gpg 密钥服务器地址不可用
gpg keyserver address not available
如今在密钥服务器的帮助下通过 gnupg
验证下载的 tarball 的哈希和是一种很好的做法。根据我的经验,最常用的密钥服务器之一是 ha.pool.sks-keyservers.net
(报告添加了 500 万个密钥)。这个密钥服务器 gpg: keyserver receive failed: Address not available
.
经常出现以下错误
超级烦人。这只是 sks-keyservers.net
的问题吗?如果是这样,为什么人们继续使用它?
好像是通病,解决方法是使用多个密钥服务器。有一个简单的脚本,你可以怎么做 gpg_verify
:
#!/usr/bin/env bash
set -e
if [[ -n "${DEBUG}" ]]; then
set -x
fi
signature=""
file=""
found="";
declare -a keyservers=(
"ha.pool.sks-keyservers.net"
"hkp://keyserver.ubuntu.com:80"
"hkp://p80.pool.sks-keyservers.net:80"
"pgp.mit.edu"
)
export GNUPGHOME="$(mktemp -d)"
IFS=';' read -ra keys <<< "${GPG_KEYS}"
for key in "${keys[@]}"; do
for server in "${keyservers[@]}"; do
echo "Fetching GPG key ${key} from ${server}"
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "${key}" && found="yes" && break 2
done
done
if [[ -z "${found}" ]]; then
echo >&2 "error: failed to fetch GPG key ${GPG_KEYS}"
exit 1
fi
gpg --batch --verify "${signature}" "${file}"
rm -rf "${GNUPGHOME}" "${signature}"
用法:
export GPG_KEYS=[YOUR GPG KEY]
gpg_verify archive.tar.gz.asc archive.tar.gz
如今在密钥服务器的帮助下通过 gnupg
验证下载的 tarball 的哈希和是一种很好的做法。根据我的经验,最常用的密钥服务器之一是 ha.pool.sks-keyservers.net
(报告添加了 500 万个密钥)。这个密钥服务器 gpg: keyserver receive failed: Address not available
.
超级烦人。这只是 sks-keyservers.net
的问题吗?如果是这样,为什么人们继续使用它?
好像是通病,解决方法是使用多个密钥服务器。有一个简单的脚本,你可以怎么做 gpg_verify
:
#!/usr/bin/env bash
set -e
if [[ -n "${DEBUG}" ]]; then
set -x
fi
signature=""
file=""
found="";
declare -a keyservers=(
"ha.pool.sks-keyservers.net"
"hkp://keyserver.ubuntu.com:80"
"hkp://p80.pool.sks-keyservers.net:80"
"pgp.mit.edu"
)
export GNUPGHOME="$(mktemp -d)"
IFS=';' read -ra keys <<< "${GPG_KEYS}"
for key in "${keys[@]}"; do
for server in "${keyservers[@]}"; do
echo "Fetching GPG key ${key} from ${server}"
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "${key}" && found="yes" && break 2
done
done
if [[ -z "${found}" ]]; then
echo >&2 "error: failed to fetch GPG key ${GPG_KEYS}"
exit 1
fi
gpg --batch --verify "${signature}" "${file}"
rm -rf "${GNUPGHOME}" "${signature}"
用法:
export GPG_KEYS=[YOUR GPG KEY]
gpg_verify archive.tar.gz.asc archive.tar.gz