GPG Command Timeout

Hi All

I recently started having a similar issue with gpg verification failed only on select modules. On investigation (with lots of help from the form posts) I have narrowed it down to those modules that are signed by the key " 69D2EAD9" which seems to have expired.

Running the command to refresh the keys I get the following:

$ gpg --refresh-keys --keyserver pgp.mit.edu
gpg: refreshing 3 keys from hkp://pgp.mit.edu
gpg: requesting key FE6D84F7 from hkp server pgp.mit.edu
gpg: requesting key 69D2EAD9 from hkp server pgp.mit.edu
gpg: requesting key B33B4659 from hkp server pgp.mit.edu
gpg: key FE6D84F7: “FreePBX Mirror 1 (Module Signing - 2016/2017) security.at.freepbx.org” not changed
gpg: key 69D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) <security.at.freepbx.org>” not changed
gpg: key B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) <modules.at.freepbx.org>” not changed
gpg: Total number processed: 3
gpg: unchanged: 3

I am running freepbx 13 with asterisk 13.9.1 on ubuntu 14.04.

Please help. The specific modules are core & ucp that I have researched.

Thanks & Regards

The thing is the key actually hasn’t expired. We extended the key out until infinity. However what is happening is that your system is not updating the keys. From what you showed me above you only ran that as root. Which isn’t helpful. You need to run it as the Asterisk user. See the valid response below:

[[email protected] ~]# su asterisk
bash-4.1$ gpg --refresh-keys --keyserver pgp.mit.edu
gpg: refreshing 2 keys from hkp://pgp.mit.edu
gpg: requesting key 69D2EAD9 from hkp server pgp.mit.edu
gpg: requesting key B33B4659 from hkp server pgp.mit.edu
gpg: key 69D2EAD9: "FreePBX Mirror 1 (Module Signing - 2014/2015) <[email protected]>" not changed
gpg: key B33B4659: "FreePBX Module Signing (This is the master key to sign FreePBX Modules) <[email protected]>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

Thanks for the information. I did run run this as asterisk user too - redo shown below

[email protected]:~$ gpg --refresh-keys --keyserver pgp.mit.edu
gpg: refreshing 3 keys from hkp://pgp.mit.edu
gpg: requesting key B33B4659 from hkp server pgp.mit.edu
gpg: requesting key FE6D84F7 from hkp server pgp.mit.edu
gpg: requesting key 69D2EAD9 from hkp server pgp.mit.edu
gpg: key B33B4659: “FreePBX Module Signing (This is the master key to sign FreePBX Modules) <modules.at.freepbx.org>” not changed
gpg: key FE6D84F7: “FreePBX Mirror 1 (Module Signing - 2016/2017) <security.at.freepbx.org>” not changed
gpg: key 69D2EAD9: “FreePBX Mirror 1 (Module Signing - 2014/2015) <security.at.freepbx.org>” not changed
gpg: Total number processed: 3
gpg: unchanged: 3

[email protected]:~$ whoami
asterisk

[email protected]:~$ fwconsole ma upgradeall
No repos specified, using: [standard,extended,unsupported] from last GUI settings

Upgrading: core, ucp
Upgrading core…
Starting core download…
Processing core
Downloading…
14802599/14802599 [============================] 100%
Finished downloading
The following error(s) occured:

  • File Integrity failed for /var/www/html/admin/modules/_cache/core-13.0.106.tgz.gpg - aborting (Cause: GPG took too long to run the command: [/usr/bin/gpg --homedir /var/lib/asterisk/.gnupg --no-permission-warning --keyserver-options auto-key-retrieve=true,timeout=5 --status-fd 3 --verify /var/www/html/admin/modules/_cache/core-13.0.106.tgz.gpg])

Still having the same block…

Actually no. You have a completely separate issue from this thread. Specifically “GPG took too long to run the command”

Has that been your issue all along? What hardware is this on?

1 Like

Once again thanks for your response. Yes this has been the issue all the time. The server is implemented as a VM on Intel® Xeon® CPU E5-2670 0 @ 2.60GHz platform using VMWare ESXi hypervisor.

So run that command manually and see what happens

manual verification appears to be successful

[email protected]:/var/www/html/admin/modules/_cache$ /usr/bin/gpg --homedir /var/lib/asterisk/.gnupg --no-permission-warning --keyserver-options auto-key-retrieve=true,timeout=5 --verify core-13.0.106.tgz.gpg
gpg: Signature made Tue 09 Aug 2016 02:47:40 PM PDT using RSA key ID 69D2EAD9
gpg: Good signature from “FreePBX Mirror 1 (Module Signing - 2014/2015) <security.at.freepbx.org>”

skipped the “–status-fd 3” options since was getting the following error

gpg: fatal: can’t open fd 3 for status output: Bad file descriptor

How long did it take you to run that command. The timeout for it is 5 seconds.

Get the response witin ~3±0.5 secs. As you can observe that I did use the 5 sec timeout option in the manual check.

Go into the Gpg.class.php file and increase the timeout set there. Is this a Distro system?