FS#26487 - [pacman 4.0]Changing keyserver in /etc/pacman.d/gnupg/gpg.conf in order to fix slow add keys

Attached to Project: Pacman
Opened by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 16:07 GMT
Last edited by Allan McRae (Allan) - Sunday, 22 April 2012, 10:36 GMT
Task Type Support Request
Category Scripts & Tools
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 4.0.0
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 5
Private No


Description: Using pacman 4.0-2 from testing, I noticed that adding some keys can be very slow.

It can be fixed by changing keyserver to hkp://pgp.mit.edu.

Additional info:
pacman 4.0-2

Steps to reproduce:
Just upgrade pacman, and wait for upgrades which needs new keys. If you use default keyserver, you could wait up to 2 minutes :(
This task depends upon

Closed by  Allan McRae (Allan)
Sunday, 22 April 2012, 10:36 GMT
Reason for closing:  Fixed
Comment by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 16:08 GMT
For keyserver, follow the tip found here : https://bbs.archlinux.org/viewtopic.php?pid=1004399#p1004399
Comment by Allan McRae (Allan) - Monday, 17 October 2011, 21:15 GMT
I experience the exact opposite. The default is really fast for me and the mit one is slow. Can not satisfy everyone...
Comment by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 21:30 GMT
Just an idea : provide some infos like : "If you experience slowness when adding keys, just modify keyserver in..." adding keyserver id.

What about this ? Because default keyserver is very slow for me. Well, just an idea, nothing more :)
Comment by Jason William Walton (jasonww) - Tuesday, 18 October 2011, 10:59 GMT
Please evaluate if multiple keyservers can be used and if it uses fallback when the default doesn't work. I have serious problems with gnupg.net to the extend that it just doesn't work _at all_.
Comment by ifaigios (ifaigios) - Wednesday, 19 October 2011, 15:46 GMT
I experience the same behaviour -- keys.gnupg.net is _very_ slow and even unusable a lot of times, while pgp.mit.edu gets the job done quickly and effectively. I don't know if the problem has to do with my location relative the GPG server, but, just to mention this, I live in Greece.
Comment by Allan McRae (Allan) - Saturday, 10 December 2011, 10:29 GMT
I note that "pacman-key --init" now adds a default timeout of 10sec when it generates this config file.

Can someone test whether adding a second keyserver in the config file results in the second one being used once the first times out?
Comment by Sverd Johnsen (sjohnsen) - Saturday, 10 December 2011, 13:11 GMT
Doesn't seem to work. Single line, multiple lines - nothing.

Google delivers:
Comment by Sven-Hendrik Haase (Svenstaro) - Thursday, 19 January 2012, 18:01 GMT
I'm seeing the same issue with 5 different machines at 5 different locations in Germany. The default keyserver is totally unusable (and apparently also uses geo-ip stuff). The proposed gpg.mit.edu server works wonderfully, though. I also support making that one the default instead.
Comment by Allan McRae (Allan) - Sunday, 22 April 2012, 10:36 GMT
Default keyserver changed to hkp://pool.sks-keyservers.net with pacman-4.0.3 which appears one of the more stable alternatives... If you want specifying multiple gnupg keyservers, follow up with gnupg upstream.