apt-key fails behind proxy
Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d
Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.
Example:
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved
gpg: no valid OpenPGP data found
Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.
So they say the problem is on the keyserver side and they are not willing to do anything on their side.
I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.
Trace gotten from zscaler proxy support :
GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
X-Forwarded-For: 62.180.121.22*
Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error
HTTP/1.0 400 Bad Request
Server: squid/3.1.19
Mime-Version: 1.0
Date: Mon, 09 Mar 2015 09:39:47 GMT
Content-Type: text/html
Content-Length: 3346
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from cassava.canonical.com
X-Cache-Lookup: NONE from cassava.canonical.com:11371
Via: 1.0 cassava.canonical.com (squid/3.1.19)
Connection: close*
networking apt proxy
edited Mar 18 '15 at 14:24
muru
1
asked Mar 18 '15 at 13:38
user333869user333869
818
add a comment |
Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d
Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.
Example:
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved
gpg: no valid OpenPGP data found
Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.
So they say the problem is on the keyserver side and they are not willing to do anything on their side.
I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.
Trace gotten from zscaler proxy support :
GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
X-Forwarded-For: 62.180.121.22*
Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error
HTTP/1.0 400 Bad Request
Server: squid/3.1.19
Mime-Version: 1.0
Date: Mon, 09 Mar 2015 09:39:47 GMT
Content-Type: text/html
Content-Length: 3346
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from cassava.canonical.com
X-Cache-Lookup: NONE from cassava.canonical.com:11371
Via: 1.0 cassava.canonical.com (squid/3.1.19)
Connection: close*
networking apt proxy
edited Mar 18 '15 at 14:24
muru
1
asked Mar 18 '15 at 13:38
user333869user333869
818
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07
add a comment |
Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d
Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.
Example:
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved
gpg: no valid OpenPGP data found
Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.
So they say the problem is on the keyserver side and they are not willing to do anything on their side.
I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.
Trace gotten from zscaler proxy support :
GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
X-Forwarded-For: 62.180.121.22*
Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error
HTTP/1.0 400 Bad Request
Server: squid/3.1.19
Mime-Version: 1.0
Date: Mon, 09 Mar 2015 09:39:47 GMT
Content-Type: text/html
Content-Length: 3346
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from cassava.canonical.com
X-Cache-Lookup: NONE from cassava.canonical.com:11371
Via: 1.0 cassava.canonical.com (squid/3.1.19)
Connection: close*
networking apt proxy
edited Mar 18 '15 at 14:24
muru
1
asked Mar 18 '15 at 13:38
user333869user333869
818
Our company uses a filtering proxy which is setup correctly in /etc/environment and apt.conf.d
Regular internet access via http and https work but if I try to import a pgp key from keyserver.ubuntu.com it fails.
Example:
$ apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9
gpg: requesting key A88D21E9 from hkp server keyserver.ubuntu.com
gpgkeys: key 36A1D7869245C8950F966E92D8576A8BA88D21E9 can't be retrieved
gpg: no valid OpenPGP data found
Support says, that they found that the keyserver is not accepting a HTTP/1.0 header (see below) although the HTTP/1.0 is a valid request.
So they say the problem is on the keyserver side and they are not willing to do anything on their side.
I cannot really judge if that is true and I can also not find any contact for the Ubuntu keyserver to get a statement from, so I am stuck.
Trace gotten from zscaler proxy support :
GET /pks/lookup?op=get&options=mr&search=0x36A1D7869245C8950F966E92D8576A8BA88D21E9 HTTP/1.0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
X-Forwarded-For: 62.180.121.22*
Although this request is valid from RFC point of view, the server is denying it with a 400 Bad Request error
HTTP/1.0 400 Bad Request
Server: squid/3.1.19
Mime-Version: 1.0
Date: Mon, 09 Mar 2015 09:39:47 GMT
Content-Type: text/html
Content-Length: 3346
X-Squid-Error: ERR_INVALID_URL 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from cassava.canonical.com
X-Cache-Lookup: NONE from cassava.canonical.com:11371
Via: 1.0 cassava.canonical.com (squid/3.1.19)
Connection: close*
networking apt proxy
networking apt proxy
edited Mar 18 '15 at 14:24
muru
1
asked Mar 18 '15 at 13:38
user333869user333869
818
edited Mar 18 '15 at 14:24
muru
1
asked Mar 18 '15 at 13:38
user333869user333869
818
edited Mar 18 '15 at 14:24
muru
1
edited Mar 18 '15 at 14:24
muru
1
edited Mar 18 '15 at 14:24
muru
1
1
asked Mar 18 '15 at 13:38
user333869user333869
818
asked Mar 18 '15 at 13:38
user333869user333869
818
asked Mar 18 '15 at 13:38
user333869user333869
818
818
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07
add a comment |
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07
add a comment |
1 Answer
1
active
oldest
votes
Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment.
apt-key --recv-keys 36A1D78 // may fail with firewall
A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this
sudo apt-key add key.txt
This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by
apt-key list|more
You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.
answered Feb 25 at 13:39
CatManCatMan
562522
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f598286%2fapt-key-fails-behind-proxy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment.
apt-key --recv-keys 36A1D78 // may fail with firewall
A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this
sudo apt-key add key.txt
This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by
apt-key list|more
You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.
answered Feb 25 at 13:39
CatManCatMan
562522
add a comment |
Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment.
apt-key --recv-keys 36A1D78 // may fail with firewall
A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this
sudo apt-key add key.txt
This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by
apt-key list|more
You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.
answered Feb 25 at 13:39
CatManCatMan
562522
add a comment |
Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment.
apt-key --recv-keys 36A1D78 // may fail with firewall
A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this
sudo apt-key add key.txt
This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by
apt-key list|more
You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.
answered Feb 25 at 13:39
CatManCatMan
562522
Since its an old post, I'll keep the answer short.
The apt-key command option "--recv-keys" uses a non HTTP/HTTPS port to access the key server. Thus it may fail in a firewall environment.
apt-key --recv-keys 36A1D78 // may fail with firewall
A solution is to copy the actual GPG key manually into a textfile, say key.txt and use apt-key like this
sudo apt-key add key.txt
This will add the ascii key in binary form to the /etc/apt/trusted.gpg file. You can check if its there by
apt-key list|more
You shoudl see the key '36A1D78' listed. Fore the "actual GPG" key goto the launchpad.net webstite of the PPA and click on the "Signing key" link until you are in a page with the key in ASCII form.
answered Feb 25 at 13:39
CatManCatMan
562522
answered Feb 25 at 13:39
CatManCatMan
562522
answered Feb 25 at 13:39
CatManCatMan
562522
answered Feb 25 at 13:39
CatManCatMan
562522
562522
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f598286%2fapt-key-fails-behind-proxy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is virtual hosting enabled? check your squid config for the line http_port XXXX and add vhost behind it, if it is not there. Also the config of the squid server would be helpful. FYI squid 3.1.X is a reverse proxy with http1.0 whereas in >3.2.X this option has to be omitted, because starting with this squid version it's a reverse proxy with http1.1
– s1mmel
May 19 '18 at 13:07