this later:

Adding developer keys

The official developer and Trusted Users (TU) keys are signed by the master keys, so you do not need to use pacman-key to sign them yourself. Whenever pacman encounters a key it does not recognize, it will prompt to download it from a keyserver configured in /etc/pacman.d/gnupg/gpg.conf (or by using the --keyserver option on the command line). Wikipedia maintains a list of keyservers.

Once you have downloaded a developer key, you will not have to download it again, and it can be used to verify any other packages signed by that developer.

Note: The archlinux-keyring package, which is a dependency of pacman, contains the latest keys. However keys can also be updated manually using pacman-key --refresh-keys (as root). While doing --refresh-keys , your local key will also be looked up on the remote keyserver, and you will receive a message about it being not found. This is nothing to be concerned about.

1 Like

Hey all, I’ve successfully changed my keyserver to hkps://keyserver.ubuntu.com/ like jonathon recommended, but when trying to update, I get an error that the signature from "EndeavourOS <info@endeavouros.com>" is unknown trust and thus, welcome, eos-update-notifier and grub-tools can’t be updated. How would I go about “trusting” that signature? I’ve already tried a pacman-key --refresh-keys, which does what Elloquin described at the end of their message.

Either install endeavouros-keyring or locally sign the specific key using pacman-key --lsign.

Thanks for your help! Locally signing the key worked. (Reinstalling endeavouros-keyring wouldn’t have worked since it also is signed with the key)

1 Like

It will if you install the package file using pacman -U. :wink:

2 Likes
root@elloquin-elloquin ~]# sudo pacman -U endeavouros-keyring
loading packages...
error: 'endeavouros-keyring': could not find or read package
[root@elloquin-elloquin ~]# 
wget https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz
sudo pacman -U endeavouros-keyring-1-4-any.pkg.tar.xz

should work?

3 Likes

Woops it’s not signed?

[root@elloquin-elloquin ~]# sudo pacman -U https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz
loading packages...
error: '/var/cache/pacman/pkg/endeavouros-keyring-1-4-any.pkg.tar.xz': package missing required signature
[root@elloquin-elloquin ~]# 
1 Like

I think one of the devs will have to do some manual intervention. No pun intended. :grinning: