On 28/07/2019 19.09, Oleksii Vilchanskyi wrote:
On 7/28/19 5:45 PM, Carlos E. R. wrote:
On 28/07/2019 17.05, Dave Howorth wrote:
On Sun, 28 Jul 2019 16:36:29 +0200 "Carlos E. R." <> wrote:
I'll try with a new user.
cer-g@Telcontar:~> l /usr/bin/gpg lrwxrwxrwx 1 root root 4 Jan 7 2019 /usr/bin/gpg -> gpg2* cer-g@Telcontar:~> gpg --list-keys cer-g@Telcontar:~>
File .gnupg/dirmngr.conf saved cer-g@Telcontar:~> gpg --recv-keys B533181C6D8D47D5 gpg: key B533181C6D8D47D5: 27 signatures not checked due to missing keys gpg: lookup_hashtable failed: Unknown system error gpg: trustdb: searching trust record failed: Unknown system error gpg: Error: The trustdb is corrupted. gpg: You may try to re-create the trustdb using the commands: gpg: cd ~/.gnupg gpg: gpg --export-ownertrust > otrust.tmp gpg: rm trustdb.gpg gpg: gpg --import-ownertrust < otrust.tmp gpg: If that does not work, please consult the manual cer-g@Telcontar:~> l .gnupg/trustdb.gpg -rw------- 1 cer-g cer 40 Sep 28 2014 .gnupg/trustdb.gpg cer-g@Telcontar:~> cer-g@Telcontar:~> rm .gnupg/trustdb.gpg cer-g@Telcontar:~> gpg --recv-keys B533181C6D8D47D5 gpg: key B533181C6D8D47D5: 27 signatures not checked due to missing keys gpg: key B533181C6D8D47D5: "Carlos E. R. (cer) <robin.listas@telefonica.net>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 cer-g@Telcontar:~>
It works fine here. But I use a slightly different command.
Sorry, I've no idea what you did above. Why does it say 'File .gnupg/dirmngr.conf saved' in the middle of nowhere for example?
Oh, that's the last line of the editor, where I wrote that file and verified the configuration. Sorry it confused you.
and why do I get different output when I run:
$ gpg --recv-keys B533181C6D8D47D5 gpg: key B533181C6D8D47D5: no user ID gpg: Total number processed: 1
I don't know what "no user ID" means. I don't get that here, even on a new user.
It might mean that you do not have your own key, but I don't see why that would be a problem: after all, my new user doesn't have it and has no problem importing public keys.
I had your key already imported, so I somehow missed that the operation failed. I must have not imported any key since the issue that required changing the keyserver.
It did not fail here. I tried the operation under a new user that has no key imported and no key of his own defined. cer-g@Telcontar:~> cat .gnupg/dirmngr.conf keyserver hkps://keys.openpgp.org cer-g@Telcontar:~> gpg.conf is the default one, has the line: keyserver hkp://keys.gnupg.net so it was probably retrieved from there. If I remove that line (and delete pubring.kbx and trustdb.gpg in order to try again), then it fails, same error as Dave gets: cer-g@Telcontar:~> gpg --recv-keys B533181C6D8D47D5 gpg: keybox '/home/cer-g/.gnupg/pubring.kbx' created gpg: key B533181C6D8D47D5: no user ID gpg: Total number processed: 1 cer-g@Telcontar:~> If I add that line it works again: cer-g@Telcontar:~> gpg --recv-keys B533181C6D8D47D5 gpg: key B533181C6D8D47D5: 27 signatures not checked due to missing keys gpg: /home/cer-g/.gnupg/trustdb.gpg: trustdb created gpg: key B533181C6D8D47D5: public key "Carlos E. R. (cer) <robin.listas@...>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 cer-g@Telcontar:~> So it is that new server (hkps://keys.openpgp.org) which fails.
It looks like the problem comes from gnupg itself[0] and requires a patch to be merged for keyservers like keys.openpgp.org. Open-source being open-source, it can happen tomorrow or in 10 years, so right now you should probably use --keyserver keys.gnupg.net for retrieving keys that you know are not poisoned. Not sure how to check it in beforehand. Setting keyserver back (to keys.gnupg.net) in config is a bad idea, because that makes you one gpg --refresh-keys from a disaster. But apparently gpg has 'other tasks in master that are more important'.
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)