apt-key fails behind proxy












4















Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d

Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.



Example: 



$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com  

gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved   

gpg: no valid OpenPGP data found


Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.

So they say the problem is on the keyserver side and they are not willing to do anything on their side.

I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.



Trace gotten from zscaler proxy support : 



GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0  

Cache-Control: no-cache  

Pragma: no-cache  

Connection: Close  

X-Forwarded-For: 62.180.121.22*


Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error



HTTP/1.0 400 Bad Request  

Server: squid/3.1.19  

Mime-Version: 1.0  

Date: Mon, 09 Mar 2015 09:39:47 GMT  

Content-Type: text/html  

Content-Length: 3346  

X-Squid-Error: ERR_INVALID_URL 0  

Vary: Accept-Language  

Content-Language: en  

X-Cache: MISS from cassava.canonical.com  

X-Cache-Lookup: NONE from cassava.canonical.com:11371  

Via: 1.0 cassava.canonical.com (squid/3.1.19)  

Connection: close*





networking apt proxy







share|improve this question

























  • Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

    – s1mmel
    May 19 '18 at 13:07


















4















Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d

Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.



Example: 



$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com  

gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved   

gpg: no valid OpenPGP data found


Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.

So they say the problem is on the keyserver side and they are not willing to do anything on their side.

I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.



Trace gotten from zscaler proxy support : 



GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0  

Cache-Control: no-cache  

Pragma: no-cache  

Connection: Close  

X-Forwarded-For: 62.180.121.22*


Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error



HTTP/1.0 400 Bad Request  

Server: squid/3.1.19  

Mime-Version: 1.0  

Date: Mon, 09 Mar 2015 09:39:47 GMT  

Content-Type: text/html  

Content-Length: 3346  

X-Squid-Error: ERR_INVALID_URL 0  

Vary: Accept-Language  

Content-Language: en  

X-Cache: MISS from cassava.canonical.com  

X-Cache-Lookup: NONE from cassava.canonical.com:11371  

Via: 1.0 cassava.canonical.com (squid/3.1.19)  

Connection: close*





networking apt proxy







share|improve this question

























  • Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

    – s1mmel
    May 19 '18 at 13:07
















4












4








4








Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d

Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.



Example: 



$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com  

gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved   

gpg: no valid OpenPGP data found


Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.

So they say the problem is on the keyserver side and they are not willing to do anything on their side.

I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.



Trace gotten from zscaler proxy support : 



GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0  

Cache-Control: no-cache  

Pragma: no-cache  

Connection: Close  

X-Forwarded-For: 62.180.121.22*


Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error



HTTP/1.0 400 Bad Request  

Server: squid/3.1.19  

Mime-Version: 1.0  

Date: Mon, 09 Mar 2015 09:39:47 GMT  

Content-Type: text/html  

Content-Length: 3346  

X-Squid-Error: ERR_INVALID_URL 0  

Vary: Accept-Language  

Content-Language: en  

X-Cache: MISS from cassava.canonical.com  

X-Cache-Lookup: NONE from cassava.canonical.com:11371  

Via: 1.0 cassava.canonical.com (squid/3.1.19)  

Connection: close*





networking apt proxy







share|improve this question
















Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d

Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.



Example: 



$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com  

gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved   

gpg: no valid OpenPGP data found


Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.

So they say the problem is on the keyserver side and they are not willing to do anything on their side.

I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.



Trace gotten from zscaler proxy support : 



GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0  

Cache-Control: no-cache  

Pragma: no-cache  

Connection: Close  

X-Forwarded-For: 62.180.121.22*


Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error



HTTP/1.0 400 Bad Request  

Server: squid/3.1.19  

Mime-Version: 1.0  

Date: Mon, 09 Mar 2015 09:39:47 GMT  

Content-Type: text/html  

Content-Length: 3346  

X-Squid-Error: ERR_INVALID_URL 0  

Vary: Accept-Language  

Content-Language: en  

X-Cache: MISS from cassava.canonical.com  

X-Cache-Lookup: NONE from cassava.canonical.com:11371  

Via: 1.0 cassava.canonical.com (squid/3.1.19)  

Connection: close*





networking apt proxy




networking apt proxy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 18 '15 at 14:24









muru

1




1










asked Mar 18 '15 at 13:38









user333869user333869

818




818













  • Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

    – s1mmel
    May 19 '18 at 13:07





















  • Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

    – s1mmel
    May 19 '18 at 13:07



















Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

– s1mmel
May 19 '18 at 13:07







Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1

– s1mmel
May 19 '18 at 13:07












1 Answer
1






active

oldest

votes


















0














Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment. 



 apt-key --recv-keys 36A1D78           // may fail with firewall


A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this



sudo apt-key add key.txt


This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by



apt-key list|more



You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f598286%2fapt-key-fails-behind-proxy%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Since its an old post, I'll keep the answer short.
    The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment. 



     apt-key --recv-keys 36A1D78           // may fail with firewall


    A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this



    sudo apt-key add key.txt


    This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by



    apt-key list|more



    You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.






    share|improve this answer




























      0














      Since its an old post, I'll keep the answer short.
      The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment. 



       apt-key --recv-keys 36A1D78           // may fail with firewall


      A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this



      sudo apt-key add key.txt


      This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by



      apt-key list|more



      You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.






      share|improve this answer


























        0












        0








        0







        Since its an old post, I'll keep the answer short.
        The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment. 



         apt-key --recv-keys 36A1D78           // may fail with firewall


        A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this



        sudo apt-key add key.txt


        This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by



        apt-key list|more



        You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.






        share|improve this answer













        Since its an old post, I'll keep the answer short.
        The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment. 



         apt-key --recv-keys 36A1D78           // may fail with firewall


        A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this



        sudo apt-key add key.txt


        This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by



        apt-key list|more



        You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 25 at 13:39









        CatManCatMan

        562522




        562522






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f598286%2fapt-key-fails-behind-proxy%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Image
            0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
            Read more

            Mangá

            Image
              Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
            Read more

             ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

            ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
            Read more