Keyserver.pgp.com unaccessible

Hello,

We run FreePBX 15.0.16.21 and found that one pgp servers coded in GPG.class.php unavailable for long time and reload process goes very long because of that. This server should be excluded from the servers list or should be a way to exclude buggy servers. Currently we had to comment out this server in sources to fix this.

[email protected]:~# sudo -u asterisk gpg --refresh-keys --keyserver keyserver.pgp.com -vvvvvvvvvvvvvvv
gpg: using character set ‘utf-8’
gpg: refreshing 3 keys from hkp://keyserver.pgp.com
gpg: keyserver refresh failed: Connection timed out

PS. Firewall disabled

  1. The key servers are hard coded.
  2. The key you are using is 4th in the list so in a perfect world won’t be used.
  3. The freepbx key on the public PGP servers has been poisoned and is kind of useless anyway.
  4. FreePBX will only try use a key server if it doesn’t have the key (https://git.freepbx.org/projects/FREEPBX/repos/framework/browse/amp_conf/htdocs/admin/libraries/BMO/GPG.class.php#304)

Soooooooooooo
You can manage the keys independently and it will never be an issue.

curl https://git.freepbx.org/projects/FREEPBX/repos/framework/raw/amp_conf/htdocs/admin/libraries/BMO/3DDB2122FE6D84F7.key?at=refs%2Fheads%2Frelease%2F15.0 | gpg --import  --homedir = /home/asterisk/.gnupg/

curl https://git.freepbx.org/projects/FREEPBX/repos/framework/raw/amp_conf/htdocs/admin/libraries/BMO/86CE877469D2EAD9.key?at=refs%2Fheads%2Frelease%2F15.0 | gpg --import --homedir = /home/asterisk/.gnupg/

curl https://git.freepbx.org/projects/FREEPBX/repos/framework/raw/amp_conf/htdocs/admin/libraries/BMO/9F9169F4B33B4659.key?at=refs%2Fheads%2Frelease%2F15.0 | gpg --import  --homedir = /home/asterisk/.gnupg/

Note all of these should all be locally on your system too…

# ls /var/www/html/admin/libraries/BMO/*key
/var/www/html/admin/libraries/BMO/3DDB2122FE6D84F7.key
/var/www/html/admin/libraries/BMO/86CE877469D2EAD9.key
/var/www/html/admin/libraries/BMO/9F9169F4B33B4659.key

side note the new hotness is…

https://keys.openpgp.org/about/news

1 Like

James, thank you for suggestion. I know much more about freepbx reload process. Real issue was in execution “fwconsole util signaturecheck” while reloading. For some reason Apache waits in our case for execution completion of all exec() child processes.

We found issue in installed php modules version, reinstalled it and restarted Apache. Now reload process ges fine.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.