Skip to main content
Unix & Linux

Return to Revisions

1 of 4
ToffeeYogurtPots
ToffeeYogurtPots
  • 175
  • 1
  • 2
  • 7

Parabola (Arch-like) - "pacman-key --refresh-keys" fails with "gpg: keyserver refresh failed: Permission denied"

I run Parabola (a derivative of Arch Linux that blacklists non-free software and adds a lot of other software). In addition, my system uses runit as its init system and OpenRC as its service manager if that makes any difference.

I'm currently having issues with installing a package due to a missing key. My first plan was to updating my keyring however "pacman-key --refresh-keys" fails:

[user@hostname ~]$ sudo pacman-key --refresh-keys gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated from a keyserver.

Also tried running it under "su".

[user@hostname ~]$ su Password: [root@hostname user]# pacman-key --refresh-keys gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated from a keyserver.

Tried running dirmngr manually to see if there are any errors.

[user@hostname ~]$ sudo dirmngr < /dev/null dirmngr[25316]: error opening '/root/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[25316.0]: permanently loaded certificates: 141 dirmngr[25316.0]: runtime cached certificates: 0 dirmngr[25316.0]: trusted certificates: 141 (140,0,0,1) # Home: /root/.gnupg # Config: [none] OK Dirmngr 2.2.3 at your service

I noticed the "error opening '/root/.gnupg/dirmngr_ldapservers.conf'" which had been mentioned on the Arch Linux forums. So I created a blank "/root/.gnupg/dirmngr_ldapservers.conf" and ran dirmngr again. I also get a similar error if I run dirmngr without sudo so I created a blank "/home/user/.gnupg/dirmngr_ldapservers.conf" too.

[user@hostname ~]$ sudo dirmngr < /dev/null dirmngr[28763.0]: permanently loaded certificates: 141 dirmngr[28763.0]: runtime cached certificates: 0 dirmngr[28763.0]: trusted certificates: 141 (140,0,0,1) # Home: /root/.gnupg # Config: [none] OK Dirmngr 2.2.3 at your service [user@hostname ~]$ dirmngr < /dev/null dirmngr[32757.0]: permanently loaded certificates: 141 dirmngr[32757.0]: runtime cached certificates: 0 dirmngr[32757.0]: trusted certificates: 141 (140,0,0,1) # Home: /home/user/.gnupg # Config: [none] OK Dirmngr 2.2.3 at your service

Removed both the ".gnupg" folders, ran "pacman-key --init" and then tried "pacman-key --refresh-keys".

[user@hostname ~]$ sudo rm -rf /root/.gnupg [user@hostname ~]$ sudo rm -rf /home/user/.gnupg [user@hostname ~]$ sudo pacman-key --init [user@hostname ~]$ sudo pacman-key --refresh-keys gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated from a keyserver

After removing both ".gnupg" directories I ran dirmngr again.

[user@hostname ~]$ dirmngr --debug-level guru dirmngr[18151]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog dirmngr[18151]: error opening '/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory dirmngr[18151.0]: permanently loaded certificates: 141 dirmngr[18151.0]: runtime cached certificates: 0 dirmngr[18151.0]: trusted certificates: 141 (140,0,0,1) dirmngr[18151.0]: failed to open cache dir file '/home/user/.gnupg/crls.d/DIR.txt': No such file or directory dirmngr[18151.0]: creating directory '/home/user/.gnupg' dirmngr[18151.0]: creating directory '/home/user/.gnupg/crls.d' dirmngr[18151.0]: new cache dir file '/home/user/.gnupg/crls.d/DIR.txt' created dirmngr[18151.0]: DBG: chan_3 -> # Home: /home/user/.gnupg # Home: /home/user/.gnupg dirmngr[18151.0]: DBG: chan_3 -> # Config: [none] # Config: [none] dirmngr[18151.0]: DBG: chan_3 -> OK Dirmngr 2.2.3 at your service OK Dirmngr 2.2.3 at your service

And now I'm completely stuck. I suspected there might be some kind of permissions issue with a file needed by GPG but given that I've deleted both ".gnupg" directories and that they've been regenerated I don't see what's wrong.

I've also tried everything on this wiki page: https://wiki.parabola.nu/Parabola_Keyring everything worked including the "sudo pacman-key --populate archlinux archlinux32 archlinuxarm parabola" command but "pacman-key --refresh-keys" still gave me the permissions error.

ToffeeYogurtPots
  • 175
  • 1
  • 2
  • 7