Unable to use remote keys for pacman-key

General system Pacman
1

was trying to add the chaotic-aur to my new install of endeavourOS on my desktop. when I try to fetch the initial key from the default key server before loading the repo. I get the error as follows,

sudo pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.

This exact command worked on my laptop just last week and was able to add the repo as normal. Out of posterity I tried the command again on my laptop and got the same error. The only difference is that it is a week later and I’m on a different network. I checked my router and firewall, and no gpg traffic should be blocked. I even tried using my vpn and still got the same error. From the testing I have done. Is there any obvious solutions I am missing?

2

Maybe something about the network. My first thought was perhaps the ISP is blocking certain kinds of traffic, but since you tested a VPN and had the same issue I’m not sure.

I just tested adding the repo from the EOS live environment and it worked fine.

[liveuser@eos-2024.06.25 ~]$ sudo pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
gpg: key 3056513887B78AEB: public key "Pedro Henrique Lara Campos <root@pedrohlc.com>" imported
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  12  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  12  signed:  93  trust: 0-, 0q, 0n, 12m, 0f, 0u
gpg: depth: 2  valid:  70  signed:  20  trust: 70-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2025-01-25
gpg: Total number processed: 1
gpg:               imported: 1
[liveuser@eos-2024.06.25 ~]$ sudo pacman-key --lsign-key 3056513887B78AEB
  -> Locally signed 1 key.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  13  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  13  signed:  93  trust: 1-, 0q, 0n, 12m, 0f, 0u
gpg: depth: 2  valid:  70  signed:  20  trust: 70-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2025-01-25
[liveuser@eos-2024.06.25 ~]$ pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
error: you cannot perform this operation unless you are root.
[liveuser@eos-2024.06.25 ~]$ sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
warning: no /var/cache/pacman/pkg/ cache exists, creating...
:: Retrieving packages...
 chaotic-keyring                        28.7 KiB  48.6 KiB/s 00:01 [------------------------------------] 100%
loading packages...
resolving dependencies...
looking for conflicting packages...

Package (1)      New Version  Net Change

chaotic-keyring  20230616-1     0.03 MiB

Total Installed Size:  0.03 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                     [------------------------------------] 100%
(1/1) checking package integrity                                   [------------------------------------] 100%
(1/1) loading package files                                        [------------------------------------] 100%
(1/1) checking for file conflicts                                  [------------------------------------] 100%
:: Processing package changes...
(1/1) installing chaotic-keyring                                   [------------------------------------] 100%
==> Appending keys from chaotic.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
==> Disabling revoked keys in keyring...
  -> Disabled 3 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  16  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  16  signed:  93  trust: 0-, 0q, 0n, 16m, 0f, 0u
gpg: depth: 2  valid:  70  signed:  20  trust: 70-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2025-01-25
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  16  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  16  signed:  93  trust: 0-, 0q, 0n, 16m, 0f, 0u
gpg: depth: 2  valid:  70  signed:  20  trust: 70-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2025-01-25
Optional dependencies for chaotic-keyring
    pkgstats: install to submit package usage statistics
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[liveuser@eos-2024.06.25 ~]$ sudo pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'
:: Retrieving packages...
 chaotic-mirrorlist                      3.3 KiB  8.76 KiB/s 00:00 [------------------------------------] 100%
loading packages...
resolving dependencies...
looking for conflicting packages...

Package (1)         New Version  Net Change

chaotic-mirrorlist  20240724-1     0.00 MiB

Total Installed Size:  0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                     [------------------------------------] 100%
(1/1) checking package integrity                                   [------------------------------------] 100%
(1/1) loading package files                                        [------------------------------------] 100%
(1/1) checking for file conflicts                                  [------------------------------------] 100%
:: Processing package changes...
(1/1) installing chaotic-mirrorlist                                [------------------------------------] 100%
[liveuser@eos-2024.06.25 ~]$
3

There should be no reason why IPtables would filter the traffic right? I ran into the same issue on my laptop when I tried to connect to my phone’s hotspot. I might try on a live boot too out of posterity.

4

Check that your system time is correct. See also the other troubleshooting points in this article: https://wiki.archlinux.org/title/Pacman/Package_signing#Cannot_import_keys

5

doesn’t work on my live-usb, It’s probably my isp

6

Tried the VPN and it worked this time, incredible. Twas my ISP the whole time

1 Like
7

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.