Ubuntu

keyserver.ubuntu.com is serving keys with no newline at the end of the file

Asked by Ray Kivisto

The Mono project is encountering an issue where keyserver.ubuntu.com is serving GPG keys that are missing a newline at the end of the file, so the key is not able to be used by "rpm --import key":

https://github.com/mono/mono/issues/15955

It seems that the Mono project key is not the only one that is encountering this issue, I also get this problem with CloudBees GPG key (https://go.cloudbees.com/docs/cloudbees-core/traditional-install-guide/installing-operations-center/#installing-on-red-hat-centos-fedora-or-amazon-linux-2):

$ docker run -ti centos:7 bash
[root@f0cd61ab612b /]# curl "https://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x38E2F5F39FF90BDA" -okey
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 2443 0 2443 0 0 3853 0 --:--:-- --:--:-- --:--:-- 3853
[root@f0cd61ab612b /]# rpm --import key
error: key: key 1 not an armored public key.
[root@f0cd61ab612b /]# sed -i -e '$a\' key
[root@f0cd61ab612b /]# rpm --import key
[root@f0cd61ab612b /]#

Does anyone know if there were recent changes to keyserver.ubuntu.com?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Ray Kivisto
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Is this specific to keyserver.ubuntu.com, or do you see the same issue also with other key servers?
(e.g. one of these: pool.sks-keyservers.net keys.gnupg.net )

Revision history for this message
Ray Kivisto (ray-kivisto) said : 		#2

I'm encountering a 504 Gateway timeout on http://keys.gnupg.net, and "Error handling request" on http://pool.sks-keyservers.net when simply trying to search for a key on their site using my browser, but I checked CloudBees and Mono project's own servers, and they work.

The CloudBees key hosted on their own site works fine:

~ $ docker run -ti centos:7 bash
[root@266e2642250e /]# rpm --import https://downloads.cloudbees.com/cloudbees-core/traditional/client-master/rolling/rpm/cloudbees.com.key
[root@266e2642250e /]#
[root@266e2642250e /]# exit
~ $ docker run -ti centos:7 bash
[root@7d76a2a44343 /]# curl https://downloads.cloudbees.com/cloudbees-core/traditional/client-master/rolling/rpm/cloudbees.com.key -okey
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 1727 100 1727 0 0 4496 0 --:--:-- --:--:-- --:--:-- 4497
[root@7d76a2a44343 /]# rpm --import key
[root@7d76a2a44343 /]#

Also the Mono project key hosted on their own server works as well
https://www.mono-project.com/download/stable/#download-lin-centos

~ $ docker run -ti centos:7 bash
[root@299975885bb9 /]# curl "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef" -okey
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 3189 100 3189 0 0 12350 0 --:--:-- --:--:-- --:--:-- 12408
[root@299975885bb9 /]# rpm --import key
[root@299975885bb9 /]#

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

Did you try the same key as the one that failed from keyserver,ubuntu.com also from a different key server?

Revision history for this message
Ray Kivisto (ray-kivisto) said : 		#4

Closing for now, will possibly re-open after I do further validation that the keys being served are up to date on both key servers.