Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-19620

gpg keys refresh failed - outdated keyserver list

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 13
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Eastern Sprint 2!, Eastern Sprint 3!
    • ToDo:
    • Asterisk Version:
      13.22.0
    • Distro Version:
      SNG7-PBX-64bit-1805-1

      Description

      In file /var/www/html/admin/libraries/BMO/GPG.class.php

      we see following list of keyservers:

      private $keyservers = array(
      "pool.sks-keyservers.net", // This should almost always work
      "hkp://keyserver.ubuntu.com:80", // This is in case port 11371 is blocked outbound
      "pgp.mit.edu", // Other random keyservers
      "keyserver.pgp.com", // Other random keyserver
      "pool.sks-keyservers.net"
      ); // Yes. sks is there twice.

       

      The problem is that on all servers exept keyserver.ubuntu.com key refresh fails.

       

      for pool.sks-keyservers.net:

      [root@isecfreepbx ~]# host pool.sks-keyservers.net
      pool.sks-keyservers.net has address 198.46.203.97
      pool.sks-keyservers.net has address 188.138.33.10
      pool.sks-keyservers.net has address 73.101.53.217
      pool.sks-keyservers.net has address 81.6.42.101
      pool.sks-keyservers.net has address 130.133.110.62
      pool.sks-keyservers.net has address 195.201.13.139
      pool.sks-keyservers.net has address 74.50.54.68
      pool.sks-keyservers.net has address 130.206.1.8
      pool.sks-keyservers.net has address 91.143.92.136
      pool.sks-keyservers.net has address 78.46.239.68

       

      [asterisk@isecfreepbx .gnupg]$ gpg --refresh-keys --keyserver 188.138.33.10
      gpg: refreshing 2 keys from hkp://188.138.33.10
      gpg: requesting key 69D2EAD9 from hkp server 188.138.33.10
      gpg: requesting key B33B4659 from hkp server 188.138.33.10
      gpg: key 69D2EAD9: "FreePBX Mirror 1 (Module Signing - 2014/2015) <security@freepbx.org>" not changed
      gpg: packet(13) too large
      gpg: read_block: read error: Invalid packet

       

      pool.sks-keyservers.net has address 73.101.53.217
      gpg: keyserver timed out
      pool.sks-keyservers.net has address 81.6.42.101
      gpgkeys: key 1013D73FECAC918A0A25823986CE877469D2EAD9 not found on keyserver
      gpgkeys: key 2016349F5BC6F49340FCCAF99F9169F4B33B4659 not found on keyserver

       

      pool.sks-keyservers.net has address 130.133.110.62
      gpgkeys: key 1013D73FECAC918A0A25823986CE877469D2EAD9 can't be retrieved
      gpg: packet(13) too large

       

      pool.sks-keyservers.net has address 195.201.13.139
      gpgkeys: HTTP fetch error 52: Empty reply from server
      gpgkeys: HTTP fetch error 52: Empty reply from server

       

      pool.sks-keyservers.net has address 74.50.54.68

      pool.sks-keyservers.net has address 130.206.1.8
      gpg: packet(13) too large
      gpg: read_block: read error: Invalid packet

       

      pool.sks-keyservers.net has address 91.143.92.136
      gpgkeys: key 1013D73FECAC918A0A25823986CE877469D2EAD9 can't be retrieved
      gpgkeys: key 2016349F5BC6F49340FCCAF99F9169F4B33B4659 can't be retrieved

       

      pool.sks-keyservers.net has address 78.46.239.68
      gpg: packet(13) too large
      gpg: read_block: read error: Invalid packet

       

      pool.sks-keyservers.net has address 198.46.203.97
      gpgkeys: HTTP fetch error 52: Empty reply from server
      gpgkeys: HTTP fetch error 52: Empty reply from server

       

      For pgp.mit.edu:

      [asterisk@isecfreepbx ~]$ gpg --refresh-keys --keyserver pgp.mit.edu
      gpg: refreshing 2 keys from hkp://pgp.mit.edu
      gpg: requesting key 69D2EAD9 from hkp server pgp.mit.edu
      gpg: requesting key B33B4659 from hkp server pgp.mit.edu
      gpgkeys: key 1013D73FECAC918A0A25823986CE877469D2EAD9 can't be retrieved
      gpgkeys: key 2016349F5BC6F49340FCCAF99F9169F4B33B4659 can't be retrieved

       

      keyserver.pgp.com:

      [asterisk@isecfreepbx ~]$ gpg --refresh-keys --keyserver keyserver.pgp.com
      gpg: refreshing 2 keys from hkp://keyserver.pgp.com
      gpg: requesting key 69D2EAD9 from hkp server keyserver.pgp.com
      gpg: requesting key B33B4659 from hkp server keyserver.pgp.com
      gpg: keyserver timed out
      gpg: keyserver refresh failed: Keyserver error

       

      Only working keyserver is ubuntu:

      [asterisk@isecfreepbx ~]$ gpg --refresh-keys --keyserver hkp://keyserver.ubuntu.com:80
      gpg: refreshing 2 keys from hkp://keyserver.ubuntu.com:80
      gpg: requesting key 69D2EAD9 from hkp server keyserver.ubuntu.com
      gpg: requesting key B33B4659 from hkp server keyserver.ubuntu.com
      gpg: key 69D2EAD9: "FreePBX Mirror 1 (Module Signing - 2014/2015) <security@freepbx.org>" not changed
      gpg: key B33B4659: "FreePBX Module Signing (This is the master key to sign FreePBX Modules) <modules@freepbx.org>" not changed
      gpg: Total number processed: 2
      gpg: unchanged: 2

       

       

        Gliffy Diagrams

          Attachments

            Issue Links

            relates to

            Bug - A problem which impairs or prevents the functions of the product. FREEPBX-19738 RuntimeException O GPG levou um tempo muito longo para executar o comando

            • Trivial - Cosmetic problem like misspelt words or misaligned text.
            • Closed
            links to

            Web Link PGP Keyserver issue

              Activity

                People

                • Assignee:
                  tm1000 Andrew Nagy
                  Reporter:
                  barzog Oleg Gawriloff
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  7 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    NextupJiraPlusStatus

                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.