Unable to add gpg key with apt-key behind a proxy

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
18
down vote

favorite
5












Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.



Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>SKS OpenPGP Public Key Server</title>
 </head>
 <body>
 [...]


What can I do ? I'm not even sure on how to further debug it...



Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.






debian apt proxy gpg







share|improve this question























  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57















up vote
18
down vote

favorite
5












Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.



Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>SKS OpenPGP Public Key Server</title>
 </head>
 <body>
 [...]


What can I do ? I'm not even sure on how to further debug it...



Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.






debian apt proxy gpg







share|improve this question























  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57













up vote
18
down vote

favorite
5









up vote
18
down vote

favorite
5






5





Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.



Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>SKS OpenPGP Public Key Server</title>
 </head>
 <body>
 [...]


What can I do ? I'm not even sure on how to further debug it...



Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.






debian apt proxy gpg







share|improve this question















Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.



Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>SKS OpenPGP Public Key Server</title>
 </head>
 <body>
 [...]


What can I do ? I'm not even sure on how to further debug it...



Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.






debian apt proxy gpg




debian apt proxy gpg






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 20 '17 at 4:33









Rui F Ribeiro

36.9k1273117




36.9k1273117










asked Apr 25 '17 at 15:07









Anto

1911213




1911213











  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57

















  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57
















What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
– dirkt
May 10 '17 at 6:29




What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
– dirkt
May 10 '17 at 6:29












I've got the web page (same as the one shown in curl's output above)
– Anto
May 10 '17 at 10:57





I've got the web page (same as the one shown in curl's output above)
– Anto
May 10 '17 at 10:57











1 Answer
1






active

oldest

votes

















up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
 Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f361213%2funable-to-add-gpg-key-with-apt-key-behind-a-proxy%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
 Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26














up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
 Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26












up vote
25
down vote



accepted







up vote
25
down vote



accepted






You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
 Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer














You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
 Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886 

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK






share|improve this answer














share|improve this answer



share|improve this answer








edited Sep 25 at 11:57

























answered Apr 25 '17 at 15:29









Rui F Ribeiro

36.9k1273117




36.9k1273117











  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26
















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26















I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
– Anto
Apr 25 '17 at 15:34




I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
– Anto
Apr 25 '17 at 15:34












@Anto did it work?
– Rui F Ribeiro
May 27 '17 at 9:03




@Anto did it work?
– Rui F Ribeiro
May 27 '17 at 9:03




1




1




Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
– Anto
May 29 '17 at 9:26




Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
– Anto
May 29 '17 at 9:26

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f361213%2funable-to-add-gpg-key-with-apt-key-behind-a-proxy%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Bahrain

Image
For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
Read more

Postfix configuration issue with fips on centos 7; mailgun relay

Image
Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
Read more