Help needed to verify the f-droid app APK

$ wget -q https://f-droid.org/F-Droid.apk.asc && wget -q https://f-droid.org/F-Droid.apk
^C
$ wget https://f-droid.org/F-Droid.apk.asc && wget https://f-droid.org/F-Droid.apk
--2022-05-10 18:35:59--  https://f-droid.org/F-Droid.apk.asc
Resolving f-droid.org (f-droid.org)... 149.202.95.241, 148.251.140.42
Connecting to f-droid.org (f-droid.org)|149.202.95.241|:443... .connected.
HTTP request sent, awaiting response... 200 OK
Length: 659 [text/plain]
Saving to: ‘F-Droid.apk.asc’

F-Droid.apk.asc     100%[===================>]     659  --.-KB/s    in 0s      

2022-05-10 18:37:24 (2.59 MB/s) - ‘F-Droid.apk.asc’ saved [659/659]

--2022-05-10 18:37:24--  https://f-droid.org/F-Droid.apk
Resolving f-droid.org (f-droid.org)... 148.251.140.42, 149.202.95.241
Connecting to f-droid.org (f-droid.org)|148.251.140.42|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8165518 (7.8M) [application/vnd.android.package-archive]
Saving to: ‘F-Droid.apk’

F-Droid.apk         100%[===================>]   7.79M   333KB/s    in 28s     

2022-05-10 18:37:58 (284 KB/s) - ‘F-Droid.apk’ saved [8165518/8165518]

$ gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: keyserver receive failed: Server indicated a failure

Maybe try different keyserver or way of getting that key.

See earlier mention of other keyservers and issues. There was some key renewal problem some time ago. Hans is affiliated with Debian and Calyx, not ubuntu afaik, so maybe ubuntu keyserver was forgotten. Or maybe it’s broken. Or network issues, or…

Can you mention the keyserver

 ```
    $ gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
    gpg: keyserver receive failed: Server indicated a failure
    ```

Others: pgp keyserver at DuckDuckGo

Recommended something @Licaon_Kter

Tried none of them really worked. Need to look into it keyserver has some issues i find fdroid really lacks the verification and security part that is not the case in other stores even in linux stores. In this Field fdroid need to look into. Easy and basic.

https://keys.openpgp.org/ p.e.

1 Like

I can confirm this works; I already had the key so it says “not changed”.

$ torify --isolate gpg --keyserver   keys.openpgp.org --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: key 41E7044E1DBA2E89: "F-Droid <admin@f-droid.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

$ gpg --keyserver keys.openpgp.org --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89
gpg: keyserver receive failed: Server indicated a failure

It works, this is your fault.
Bad DNS server, firewalled bash… whatever

Can anyone lookintO it

As said above we can’t see into your network, so we can’t fix your network issue.

Works for me and several others.

All sorts of restrictions could be in place somewhere along the route, be it China Firewall, Russian censorship, etc.

Did you try via Tor also?

proxychains gpg --keyserver keyserver.ubuntu.com --recv-key 37D2C98789D8311948394E3E41E7044E1DBA2E89

Everything is working as it should be just i can’t import that key. But in the past i have imported that while fdroid was 1.13.

Does adding -vv to the gpg command helps debugging this?