GPG Server Error when trying to update RetroPie packages
-
Pi Model or other hardware: 3B+
Power Supply used: 3A adapter
RetroPie Version Used (eg 3.6, 3.8.1, 4.1 - do not write latest): 4.6
Built From: Premade SD image from RetroPie.org.uk (retropie-buster-4.6-rpi2_rpi3.img)
USB Devices connected: USB Keyboard, PS3 Controller
Controller used: PS3
Error messages received: gpg: Can't check signature: No public key
Verbose log (if relevant): provided below
Guide used: Initial install from RetroPie image and ran update from RetroPie-Setup
File: retropie_setup.sh
Emulator: N/A
Attachment of config files:
How to replicate the problem:- Imaged a new 256GB SD card with fresh RetroPie 4.6 image (retropie-buster-4.6-rpi2_rpi3.img) and powered on RPI 3B+
- Quit EmulationStation when the Gamepad detected window comes up on initial boot up
- Wait for system to resize file system to 256GB card. This process takes a bit longer with a 256GB card and I can see a few boot-up process messages still being printed to console even after I exit EmulationStation.
- Change localization, keyboard layout, timezone, PI password, hostname, Wi-Fi country, Wi-Fi SSID and enable SSH
- Reboot and exit EmulationStation
- Run RetroPie-Setup from command line and attempt to update when the following error stops the process. This is my second attempt after the first try deleted EmulationStation then failed to install updated binary due to the same error.
/tmp/tmp.93AJk3yRt9/mupen64plus.tar.gz failed signature check: gpg: assuming signed data in '/tmp/tmp.93AJk3yRt9/mupen64plus.tar.gz' gpg: Signature made Wed 02 Sep 2020 03:45:42 AM EDT gpg: using RSA key DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31 gpg: issuer "retropieproject@gmail.com" gpg: Can't check signature: No public key
I also see an error briefly on the console before Retro-Pie Setup UI fills the screen referring to a gpg server receiving error. On my first attempt, the update process broke with the same error and borked EmulationStation. Installing from source fixed EmulationStation but I'd like to avoid installing all RetropIe package updates from source.
-
Can you post a complete log from updating a package on pastebin.com ? You can find the logs in
$HOME/RetroPie-Setup/logs
, take the most recent file (after you've run the update and got the error), unpack it and post its contents on pastebin.com. -
@mitu Thanks for the reply!
I tried running RetroPie Setup again and skipped the OS updates. The log is pretty short so I'm pasting it here. I also was able to grab the gpg error message that pops up right before the RetroPie Setup menu fills the screen.
Would you happen to know the URL where gpg is trying to connect to? I'm wondering if it may have to do with a Retropie Org DNS issue that's been affecting a few of us here in the US. Over the past few weeks and months, the retropie.org.uk domains would become unreachable for days at a stretch. During these outages, if I ran RetroPie Setup for updates it would just stop with an error stating no internet (I assume it stops if it can't reach retropie.org.uk). I could reach retropie.org.uk if I used my mobile data rather than my home ISP so it leads me to suspect some DNS server somewhere had corrupted routing info. This may, or may not, be a related issue as RetroPie domains are reachable for me at the moment. During these outages, I checked an online DNS tool that showed 100% loss at one hop along the route from the US and one other location while the rest of the world was fine.
gpg: keyserver receive failed: Server indicated a failure
Log started at: Tue 29 Sep 2020 01:46:31 PM EDT RetroPie-Setup version: 4.6.8 (0ce9f214) System: rpi3 (armv7l) - Raspbian GNU/Linux 10 (buster) - Linux retrosnes 4.19.97-v7+ #1294 SMP Thu Jan 30 13:15:58 GMT 2020 armv7l GNU/Linux [H[J[3J = = = = = = = = = = = = = = = = = = = = = Installing dependencies for 'retroarch' : RetroArch - frontend to the libretro emulator cores - required by all lr-* emulators = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Installing 'retroarch' : RetroArch - frontend to the libretro emulator cores - required by all lr-* emulators = = = = = = = = = = = = = = = = = = = = = Downloading https://files.retropie.org.uk/binaries/buster/rpi3/emulators/retroarch.tar.gz.asc ... 2020-09-29 13:46:34 URL:https://files.retropie.org.uk/binaries/buster/rpi3/emulators/retroarch.tar.gz.asc [870/870] -> "/tmp/tmp.8LMBHelnmu/retroarch.tar.gz.asc" [1] Downloading https://files.retropie.org.uk/binaries/buster/rpi3/emulators/retroarch.tar.gz ... 2020-09-29 13:46:40 URL:https://files.retropie.org.uk/binaries/buster/rpi3/emulators/retroarch.tar.gz [2790694/2790694] -> "/tmp/tmp.8LMBHelnmu/retroarch.tar.gz" [1] /tmp/tmp.8LMBHelnmu/retroarch.tar.gz failed signature check: gpg: assuming signed data in '/tmp/tmp.8LMBHelnmu/retroarch.tar.gz' gpg: Signature made Wed 02 Sep 2020 01:23:26 AM EDT gpg: using RSA key DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31 gpg: issuer "retropieproject@gmail.com" gpg: Can't check signature: No public key Log ended at: Tue 29 Sep 2020 01:46:40 PM EDT Total running time: 0 hours, 0 mins, 9 secs
-
The GPG key should be installed prior to this stage.
What happens if you run
sudo gpg --keyserver keyserver.ubuntu.com --recv-keys DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31
-
@BuZz said in GPG Server Error when trying to update RetroPie packages:
sudo gpg --keyserver keyserver.ubuntu.com --recv-keys DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31
Just tried it. Same gpg error. Nothing else.
gpg: keyserver receive failed: Server indicated a failure
-
@BuZz If I go to keyserver.ubuntu.com and search for key DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31 it says not found.
-
It works if you search by
0x<hash>
: http://keyserver.ubuntu.com/pks/lookup?search=0xDC9D77FF8208FFC51D8F50CCF1B030906A3B0D31&fingerprint=on&exact=on&op=index
You can get the key from the search and import it locally, since it looks like your connection to the keyserver is not working properly. -
@mitu @BuZz Thanks to both of you for your incredible help. I imported the RetroPie public key which I was able to get by searching for 0xDC9D77FF8208FFC51D8F50CCF1B030906A3B0D31 on keyserver.ubuntu.com. The RetroPie Setup script is updating packages properly now.
Now I'm curious as to why I'm able to access keyserver.ubuntu.com and search for the key from my desktop browser but get an error when using gpg on the Pi.
-
@va_lemon said in GPG Server Error when trying to update RetroPie packages:
Now I'm curious as to why I'm able to access keyserver.ubuntu.com and search for the key from my desktop browser but get an error when using gpg on the Pi.
They're using different protocols - your browser is using HTTP(s), while
gpg
uses HKP (a similar protocol, but on a different port).I wonder if
sudo gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys DC9D77FF8208FFC51D8F50CCF1B030906A3B0D31
would work for you ?
-
I ran into a similar issue today with a fresh install of RetroPie 4.6 on a RPi 3. I run a completely restricted iptables firewall, only allowing the Pi to connect on a small number of outgoing and incoming ports (22, 53, 68, 80, 123, 443). I found that I had to open port 11371 to allow the RetroPie setup script to update, which then allowed it to connect to the key server. I've been using the same firewall configuration for a few years on earlier versions of RetroPie without issues, but I found that I just also started to encounter the issue on my RetroPie 4.5 build, which has been in use since March 2020 without issue. Update problem probably started within the last 1-2 months.
I think that begs the question -- did the retropie script get changed to not use port 80 for retrieving GPG keys? If so, could we politely request that it be changed back, unless there's a compelling reason to use the default port. It's always best to try to minimize the number of holes you need to poke through your firewall, and I suspect there are going to be a handful of people who may not even be allowed to connect out on port 11371.
-
@pumrum said in GPG Server Error when trying to update RetroPie packages:
I think that begs the question -- did the retropie script get changed to not use port 80 for retrieving GPG keys?
The signing and verification of binary packages (with GPG) has been added recently - starting with version 4.6.8.
-
I'll adjust it to use port 80
-
This is now done.
-
I'm having this issue currently. Cannot authenticate the GPG keys when I try to run /retropie_packages.sh sd12 install_bin
I get a 'gpgL no valid OpenGPP data found.
gpg: the signature could not be verified.I just want to play super mario =O
-
@retronaff This is not the same error - it looks like a corrupted/wrong downloaded file.
Please open a separate topic and provide the info asked in https://retropie.org.uk/forum/topic/3/read-this-first.Btw, you can play Super Mario without updating RetroPie, the necessary emulators are already installed on the image.
-
@mitu when i run emulationstation i get this error ;no available video device' ' error initializing sdl!'
Contributions to the project are always appreciated, so if you would like to support us with a donation you can do so here.
Hosting provided by Mythic-Beasts. See the Hosting Information page for more information.