Gentoo Archives: gentoo-user

From: Stefano Crocco <posta@×××××××××××××.it>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: emerge --sync: problem refreshing keys
Date: Fri, 19 Jul 2019 19:02:51
Message-Id: 1961322.MQrLvghuST@linux
In Reply to: [gentoo-user] Re: emerge --sync: problem refreshing keys by Ian Zimmerman
1 On venerdì 19 luglio 2019 18:21:46 CEST Ian Zimmerman wrote:
2 > On 2019-07-18 19:42, Stefano Crocco wrote:
3 > > Hello to everyone,
4 > > since yesterday emerge --sync fails because it can't refresh keys. The
5 > > messages I get are:
6 > >
7 > > Syncing repository 'gentoo' into '/usr/portage'...
8 > >
9 > > * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
10 > > * Refreshing keys via WKD ... [ !! ]
11 > > * Refreshing keys from keyserver hkps://keys.gentoo.org ...OpenPGP
12 > > keyring
13 > >
14 > > refresh failed:
15 > > gpg: refreshing 4 keys from hkps://keys.gentoo.org
16 > > gpg: keyserver refresh failed: No keyserver available
17 > >
18 > > OpenPGP keyring refresh failed:
19 > > gpg: refreshing 4 keys from hkps://keys.gentoo.org
20 > > gpg: keyserver refresh failed: No keyserver available
21 >
22 > Perhaps something to do with this?
23 >
24 > https://www.bleepingcomputer.com/news/security/public-certificate-poisoning->
25 can-break-some-openpgp-implementations/
26 >
27 > Aside:
28 > I have already switched my personal gpg configuration to use the new
29 > isolated keyserver.
30
31 Thanks for the answer. I'd heard of this attack and read this [1] article on
32 gentoo.org. From what I understand, it said that in theory there shouldn't be
33 problems when syncing because "The gemato tool used to verify the Gentoo
34 ebuild repository uses WKD by default. During normal operation it should not
35 be affected by this vulnerability". Reading the article again, I now see it
36 also says that "In the worst case; Gentoo repository syncs will be slow or
37 hang" which, as you suggest, could very well be what's happened on my system.
38 Unfortunately, the article doesn't say what to do if this happens.
39
40 Tomorrow I'll try investigating more.
41
42 Stefano
43
44 [1] https://www.gentoo.org/news/2019/07/03/sks-key-poisoning.html

Replies

Subject Author
Re: [gentoo-user] Re: emerge --sync: problem refreshing keys Stefano Crocco <posta@×××××××××××××.it>