Help needed to verify the f-droid app APK

$ wget -q https://f-droid.org/F-Droid.apk.asc && wget -q https://f-droid.org/F-Droid.apk
^C
$ wget https://f-droid.org/F-Droid.apk.asc && wget https://f-droid.org/F-Droid.apk
--2022-05-10 18:35:59--  https://f-droid.org/F-Droid.apk.asc
Resolving f-droid.org (f-droid.org)... 149.202.95.241, 148.251.140.42
Connecting to f-droid.org (f-droid.org)|149.202.95.241|:443... .connected.
HTTP request sent, awaiting response... 200 OK
Length: 659 [text/plain]
Saving to: ‘F-Droid.apk.asc’

F-Droid.apk.asc     100%[===================>]     659  --.-KB/s    in 0s      

2022-05-10 18:37:24 (2.59 MB/s) - ‘F-Droid.apk.asc’ saved [659/659]

--2022-05-10 18:37:24--  https://f-droid.org/F-Droid.apk
Resolving f-droid.org (f-droid.org)... 148.251.140.42, 149.202.95.241
Connecting to f-droid.org (f-droid.org)|148.251.140.42|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8165518 (7.8M) [application/vnd.android.package-archive]
Saving to: ‘F-Droid.apk’

F-Droid.apk         100%[===================>]   7.79M   333KB/s    in 28s     

2022-05-10 18:37:58 (284 KB/s) - ‘F-Droid.apk’ saved [8165518/8165518]

$ gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: keyserver receive failed: Server indicated a failure

Maybe try different keyserver or way of getting that key.

See earlier mention of other keyservers and issues. There was some key renewal problem some time ago. Hans is affiliated with Debian and Calyx, not ubuntu afaik, so maybe ubuntu keyserver was forgotten. Or maybe it’s broken. Or network issues, or…

Can you mention the keyserver

 ```
    $ gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
    gpg: keyserver receive failed: Server indicated a failure
    ```

Others: pgp keyserver at DuckDuckGo

Recommended something @Licaon_Kter

Tried none of them really worked. Need to look into it keyserver has some issues i find fdroid really lacks the verification and security part that is not the case in other stores even in linux stores. In this Field fdroid need to look into. Easy and basic.

https://keys.openpgp.org/ p.e.

1 Like

I can confirm this works; I already had the key so it says “not changed”.

$ torify --isolate gpg --keyserver   keys.openpgp.org --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: key 41E7044E1DBA2E89: "F-Droid <admin@f-droid.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

$ gpg --keyserver keys.openpgp.org --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: keyserver receive failed: Server indicated a failure

It works, this is your fault.
Bad DNS server, firewalled bash… whatever

Can anyone lookintO it

As said above we can’t see into your network, so we can’t fix your network issue.

Works for me and several others.

All sorts of restrictions could be in place somewhere along the route, be it China Firewall, Russian censorship, etc.

Did you try via Tor also?

proxychains gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89

Everything is working as it should be just i can’t import that key. But in the past i have imported that while fdroid was 1.13.

Does adding -vv to the gpg command helps debugging this?

$ gpg -vv --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: keyserver receive failed: Server indicated a failure

Edit- There must me something wrong i just tried on a kvm base vm on my system with ubuntu 22.04 running i got same error really stange can you look int9

Same for Tor? eg. do this in a Tails VM

Okey i will try it today

I don’t have tails iso on hand so i use parrot os as a live os running from usb and key imported and verified successfully. Strange but i could not do it from install os even in kvm. Whats wrong.

So that was via clearnet or Tor?

If clearnet then it means that your base OS has issues with gpg setup

If Tor then it means that your intenet is somehow corrupting the download.

IMHO

I did not use proxy. And parrot os is tor by default or not i don’t know.

@Human

Maybe use something like Fedora or Debian instead of a riced out hax0r distro.