Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Questions about applications and software
Forum rules
Before you post please read how to get help
Post Reply
sashkello
Level 1
Level 1
Posts: 11
Joined: Wed Aug 14, 2013 6:57 pm

Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by sashkello »

Hello everyone!

I'm unable to add any ppa repositories through add-apt-repository.

Code: Select all

sudo add-apt-repository ppa:appimagelauncher-team/stable

You are about to add the following PPA:
 Latest stable version of AppImageLauncher for all Ubuntu flavours.

AppImageLaucher is a helper program that makes it easier to organise and update AppImages on Linux. Learn more at https://github.com/TheAssassin/AppImageLauncher.
 More info: https://launchpad.net/~appimagelauncher-team/+archive/ubuntu/stable
Press Enter to continue or Ctrl+C to cancel

Executing: /tmp/apt-key-gpghome.WrzdjyMshY/gpg.1.sh --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys ACD802F535B6F55D365285574AF9B16F75EF2FCA
gpg: keyserver receive failed: General error
I was able to add the repository successfully by running:

Code: Select all

sudo gpg  --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ACD802F535B6F55D365285574AF9B16F75EF2FCA
and then manually editing sources.list.d directory.

However, I'd like to fix it and not go through these hoops every time I need to install something. Any ideas?
sashkello
Level 1
Level 1
Posts: 11
Joined: Wed Aug 14, 2013 6:57 pm

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by sashkello »

OK, actually came to solution pretty much while typing the question... Just change the default keyserver url in /usr/lib/linuxmint/mintSources/mintSources.py to the one with hkp and port 80, and that fixed it!
caracal478
Level 2
Level 2
Posts: 75
Joined: Sun Feb 25, 2018 8:37 pm

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by caracal478 »

Could you be more specific about your change ?

And maybe somebody could tell us why in the world we would need to hack the python code to make this work properly ?

It seems very bad that you would have to do that...
chippywood
Level 2
Level 2
Posts: 63
Joined: Thu Mar 05, 2015 3:31 pm

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by chippywood »

I also encountered this problem. The issue is described here: https://unix.stackexchange.com/question ... -a-failure although the exact cause isn't clear to me (or perhaps to anyone else judging by the discussion). The answer for being behind a firewall works for me (that is, use non-SSL access) even though I'm not aware of being behind one, and I can't find a better solution than @sashkello's:

in mintSources.py, change line 216:

Code: Select all

"hkps://keyserver.ubuntu.com:443"
to

Code: Select all

"hkp://keyserver.ubuntu.com:80"
caracal478 wrote:
Wed Oct 13, 2021 1:26 am
And maybe somebody could tell us why in the world we would need to hack the python code to make this work properly ?
It seems very bad that you would have to do that...
Absolutely
hag6
Level 2
Level 2
Posts: 90
Joined: Mon Nov 04, 2019 9:32 am

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by hag6 »

I had a keyserver issue. I updated the kernel and it enabled me to install the ppa
evoludo
Level 1
Level 1
Posts: 1
Joined: Fri Dec 17, 2021 4:11 pm

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by evoludo »

Hi, found the source of the issue. TL;DR run this:

Code: Select all

sudo apt install ca-certificates
Root cause

add-apt-repository uses gpg for key verification. Running that part manually with gpg debug enabled yielded this:

Code: Select all

aindrea@aindrea-moixa:~$ gpg --debug-level guru --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 0x82D96E430A1F1C0F0502747E37B90EDD4E3EFAE4 
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/aindrea/.gnupg
gpg: DBG: chan_3 <- # Config: /home/aindrea/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.2.19 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.19
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkps://keyserver.ubuntu.com:443
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_GET -- 0x82D96E430A1F1C0F0502747E37B90EDD4E3EFAE4
gpg: DBG: chan_3 <- ERR 1 General error <Unspecified source>
gpg: keyserver receive failed: General error
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/65536 bytes in 0 blocks
Looks like something is upsetting dirmngr. Let's try talking to it directly:

Code: Select all

aindrea@abell-moixa:~$ dirmngr
dirmngr[35554]: No ldapserver file at: '/home/aindrea/.gnupg/dirmngr_ldapservers.conf'
dirmngr[35554.0]: permanently loaded certificates: 130
dirmngr[35554.0]:     runtime cached certificates: 0
dirmngr[35554.0]:            trusted certificates: 130 (129,0,0,1)
# Home: /home/aindrea/.gnupg
# Config: [none]
OK Dirmngr 2.2.19 at your service

GETINFO version
D 2.2.19
OK
KEYSERVER --clear hkps://keyserver.ubuntu.com:443
OK
KS_GET -- 0x82D96E430A1F1C0F0502747E37B90EDD4E3EFAE4
dirmngr[35554.0]: resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.9'
dirmngr[35554.0]: resolve_dns_addr for 'keyserver.ubuntu.com': '162.213.33.8'
dirmngr[35554.0]: number of system provided CAs: 129
dirmngr[35554.0]: TLS verification of peer failed: status=0x0402
dirmngr[35554.0]: TLS verification of peer failed: The certificate is NOT trusted. The certificate chain uses expired certificate. 
dirmngr[35554.0]: DBG: expected hostname: keyserver.ubuntu.com
dirmngr[35554.0]: DBG: BEGIN Certificate 'server[0]':
dirmngr[35554.0]: DBG:      serial: 045A9A2C575C05DA4F1C484839E098D2C524
dirmngr[35554.0]: DBG:   notBefore: 2021-10-10 03:20:36
dirmngr[35554.0]: DBG:    notAfter: 2022-01-08 03:20:35
dirmngr[35554.0]: DBG:      issuer: CN=R3,O=Let's Encrypt,C=US
dirmngr[35554.0]: DBG:     subject: CN=hockeypuck.ubuntu.com
dirmngr[35554.0]: DBG:         aka: (8:dns-name21:hockeypuck.ubuntu.com)
dirmngr[35554.0]: DBG:         aka: (8:dns-name20:keyserver.ubuntu.com)
dirmngr[35554.0]: DBG:   hash algo: 1.2.840.113549.1.1.11
dirmngr[35554.0]: DBG:   SHA1 fingerprint: C7004BF70F09860B558F2608E4C1862EB361F35E
dirmngr[35554.0]: DBG: END Certificate
dirmngr[35554.0]: DBG: BEGIN Certificate 'server[1]':
dirmngr[35554.0]: DBG:      serial: 00912B084ACF0C18A753F6D62E25A75F5A
dirmngr[35554.0]: DBG:   notBefore: 2020-09-04 00:00:00
dirmngr[35554.0]: DBG:    notAfter: 2025-09-15 16:00:00
dirmngr[35554.0]: DBG:      issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
dirmngr[35554.0]: DBG:     subject: CN=R3,O=Let's Encrypt,C=US
dirmngr[35554.0]: DBG:   hash algo: 1.2.840.113549.1.1.11
dirmngr[35554.0]: DBG:   SHA1 fingerprint: A053375BFE84E8B748782C7CEE15827A6AF5A405
dirmngr[35554.0]: DBG: END Certificate
dirmngr[35554.0]: DBG: BEGIN Certificate 'server[2]':
dirmngr[35554.0]: DBG:      serial: 4001772137D4E942B8EE76AA3C640AB7
dirmngr[35554.0]: DBG:   notBefore: 2021-01-20 19:14:03
dirmngr[35554.0]: DBG:    notAfter: 2024-09-30 18:14:03
dirmngr[35554.0]: DBG:      issuer: CN=DST Root CA X3,O=Digital Signature Trust Co.
dirmngr[35554.0]: DBG:     subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
dirmngr[35554.0]: DBG:   hash algo: 1.2.840.113549.1.1.11
dirmngr[35554.0]: DBG:   SHA1 fingerprint: 933C6DDEE95C9C41A40F9F50493D82BE03AD87BF
dirmngr[35554.0]: DBG: END Certificate
dirmngr[35554.0]: TLS connection authentication failed: General error
dirmngr[35554.0]: error connecting to 'https://162.213.33.9:443': General error
dirmngr[35554.0]: command 'KS_GET' failed: General error <Unspecified source>
ERR 1 General error <Unspecified source>
In particular this line:

Code: Select all

dirmngr[35554.0]: TLS verification of peer failed: The certificate is NOT trusted. The certificate chain uses expired certificate. 
Looks like our certificates are out of date. Updating the ca-certificates fixes this (see command at top of my post).
revevil
Level 1
Level 1
Posts: 1
Joined: Sun Dec 26, 2021 2:32 am

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by revevil »

No way, you just solved my problem with not being able to add PPA repositories and indirectly solved my problem with OpenShot not doing animated titles correctly. Because of the PPA issue being fixed, I was able to dump that appimage and finally get the stable release PPA back, and it works beautiful now! I just made an account here to say thank you. I'm going to take your fix and make a video about it right now. I'm definitely going to give you credit. Thanks again for the solution! BTW, this will probably be fixed in 20.3 when it's released in 2 or 3 weeks I imagine. I'm just going to wait, because I don't do betas.
tman
Level 1
Level 1
Posts: 1
Joined: Thu Dec 30, 2021 7:55 am

Re: Can't add any ppa repositories (gpg: keyserver receive failed: General error)

Post by tman »

Thank you evoludo, i was having problems uppdating drivers for nvidia 340. this fixed the issue
Post Reply

Return to “Software & Applications”