FS#26487 : [pacman 4.0]Changing keyserver in /etc/pacman.d/gnupg/gpg.conf in order to fix slow add keys

FS#26487 - [pacman 4.0]Changing keyserver in /etc/pacman.d/gnupg/gpg.conf in order to fix slow add keys

Attached to Project: Pacman
Opened by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 16:07 GMT
Last edited by Allan McRae (Allan) - Sunday, 22 April 2012, 10:36 GMT

Task Type	Support Request
Category	Scripts & Tools
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version	4.0.0
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	5 Sven-Hendrik Haase (Svenstaro) (2012-01-19) ifaigios (ifaigios) (2011-10-19) Jason William Walton (jasonww) (2011-10-18) Sverd Johnsen (sjohnsen) (2011-10-18) Frederic Bezies (fredbezies) (2011-10-17)
Private	No

Details

Description: Using pacman 4.0-2 from testing, I noticed that adding some keys can be very slow.

It can be fixed by changing keyserver to hkp://pgp.mit.edu.

Additional info:
pacman 4.0-2

Steps to reproduce:
Just upgrade pacman, and wait for upgrades which needs new keys. If you use default keyserver, you could wait up to 2 minutes :(

This task depends upon

Closed by Allan McRae (Allan)
Sunday, 22 April 2012, 10:36 GMT
Reason for closing: Fixed

Comment by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 16:08 GMT

For keyserver, follow the tip found here : https://bbs.archlinux.org/viewtopic.php?pid=1004399#p1004399

Comment by Allan McRae (Allan) - Monday, 17 October 2011, 21:15 GMT

I experience the exact opposite. The default is really fast for me and the mit one is slow. Can not satisfy everyone...

Comment by Frederic Bezies (fredbezies) - Monday, 17 October 2011, 21:30 GMT

Just an idea : provide some infos like : "If you experience slowness when adding keys, just modify keyserver in..." adding keyserver id.

What about this ? Because default keyserver is very slow for me. Well, just an idea, nothing more :)

Comment by Jason William Walton (jasonww) - Tuesday, 18 October 2011, 10:59 GMT

Please evaluate if multiple keyservers can be used and if it uses fallback when the default doesn't work. I have serious problems with gnupg.net to the extend that it just doesn't work _at all_.

Comment by ifaigios (ifaigios) - Wednesday, 19 October 2011, 15:46 GMT

I experience the same behaviour -- keys.gnupg.net is _very_ slow and even unusable a lot of times, while pgp.mit.edu gets the job done quickly and effectively. I don't know if the problem has to do with my location relative the GPG server, but, just to mention this, I live in Greece.

Comment by Allan McRae (Allan) - Saturday, 10 December 2011, 10:29 GMT

I note that "pacman-key --init" now adds a default timeout of 10sec when it generates this config file.

Can someone test whether adding a second keyserver in the config file results in the second one being used once the first times out?

Comment by Sverd Johnsen (sjohnsen) - Saturday, 10 December 2011, 13:11 GMT

Doesn't seem to work. Single line, multiple lines - nothing.

Google delivers:
https://bugs.g10code.com/gnupg/issue1038

Comment by Sven-Hendrik Haase (Svenstaro) - Thursday, 19 January 2012, 18:01 GMT

I'm seeing the same issue with 5 different machines at 5 different locations in Germany. The default keyserver is totally unusable (and apparently also uses geo-ip stuff). The proposed gpg.mit.edu server works wonderfully, though. I also support making that one the default instead.

Comment by Allan McRae (Allan) - Sunday, 22 April 2012, 10:36 GMT

Default keyserver changed to hkp://pool.sks-keyservers.net with pacman-4.0.3 which appears one of the more stable alternatives... If you want specifying multiple gnupg keyservers, follow up with gnupg upstream.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#26487 - [pacman 4.0]Changing keyserver in /etc/pacman.d/gnupg/gpg.conf in order to fix slow add keys

Details

Loading...