![[FSF Associate Member]](http://gurrier.files.wordpress.com/2010/09/fsfmember.png){kind=small}
Downloading repo keys from behind a corporate firewall
Corporate firewalls commonly block port 11371 which launchpad PPA’s use for their keys.
It is possible though to get these through the normal port 80 for web traffic using the format below (replace the last reference to reflect the key you want to download)…
gpg --keyserver hkp://keyserver.ubuntu.com:80 %%recv-keys 0A5174AF
Categories: GNU/Linux, Lucid Lynx
corporate firewall, keyserver, launchpad, port 11371, ppa, ubuntu
Well for crying out loud, why isn’t this little workaround more well known? I’ve been scouring the internet trying to find some way to access repository keys because our company is one of the many that block miscellaneous ports. And no they won’t unblock. Our department was on the verge of scrapping Ubuntu as a contender for just this reason.
Thank you.
If you don’t mind I’d like to post this on a couple other forums, with credit to you of course.
BTW, is there any way to make this the default for add-apt-repository?
thx
naked hobbit,
Glad it helped you out.
Feel free to post elsewhere if you think it will help others.
Cheers,
gurrier
>BTW, is there any way to make this the default for add-apt-repository?
As far as I can determine, not in any elegant way.
The add-apt-repository utility is a python script. It references other python scripts that provide functionality relating to apt for repositories.
If you run the following command in a terminal window, you will see a hardcoded line in one of the files that seems like it is what is causing the current default behaviour
grep -n keyserver.ubuntu.com /usr/share/pyshared/softwareproperties/*.py
/usr/share/pyshared/softwareproperties/ppa.py:88: [“apt-key”, “adv”, “–keyserver”, “keyserver.ubuntu.com”,
I have not gone to any exhaustive lengths to confirm this as any updates to python-software-properties package would probably reset it to the default again.
Hope this helps,
gurrier
wow! that was so simple.
thanks a bunch gurrier!
all this while i’ve been adding the key manually…
Glad you found it helpful.
Cheers.
Error: Couldn’t resolve host ‘keyserver.ubuntu.com’
Only our proxy-server (squid) knows the dns Answer. My complete ubuntu system works fine with this proxy-settings, only apt-key does not work? Is there a way to add the key by hand?
To clarify your position, when you try the command line in this blog posting, you get that error?
Do you get a response if you run the following?
ping keyserver.ubuntu.com
I presume not.
The way to have all tools use the same proxy is the following…
System menu, Preferences, Network-Proxy, And then use the “Apply System-wide” button.
On Ubuntu 10.10, I needed to export the key from gpg and add it using apt-key. Maybe that’s obvious to others, but I didn’t know that until I did a bit more searching.
Thus…
gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF
gpg –armor -o keyfile –export “key name” // (use gpg –list-keys to look it up)
sudo apt-key add keyfile
Of course you’d replace the key id and key name as needed.
I don’t know if this may help some other people, but the above instructions by kwo and gurrier didn’t work as they were written here. I had to change the ” –” character for “–” (right before “keyserver” and “recv-keys”). Thus:
gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF
becomes
gpg –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF
I’m fairly new to the Linux world, some there is probably something that eludes me, but it worked for me.
… Looks like my comment above looks silly. What I really meant was that the “–” character before both “keyserver” and “recv-keys”, when copied from this website (with Chrome) and pasted into a terminal, wasn’t pasted as two consecutive hyphens (as it should), but as a single dash character (which doesn’t quite work it seems).
Posting two conscutive hyphens in the comment box is translated as a dash character, it seems.
Aha, I see what’s happening there. WordPress blogging tool is interpreting the double hyphen as a single one both in my article and your comments.
Wonder how I stop that from happening so it does not confuse in future.
Thanks for pointing it out, Pouel.
Cheers
gurrier
Fixed!
For the record, if you are using WordPress and need to prevent it from interpreting a double hyphen as a long hyphen symbol, use the HTML escape codes instead.
--
Bah! It did of course interpret them as the hyphens in the comment too.
I will place spaces as separators so you get the gist
& # 4 5 ; & # 4 5 ;
well done! nice to see people sharing their knowledge – this is the real power of open source & free software!
Thank you so much!
Glad it was useful for you.
Cheers,
gurrier
cberman@cberman-ubuntu:/usr/share/pyshared/softwareproperties$ sudo gpg –keyserver hkp://keyserver.ubuntu.com:80 %%recv-keys 3B1510FDusage: gpg [options] [filename]
eh?
The formatting is wrong. Use two hyphens instead of the two percentage marks.
Cheers,
Gurier
To use it through an authenticating proxy server such as squid:
Use:
gpg –keyserver-options http-proxy=http://username:passwd@192.168.0.3:3128 –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 0A5174AF
Found a workaround in ubuntu forums, just add the ppa in root shell
http://ubuntuforums.org/showthread.php?t=1599832