It's a good practice nowadays to verify a hash sum of downloaded tarballs via gnupg with the help of key servers. One of the most used keyserver in my experience is ha.pool.sks-keyservers.net (reports 5M added keys). Very often I get the following error with this key server gpg: keyserver receive failed: Address not available.
It's super annoying. Is this a problem of just sks-keyservers.net? If so, why people keep using it?
Seems to be a common error, the solution is to use multiple key servers. There's a simple script how you can do it gpg_verify:
#!/usr/bin/env bash
set -e
if [[ -n "${DEBUG}" ]]; then
set -x
fi
signature="${1}"
file="${2}"
found="";
declare -a keyservers=(
"ha.pool.sks-keyservers.net"
"hkp://keyserver.ubuntu.com:80"
"hkp://p80.pool.sks-keyservers.net:80"
"pgp.mit.edu"
)
export GNUPGHOME="$(mktemp -d)"
IFS=';' read -ra keys <<< "${GPG_KEYS}"
for key in "${keys[@]}"; do
for server in "${keyservers[@]}"; do
echo "Fetching GPG key ${key} from ${server}"
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "${key}" && found="yes" && break 2
done
done
if [[ -z "${found}" ]]; then
echo >&2 "error: failed to fetch GPG key ${GPG_KEYS}"
exit 1
fi
gpg --batch --verify "${signature}" "${file}"
rm -rf "${GNUPGHOME}" "${signature}"
Usage:
export GPG_KEYS=[YOUR GPG KEY]
gpg_verify archive.tar.gz.asc archive.tar.gz