Please update the installation docs: "gpg: keyserver receive failed: No name"

Hi,

Utter nextcloud n00b.

I followed the instructions as below.

  1. Download the [.tar.bz2] or [.zip] archive.

Done

  1. Check package integrity using MD5 ([.tar.bz2] / [.zip] or SHA256 ([.tar.bz2] / [.zip])

$ curl download.nextcloud.com/server/releases/nextcloud-23.0.0.zip.sha256
aa296b623b94f5bac65da18468c5f97918003743046a0de097aaea796198c281 nextcloud-23.0.0.zip

Done

  1. Verify the authenticity via PGP ([.tar.bz2 ]/ [.zip]). The Nextcloud GPG key [is here]. You can also grab the keys by issueing this command:
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A

Ah. Problem:

gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A
gpg: keyserver receive failed: No name

After a bit of googling, I found that ha.pool.sks-keyservers.net is deprecated, and I should use different key servers. I did

$ gpg --keyserver keys.openpgp.org --recv-keys 28806A878AE423A28372792ED75899B9A724937A
gpg: key D75899B9A724937A: no user ID
gpg: Total number processed: 1

How does that tell me the package is correct?

1 Like

gpg --verify <installation_file>.asc should help you out to check the signature with the public key.

<installation_file>.asc is just a textfile that contains the signature.

Now, the question is rather if you have the right key. The website (https://nextcloud.com/security/) shows the ID and fingerprint:

Key ID: A724937A
Fingerprint: 2880 6A87 8AE4 23A2 8372 792E D758 99B9 A724 937A

you have downloaded the same. It’s not cool that there is no user id.

1 Like

Cool, thanks, it works with mit.edu server:

gpg --keyserver pgp.mit.edu --recv-keys 28806A878AE423A28372792ED75899B9A724937A

And then:

gpg --verify Nextcloud-3.4.2-x86_64.AppImage.asc