我多年来一直使用 gpg 来完成一些最小的事情(pass、yadm 等),我一直注意到的一件事是,当通过门户网站访问时,密钥服务器(mit、ubuntu 等)的响应时间很慢(搜索绝对需要时间)。永远)。
最近yay似乎在导入密钥时遇到了麻烦,No Name人们似乎经常遇到这个错误,解决方案始终是手动导入密钥。过去一周,这种情况在我身上发生过两次,分别是1password和spotify。我尝试研究长期解决方案而不是手动导入快捷方式,一个建议是手动设置密钥服务器/etc/pacman.d/gnupg/gpg.conf,但这并没有解决问题。我跑了pacman-key --refresh-keys一下,它成功了,但它似乎非常容易出错。这是最后的输出快照:
==> ERROR: Could not update key: B9113D1ED21E1A55
gpg: error retrieving 'pete@muddygoat.org' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'p.r.lewis@cs.bham.ac.uk' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'prlewis@letterboxes.org' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'plewis@aur.archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 6D1A9E70E19DAA50
gpg: error retrieving 'roman@archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 3A726C6170E80477
gpg: error retrieving 'schiv@archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 81AF739EC0711BF1
gpg: error retrieving 'speps@aur.archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving 'speps@gmx.com' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving 'speps@gmx.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: CF7037A4F27FB7DA
gpg: error retrieving 'l.jirkovsky@gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 73B8ED52F1D357C1
gpg: error retrieving 'stephane@archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: EA6836E1AB441196
gpg: error retrieving 'gostrc@gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 7FB1A3800C84C0A5
gpg: error retrieving 'danielmicay@gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'security@grapheneos.org' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'security@attestation.app' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving 'security@seamlessupdate.app' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'daniel.micay@grapheneos.org' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'daniel.micay@attestation.app' via WKD: No data
gpg: error reading key: No data
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving 'daniel.micay@seamlessupdate.app' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: F9E712E59AF5F22A
gpg: error retrieving 'teg@jklm.no' via WKD: Connection refused
gpg: error reading key: Connection refused
gpg: error retrieving 'teg@pps.jussieu.fr' via WKD: No name
gpg: error reading key: No name
gpg: error retrieving 'tomegun@archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: C8880A6406361833
gpg: error retrieving 'timothy.redaelli@gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: E711306E3C4F88BC
gpg: error retrieving 'atsutane@freethoughts.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 't.toepper@gmx.de' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'atsutane@freethoughts.de' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 39E4F17F295AFBF4
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: error retrieving 'vegai@iki.fi' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 097D629E437520BD
gpg: error retrieving 'xyne@archlinux.ca' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 5CED81B7C2E5C0D2
gpg: error retrieving 'baptiste@bitsofnetworks.org' via WKD: No data
gpg: error reading key: No data
gpg: error retrieving 'baptiste@jonglez.org' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 1F0CD4921ECAA030
gpg: key 4DC95B6D7BE9892E: "David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
pub ed25519 2021-04-26 [SC]
2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E
uid [ full ] David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>
sub cv25519 2021-04-26 [E]
gpg: key 25EA6900D9EA5EBC: "George Rawlinson <george@rawlinson.net.nz>" 1 new signature
gpg: Total number processed: 1
gpg: new signatures: 1
pub ed25519 2016-11-03 [C]
034D823DA2055BEE6A6BF0BB25EA6900D9EA5EBC
uid [ unknown] George Rawlinson <george@rawlinson.net.nz>
uid [ full ] George Rawlinson <grawlinson@archlinux.org>
sub ed25519 2016-11-03 [S]
sub ed25519 2016-11-04 [A]
sub cv25519 2016-11-04 [E]
gpg 和密钥服务器总是这样吗?手工进口只是生活的一部分吗?为什么这些密钥服务器如此不稳定?
请注意:Arch wiki 建议以下可能的问题:
但我每天都升级,我的ISP没有阻止任何端口(我可以手动导入),而且我的日期是正确的。我很确定我最近甚至清除了我的 pacman 和 yay 缓存(这似乎是人们实际上建议反对的)。看来这是密钥服务器本身不稳定的问题。
我错了,这是密钥服务器吗?如果不是的话,为什么它们如此参差不齐?如果我错了,我可以做些什么来改善我的 pacman/yay 体验,使其更顺畅并消除这些痛点。
您可能会遇到密钥服务器问题,至少对于某些密钥服务器而言。
\nWKD 本质上是不可靠的,或者至少是不可预测的:它需要您尝试从中获取密钥的每个域的支持,因此对于任何给定的用户 ID 集(电子邮件地址)来说,\xe2\x80\x99 失败的可能性比成功的可能性更大)来自各种域(如您的示例中的情况)。有些域拥有大量支持 WKD的 OpenPGP 用户(包括 Debian、Gentoo 和 Linux 内核),并且在这种情况下 WKD 有望发挥作用。
\nSKS 池已弃用,不应使用\xe2\x80\x99。看到sks-keyservers 消失了。用什么代替?以便可能的替代品。
\n根据我的经验,keys.openpgp.org这是可靠的,但有限,因为它仅提供已通过该服务确认其密钥的用户的密钥。麻省理工学院的密钥服务器长期以来可用性不稳定。
实际上,对于大多数最终需要 OpenPGP 密钥进行包验证的用户来说,最可靠的密钥服务器是发行版密钥服务器,对于那些维护自己的密钥服务器的发行版(例如Debian 或 Ubuntu)。这些几乎总是可触及且实用的;根据它们的目的,它们可能只有与分发相关的密钥,但它\xe2\x80\x99s总是值得尝试它们。
\n