Cannot upgrade dropbox, key issue

gpg
keyring
pamac
aur
upgrade

#1

Hi,
this is what happens trying to upgrade the dropbox package (AUR) using pamac:

...
==> Validating source_x86_64 files with sha256sums...
    dropbox-lnx.x86_64-64.4.141.tar.gz ... Passed
    dropbox-lnx.x86_64-64.4.141.tar.gz.asc ... Skipped
==> Verifying source file signatures with gpg...
    dropbox-lnx.x86_64-64.4.141.tar.gz ... FAILED (unknown public key FC918B335044912E)
==> ERROR: One or more PGP signatures could not be verified!

As @jonathon suggests in the FAQ AUR package fails to verify PGP/GPG key
I tried to add the key in my keyring, but fails with this error:

$ gpg --recv-key FC918B335044912E
gpg: keyserver receive failed: Server indicated a failure

Now I’m not sure how to deal with this, any advice?


#2

See if you define the server:
gpg --recv-key --keyserver hkp://pgp.mit.edu FC918B335044912E
or
gpg --recv-key --keyserver http://pgp.key-server.io FC918B335044912E

If doesn’t work, check the DNS or make a change to use 8.8.8.8 as DNS.


#3

Notice - these URLs are safe, but do not use random keyservers.

as to the DNS the suggested DNS above is google, but others are available too, such as 1.1.1.1 for cloudflare. (probably my first suggestion)

sometimes one or either of these can fix it.
sometimes, such as behind certain university networks or similar, you are simply blocked and that is an issue for your network administrator or ISP. We will hope it is not that. :slight_smile:

[PS - since this is marked as solution… apparently switching to cloudflare’s DNS solved the issue]
(https://1.1.1.1/)


#4

Didn’t expect a so fast reply! Thank you!
Specifying the server as you told me:

$ gpg --recv-key --keyserver hkp://pgp.mit.edu FC918B335044912E
gpg: keyserver receive failed: Server indicated a failure

$ gpg --recv-key --keyserver http://pgp.key-server.io FC918B335044912E
gpg: keyserver receive failed: Server indicated a failure

I’m using DHCP, my DNS seems to be fe80::1

$ nmcli dev show | grep DNS
IP6.DNS[1]:       fe80::1
$ cat /etc/resolv.conf 
nameserver fe80::1%enp3s2

Trying to ping the servers you gave me:

$ ping pgp.key-server.io
PING pgp.key-server.io (208.97.141.196) 56(84) bytes of data.
64 bytes from midorimatsu.com (208.97.141.196): icmp_seq=1 ttl=50 time=121 ms
64 bytes from midorimatsu.com (208.97.141.196): icmp_seq=2 ttl=50 time=121 ms
64 bytes from midorimatsu.com (208.97.141.196): icmp_seq=3 ttl=50 time=122 ms
64 bytes from midorimatsu.com (208.97.141.196): icmp_seq=4 ttl=50 time=121 ms
^C
--- pgp.key-server.io ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 121.157/121.433/122.045/0.556 ms

$ ping pgp.mit.edu
PING cryptonomicon.mit.edu (18.9.60.141) 56(84) bytes of data.
^C
--- cryptonomicon.mit.edu ping statistics ---
12 packets transmitted, 0 received, 100% packet loss, time 151ms

Then following your kind suggestione, I changed my DNS to 8.8.8.8:

$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver fe80::1%enp3s2

$ nslookup google.com
Server:		8.8.8.8
Address:	8.8.8.8#53

The preceding commands now give a different result:

$ gpg --recv-key --keyserver hkp://pgp.mit.edu FC918B335044912E
gpg: keyserver receive failed: No data

$ gpg --recv-key --keyserver http://pgp.key-server.io FC918B335044912E
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

So your indication about DNS has importance, but I’m still clueless


#5

There it is! Setting the DNS to 1.1.1.1 solved.

$ gpg --recv-key FC918B335044912E
gpg: key FC918B335044912E: 3 signatures not checked due to missing keys
gpg: key FC918B335044912E: public key "Dropbox Automatic Signing Key <linux@dropbox.com>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2019-04-16
gpg: Total number processed: 1
gpg:               imported: 1

Thank you both @cscs and @bogdancovaciu !


#6

Wow. I didnt expect that. But, nice. chalk that up as another win for 1.1.1.1
Note - secondary servers are 1.0.0.1, IPV6 addresses are available too.
See more here: https://1.1.1.1/


#7

Well, thank YOU :smiley:
Now i’ll make some test with this DNS.
Ans also i wonder i i didn’t had a typo when i put http:// instead of hkp:// :thinking: or in reverse …


#8

With 8.8.8.8 I didn’t try to give the command without specifying the server, maybe could have been worked. I tried to split the solution between you and @cscs but that’s not possible!
However, thank you again.


#9

Well, then i’ll mark your post as solution :wink:
Edit: i was a bit behind with the source of the DNS …
I put the rightful solution mark now :slight_smile:


#10

Learned something again, thank you.

Pi-Hole should write the IP behind the name :slight_smile:


#11

Hi guys,

I want to note that I was having the same issue as the original post while using OpenDNS as my DNS server, changing my DNS IP address to goggle’s (8.8.8.8) fixed the issue and I was able to upgrade dropbox. I love Manjaro 's friendly geeky community keep it up :+1:


#12

Glad you got it fixed as I was having the same issue but my was solved in a different way. What wrapper are you using for AUR? Because I was using yaourt until I saw that development for it has ended. When I installed and used yay to update dropbox, it asked if I wanted to download a new key and then it was able to update.

I never thought the DNS IP address would affect something like that though.


#13

Hi myndflyte,
I’m not using a wrapper at the moment I installed dropbox using git and pacman ($ git clone https://aur.archlinux.org/dropbox.git).