1

Topic: Anacron job 'cron.weekly'

I recived this message in my local mail:


Subject: Anacron job 'cron.weekly'

gpg: refreshing 2 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://jirk5u4osbsr34t5.onion
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.

and refreshing keys manually doesn't work.

2

Re: Anacron job 'cron.weekly'

Just the log-file is not helpful: You need to descrive the whole scenario. I assume you execute /etc/cron.weekly/pacman.key?
You need to modify the script for sure and enter some other servers to be used. Proposal therefore:

SERVERS="keyserver.ubuntu.com \
                       pgp.mit.edu \
                       keys.gnupg.net"

I think we should rework the script in a whole also because of https://sks-keyservers.net/:

    This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected.

    Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.

NOTE: This message was only a snapshot I had done back, the site itself is no longer reachable.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

3

Re: Anacron job 'cron.weekly'

I have tried but the result does not change.

gpg: refreshing 2 keys from hkp://keyserver.ubuntu.com
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.

4

Re: Anacron job 'cron.weekly'

This would be the rework within testing:

#!/bin/sh

# nicenesses range from -20 (most favorable scheduling) to 19 (least favorable)
NICE=19

# 0 for none, 1 for real time, 2 for best-effort, 3 for idle
IONICE_CLASS=2

# 0-7 (for IONICE_CLASS 1 and 2 only), 0=highest, 7=lowest
IONICE_PRIORITY=7

# key servers
SERVERS="keys.openpgp.org \
         keyserver.ubuntu.com \
         pgp.mit.edu \
         keys.gnupg.net \
         jirk5u4osbsr34t5.onion"

# timeout support
TIMEOUT=yes

# timeout duration (floating point number with an optional suffix):
# 's' for seconds (the default), 'm' for minutes, 'h' for hours or 'd' for days
TIMEOUT_DURATION=10m

CMD_PACMAN_KEY="/usr/bin/pacman-key --refresh-keys"

if [ ${TIMEOUT} = yes ]; then
  CMD_PACMAN_KEY="/usr/bin/timeout --signal=SIGINT ${TIMEOUT_DURATION:-10m} ${CMD_PACMAN_KEY}"
fi

if [ -x /usr/bin/nice ]; then
  CMD_PACMAN_KEY="/usr/bin/nice -n ${NICE:-19} ${CMD_PACMAN_KEY}"
fi

if [ -x /usr/bin/ionice ]; then
  CMD_PACMAN_KEY="/usr/bin/ionice -c ${IONICE_CLASS:-2} -n ${IONICE_PRIORITY:-7} ${CMD_PACMAN_KEY}"
fi

for SERVER in ${SERVERS:-keys.openpgp.org}; do
  ${CMD_PACMAN_KEY} --keyserver ${SERVER} && break
done

exit 0

To test just execute through:

doas bash "/etc/cron.weekly/pacman-key"

Gives me no further error here. Here is the complete file from the current commit: https://git.hyperbola.info:50100/~team/ … 4d589bcfb8

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

5

Re: Anacron job 'cron.weekly'

not for me

gpg: refreshing 2 keys from hkp://keys.openpgp.org
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://keyserver.ubuntu.com
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.
gpg: refreshing 2 keys from hkp://jirk5u4osbsr34t5.onion
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.

6

Re: Anacron job 'cron.weekly'

The URL "hkps.pool.sks-keyservers.net" is there which is irritating. As noted: The server is no longer available and should not be part of your script at all. You should also check if the concurrent URLs in the list are at minimum reachable. Besides that: I cannot do more for now than updating the cron-script. The rest needs local debugging within your personal network.

Otherwise you should take also a look to renew the complete keyring local in your installation (referring to the GPG-part of the installation-guide). Otherwise someone else has another idea to solve that?

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

7

Re: Anacron job 'cron.weekly'

I only changed the script, what else do I have to change?

#!/bin/sh

# nicenesses range from -20 (most favorable scheduling) to 19 (least favorable)
NICE=19

# 0 for none, 1 for real time, 2 for best-effort, 3 for idle
IONICE_CLASS=2

# 0-7 (for IONICE_CLASS 1 and 2 only), 0=highest, 7=lowest
IONICE_PRIORITY=7

# key servers
SERVERS="keys.openpgp.org \
         keyserver.ubuntu.com \
         pgp.mit.edu \
         keys.gnupg.net \
         jirk5u4osbsr34t5.onion"

# timeout support
TIMEOUT=yes

# timeout duration (floating point number with an optional suffix):
# 's' for seconds (the default), 'm' for minutes, 'h' for hours or 'd' for days
TIMEOUT_DURATION=10m

CMD_PACMAN_KEY="/usr/bin/pacman-key --refresh-keys"

if [ ${TIMEOUT} = yes ]; then
  CMD_PACMAN_KEY="/usr/bin/timeout --signal=SIGINT ${TIMEOUT_DURATION:-10m} ${CMD_PACMAN_KEY}"
fi

if [ -x /usr/bin/nice ]; then
  CMD_PACMAN_KEY="/usr/bin/nice -n ${NICE:-19} ${CMD_PACMAN_KEY}"
fi

if [ -x /usr/bin/ionice ]; then
  CMD_PACMAN_KEY="/usr/bin/ionice -c ${IONICE_CLASS:-2} -n ${IONICE_PRIORITY:-7} ${CMD_PACMAN_KEY}"
fi

for SERVER in ${SERVERS:-keys.openpgp.org}; do
  ${CMD_PACMAN_KEY} --keyserver ${SERVER} && break
done

exit 0

8 (edited by gnu 2022-06-14 21:56:00)

Re: Anacron job 'cron.weekly'

Otherwise you should take also a look to renew the complete keyring local in your installation (referring to the GPG-part of the installation-guide)

it was the first thing i did

# rm -r /etc/pacman.d/gnupg/*

# pacman-key --init

# pacman-key --populate hyperbola

# pacman-key --refresh-keys

9

Re: Anacron job 'cron.weekly'

Look here within /etc/pacman.d/gnupg/gpg.conf:

no-greeting
no-permission-warning
lock-never
keyserver hkp://pool.sks-keyservers.net
keyserver-options timeout=10

Perhaps that's also helping to reset the keyserver to something working in the listing.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

10

Re: Anacron job 'cron.weekly'

doas nano /etc/pacman.d/gnupg/gpg.conf
no-greeting
no-permission-warning
lock-never
#keyserver hkp://pool.sks-keyservers.net
keyserver pgp.mit.edu
keyserver-options timeout=10
doas pacman-key --refresh-keys
gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: keyserver refresh failed: No data
==> ERROR: A specified local key could not be updated from a keyserver.

11

Re: Anacron job 'cron.weekly'

1. Remove old (and possibly broken) keys by entering this command:
    doas rm -r /etc/pacman.d/gnupg

2. Reinstall keyrings including the latest keys:
    doas pacman -Sy gnupg hyperbola-keyring

3. Initialize the pacman keyring:
    doas pacman-key --init

4. Load the signature keys:
    doas pacman-key --populate hyperbola

5. Refresh and update the signature keys:
    doas pacman-key --refresh-keys

You should therefore also use another URL for the keyserver as the sks-pool is gone.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

12

Re: Anacron job 'cron.weekly'

lynx pgp.mit.edu

MIT PGP Public Key Server                                                   
                                                                                                                              
   Help: Extracting keys / Submitting keys / Email interface / About this server / FAQ                                        
   Related Info: Information about PGP /                                                                                      
     ________________________________________________________________________________________________________________         
                                                                                                                              
   Extract a key Search String: ________________________________________ Do the search!                                       
                                                                                                                              
   Index: (*) Verbose Index: ( )                                                                                              
                                                                                                                              
   [ ] Show PGP fingerprints for keys                                                                                         
                                                                                                                              
   [ ] Only return exact matches                                                                                              
     ________________________________________________________________________________________________________________         
                                                                                                                              
   Submit a key Enter ASCII-armored PGP key here:                                                                             
                                                                                                                              
                                                                                                                              
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
   __________________________________________________________________                                                         
                                                                                                                              
   Clear Submit this key to the keyserver!                                                                                    
     ________________________________________________________________________________________________________________         
                                                                                                                              
   Remove a key Search String: ________________________________________ Remove the key!                                       
     ________________________________________________________________________________________________________________   

13

Re: Anacron job 'cron.weekly'

 doas pacman -Sy gnupg hyperbola-keyring
:: Synchronizing package databases...
 core is up to date
 extra is up to date
warning: gnupg-stable-2.2.27-3 is up to date -- reinstalling
warning: hyperbola-keyring-20201208-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) gnupg-stable-2.2.27-3  hyperbola-keyring-20201208-1

Total Installed Size:  10.80 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] Y
(2/2) checking keys in keyring                                              [###########################################] 100%
downloading required keys...
error: key "5AA99D86E1AC7510" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

14

Re: Anacron job 'cron.weekly'

You should deactivate the key-approval for within your pacman.conf and activate that afterwards when all is working again. Using SigLevel = Never for all repositories for the time being.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

15

Re: Anacron job 'cron.weekly'

ok, thanks throgh

16

Re: Anacron job 'cron.weekly'

After the rework and possible solution: Perhaps the tipp of heckyel can support here also. Mentioning that link: https://issues.hyperbola.info/index.php … sk_id=1601

It would be fine when we have a good solution for those problems. And therefore I have great interest also not only in supporting, but solving those kind of issues.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

17

Re: Anacron job 'cron.weekly'

dirmngr --debug-level guru
dirmngr[21989]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[21989.0]: permanently loaded certificates: 126
dirmngr[21989.0]:     runtime cached certificates: 0
dirmngr[21989.0]:            trusted certificates: 126 (125,0,0,1)
dirmngr[21989.0]: DBG: chan_3 -> # Home: /root/.gnupg
# Home: /root/.gnupg
dirmngr[21989.0]: DBG: chan_3 -> # Config: /root/.gnupg/dirmngr.conf
# Config: /root/.gnupg/dirmngr.conf
dirmngr[21989.0]: DBG: chan_3 -> OK Dirmngr 2.2.27 at your service
OK Dirmngr 2.2.27 at your service
dirmngr < /dev/null
dirmngr[22010.0]: permanently loaded certificates: 126
dirmngr[22010.0]:     runtime cached certificates: 0
dirmngr[22010.0]:            trusted certificates: 126 (125,0,0,1)
# Home: /root/.gnupg
# Config: /root/.gnupg/dirmngr.conf
OK Dirmngr 2.2.27 at your service

nothing changes

18

Re: Anacron job 'cron.weekly'

Well, than I can only recommend to deactivate the key-approval for now. I take the error further and ask for more notes. For sure everyone in the community is invited to look also here and support.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

19

Re: Anacron job 'cron.weekly'

The problem with the keys happens too often, and I think that Hyperbola has to change the management of the packages with something less chaotic and more centralized. There are too many changes in a distro that is innovating to waste time every two months with expired keys or servers turned off.

20

Re: Anacron job 'cron.weekly'

Sorry, but this is a thing we can only - and I mean for sure ONLY - with MORE support. I don't want to do any kind of fingerpointing, but besides all: We are just a small team and we don't get enough support, meaning with tests, documentation and also monetary parts. We cannot afford managing the whole own and selfhosted infrastructure with that kind of backend being wished.

You are for sure right in many parts, but nevertheless: The reality is quite different therefore and we do the best we can with that amount we have for now. If there should be a change: We need support. Not meaning all monetary, also more ideas and people giving time for realizing them.

And to get a central point here: The internet is of NONE solution! I can only motivate everyone to think about those structures like key-signing for example, but also package-hosting. There are costs to be managed when hosting fileservers for transmitting for example and to think there "will be always some solution" is to be honest absolute irreal. Not meaning you for sure, but the general opinion and to say it clear, people: The global network CAN forget and remove data and files without having any kind of possible way getting them back.
Taking the example of vanished distributions and systems: Most of them are not only no longer there, there is no way to get the files back or rebuild them. So the first thing for all here: Make a backup of all files Hyperbola is using. You could be able to run Hyperbola GNU/Linux-libre more or less for many years to come local without any kind of problem.

So the best or perhaps most inclusive way: Let's think together which problems are there and how to solve them. If there are enough people here thinking we can discuss that for sure. But the point also stays: Servers and hosting infrastructure cost money. And this does not mean Hyperbola is going to vanish. It is just that: Technical emancipation means also having insights in own data and being into full control of them.

Going only for "this is someone else's problem" result just in the opposite and good systems, good programs and projects vanished. Again: This was not said here. smile But there are other parts and comments like "Building a system like Hyperbola is just easy, taking the scripts and go for it." or "Hyperbola is just a clone from Arch GNU/Linux" ... you name it and can be found also here in the forums (https://forums.hyperbola.info/viewtopic … =4471#p447). The generic problem is way more beyond but for sure also unneeded stigmata given to this system: It is not seen how much time is needed to review the code, search for the licensing and correct it when packaging does not have it elsewhere. We have done much work looking for the same ways Debian has already done so far. And we are not even at the point to mention the inclusion and patching of Xenocara, Sndio and LibreSSL So I can only motivate everyone looking beyond the curtain, having a good and interesting time with us here for sure, being invited to communicate and discuss ideas also for solving points as Hyperbola was always a community-driven system and will stay that way for sure.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!