snippetMinor
How to avoid the flakyness that comes with "gpg --recv-key"?
Viewed 0 times
thegpghowrecvwithavoidthatcomesflakynesskey
Problem
If you want to verify a signature of a downloaded file with gpg, you first have to import the key. Unfortunately, this operation is extremely slow and flaky in practice.
For example, here I tried it out:
The first run failed. When I repeated, it took very long but eventually succeeded. Especially, in a CI environment, it breaks a lot, that is why I am looking for alternatives.
Question:
For example, here I tried it out:
$ gpg --keyserver pgpkeys.mit.edu --recv-key A0E98066
gpg: keyserver receive failed: No data
$ gpg --keyserver pgpkeys.mit.edu --recv-key A0E98066
gpg: key B550E09EA0E98066: public key "Yichun Zhang (agentzh) " imported
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 14 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 14u
gpg: next trustdb check due at 2019-01-13
gpg: Total number processed: 1
gpg: imported: 1The first run failed. When I repeated, it took very long but eventually succeeded. Especially, in a CI environment, it breaks a lot, that is why I am looking for alternatives.
Question:
- How do you avoid the dependence to the remote keyserver?
- Is there an easy way to export the key as a file and use it later to import it in the CI environment without making a request to the keyserver?
Solution
Download the key once:
Then later you can import the key without having to access the keyserver:
gpg --keyserver pgpkeys.mit.edu --recv-key A0E98066
gpg --export A0E98066 > openresty-agentzh-A0E98066.gpgThen later you can import the key without having to access the keyserver:
gpg --import openresty-agentzh-A0E98066.gpgCode Snippets
gpg --keyserver pgpkeys.mit.edu --recv-key A0E98066
gpg --export A0E98066 > openresty-agentzh-A0E98066.gpggpg --import openresty-agentzh-A0E98066.gpgContext
StackExchange DevOps Q#3966, answer score: 4
Revisions (0)
No revisions yet.