gpg 密钥服务器地址不可用

gpg keyserver address not available

如今在密钥服务器的帮助下通过 gnupg 验证下载的 tarball 的哈希和是一种很好的做法。根据我的经验,最常用的密钥服务器之一是 ha.pool.sks-keyservers.net(报告添加了 500 万个密钥)。这个密钥服务器 gpg: keyserver receive failed: Address not available.

经常出现以下错误

超级烦人。这只是 sks-keyservers.net 的问题吗?如果是这样,为什么人们继续使用它?

好像是通病,解决方法是使用多个密钥服务器。有一个简单的脚本,你可以怎么做 gpg_verify:

#!/usr/bin/env bash

set -e

if [[ -n "${DEBUG}" ]]; then
    set -x
fi

signature=""
file=""
found="";

declare -a keyservers=(
    "ha.pool.sks-keyservers.net"
    "hkp://keyserver.ubuntu.com:80"
    "hkp://p80.pool.sks-keyservers.net:80"
    "pgp.mit.edu"
)

export GNUPGHOME="$(mktemp -d)"

IFS=';' read -ra keys <<< "${GPG_KEYS}"

for key in "${keys[@]}"; do
    for server in "${keyservers[@]}"; do
        echo "Fetching GPG key ${key} from ${server}"
        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "${key}" && found="yes" && break 2
    done
done

if [[ -z "${found}" ]]; then
    echo >&2 "error: failed to fetch GPG key ${GPG_KEYS}"
    exit 1
fi

gpg --batch --verify "${signature}" "${file}"
rm -rf "${GNUPGHOME}" "${signature}"

用法:

export GPG_KEYS=[YOUR GPG KEY]
gpg_verify archive.tar.gz.asc archive.tar.gz