key "3A40CB5E7E5CBC30" could not be looked up remotely, keyserver.ubuntu.com could be down or blocked

[noisecode3]

sudo ./create-arch-bootstrap.sh                                                                                                                                                           (master)
Password: 
############################################################################################################################################################################################################## 100.0%
Downloading Arch Linux bootstrap from https://umea.mirror.pkgbuild.com/iso/latest/archlinux-bootstrap-x86_64.tar.zst
############################################################################################################################################################################################################## 100.0%
Verifying the integrity of the bootstrap
umount: /home/noisecode3/old/Conty/root.x86_64: no mount point specified.
umount: /home/noisecode3/old/Conty/root.x86_64/proc: no mount point specified.
umount: /home/noisecode3/old/Conty/root.x86_64/sys: no mount point specified.
umount: /home/noisecode3/old/Conty/root.x86_64/dev/pts: no mount point specified.
umount: /home/noisecode3/old/Conty/root.x86_64/dev/shm: no mount point specified.
umount: /home/noisecode3/old/Conty/root.x86_64/dev: no mount point specified.
tar: Ignoring unknown extended header keyword 'LIBARCHIVE.xattr.security.capability'
tar: Ignoring unknown extended header keyword 'LIBARCHIVE.xattr.security.capability'
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/AEDD319403FB20A82ECBE215E8C4798264228454.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 38 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   5  signed:  86  trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2  valid:  74  signed:  18  trust: 74-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2026-10-21
gpg: keyserver receive failed: Server indicated a failure
==> ERROR: Remote key not fetched correctly from keyserver.
==> ERROR: 3056513887B78AEB could not be locally signed.
warning: database file for 'core' does not exist (use '-Sy' to download)
warning: database file for 'extra' does not exist (use '-Sy' to download)
warning: database file for 'multilib' does not exist (use '-Sy' to download)
:: Retrieving packages...
 chaotic-keyring                                                                                     17.8 KiB  21.0 KiB/s 00:01 [##############################################################################] 100%
 chaotic-mirrorlist                                                                                   4.8 KiB  5.67 KiB/s 00:01 [##############################################################################] 100%
loading packages...
:: Import PGP key 3A40CB5E7E5CBC30? [Y/n] 
error: key "3A40CB5E7E5CBC30" could not be looked up remotely
error: required key missing from keyring
error: '/var/cache/pacman/pkg/chaotic-keyring.pkg.tar.zst': unexpected error
:: Import PGP key 3A40CB5E7E5CBC30? [Y/n] 
error: key "3A40CB5E7E5CBC30" could not be looked up remotely
error: required key missing from keyring
error: '/var/cache/pacman/pkg/chaotic-mirrorlist.pkg.tar.zst': unexpected error
Seems like Chaotic-AUR keyring or mirrorlist is currently unavailable
Please try again later

This should be a safer and more stable way to import the key, you can prove me wrong.
There is no need for keyserver.ubuntu.com it should be better with curl and with --lsign-key.
I'm on slackware15 if it matters. curl should be a stable base pkg on all major distributions.

diff --git a/create-arch-bootstrap.sh b/create-arch-bootstrap.sh
index eb24f14..7461d15 100755
--- a/create-arch-bootstrap.sh
+++ b/create-arch-bootstrap.sh
@@ -188,21 +188,30 @@ run_in_chroot pacman-key --init
 run_in_chroot pacman-key --populate archlinux
 
 # Add Chaotic-AUR repo
-run_in_chroot pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
+curl -L --retry 3 -o "${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst" \
+    'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
+
+echo "Filstorlek: $(stat -c%s "${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst") bytes"
+
+mkdir -p "${bootstrap}/tmp/chaotic-extract"
+bsdtar -xf "${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst" \
+    -C "${bootstrap}/tmp/chaotic-extract"
+
+run_in_chroot pacman-key --add /tmp/chaotic-extract/usr/share/pacman/keyrings/chaotic.gpg
 run_in_chroot pacman-key --lsign-key 3056513887B78AEB
 
 if ! run_in_chroot pacman --noconfirm -U \
-        'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst' \
-        'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'; then
-       echo "Seems like Chaotic-AUR keyring or mirrorlist is currently unavailable"
-       echo "Please try again later"
-       exit 1
+     '/tmp/chaotic-keyring.pkg.tar.zst' \
+     'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'; then
+    echo "Seems like Chaotic-AUR keyring or mirrorlist is currently unavailable"
+    echo "Please try again later"
+    exit 1
 fi
 
 {
-       echo
-       echo "[chaotic-aur]"
-       echo "Include = /etc/pacman.d/chaotic-mirrorlist"
+    echo
+    echo "[chaotic-aur]"
+    echo "Include = /etc/pacman.d/chaotic-mirrorlist"
 } >> "${bootstrap}"/etc/pacman.conf
 
 # Do not install unneeded files (man pages and Nvidia firmwares)

[noisecode3]

I just did that if its down, maybe it help someone

awk '
/run_in_chroot pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com/ {
    print "curl -L --retry 3 -o \"${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst\" \\"
    print "    '"'"'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'"'"'"
    print ""
    print "mkdir -p \"${bootstrap}/tmp/chaotic-extract\""
    print "bsdtar -xf \"${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst\" \\"
    print "    -C \"${bootstrap}/tmp/chaotic-extract\""
    print ""
    print "run_in_chroot pacman-key --add /tmp/chaotic-extract/usr/share/pacman/keyrings/chaotic.gpg"
    next
}
/'"'"'https:\/\/cdn-mirror\.chaotic\.cx\/chaotic-aur\/chaotic-keyring\.pkg\.tar\.zst'"'"'/ {
    print "     '"'"'/tmp/chaotic-keyring.pkg.tar.zst'"'"' \\"
    next
}
{ print }
' create-arch-bootstrap.sh > create-arch-bootstrap.sh.tmp && mv create-arch-bootstrap.sh.tmp create-arch-bootstrap.sh
chmod +x create-arch-bootstrap.sh

[noisecode3]

As I understand it, nordvpn was blocking that server for some reason. But we can also verify with something like this

EXPECTED="8A9E 14A0 7010 F7E3 D2F3 F396 3056 5138 87B7 8AEB"
ACTUAL=$(run_in_chroot gpg --fingerprint 3056513887B78AEB 2>/dev/null \
    | grep -A1 "pub" \
    | tail -1 \
    | tr -s ' ' \
    | sed 's/^ //')

if [ "$ACTUAL" = "$EXPECTED" ]; then
    echo "✓ Fingerprint OK"
else
    echo "✗ FINGERPRINT DID NOT MATCH!"
    echo "  Expected: $EXPECTED"
    echo "  Actually got:      $ACTUAL"
    exit 1
fi

[Kron4ek]

Yes, i also encountered a case where keyserver.ubuntu.com was unavailable. I'll add a fix later.

[noisecode3]

I'll slip in some lines if you want :) when you add you're stuff need to remove that :)

awk '
/run_in_chroot pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com/ {
    print "curl -L --retry 3 -o \"${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst\" \\"
    print "    '"'"'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'"'"'"
    print ""
    print "mkdir -p \"${bootstrap}/tmp/chaotic-extract\""
    print "bsdtar -xf \"${bootstrap}/tmp/chaotic-keyring.pkg.tar.zst\" \\"
    print "    -C \"${bootstrap}/tmp/chaotic-extract\""
    print ""
    print "run_in_chroot pacman-key --add /tmp/chaotic-extract/usr/share/pacman/keyrings/chaotic.gpg"
    print ""
    print "EXPECTED=\"EF92 5EA6 0F33 D0CB 85C4 4AD1 3056 5138 87B7 8AEB\""
    print "ACTUAL=$(run_in_chroot pacman-key --finger 3056513887B78AEB 2>/dev/null \\"
    print "    | grep -A1 \"pub\" \\"
    print "    | tail -1 \\"
    print "    | tr -s '"'"' '"'"' \\"
    print "    | sed '"'"'s/^ //'"'"')"
    print "if [ \"$ACTUAL\" = \"$EXPECTED\" ]; then"
    print "    echo \"✓ Fingerprint OK\""
    print "else"
    print "    echo \"✗ FINGERPRINT DID NOT MATCH!\""
    print "    echo \"  Expected: $EXPECTED\""
    print "    echo \"  Actually got: $ACTUAL\""
    print "    exit 1"
    print "fi"
    next
}
/'"'"'https:\/\/cdn-mirror\.chaotic\.cx\/chaotic-aur\/chaotic-keyring\.pkg\.tar\.zst'"'"'/ {
    print "         '"'"'/tmp/chaotic-keyring.pkg.tar.zst'"'"' \\"
    next
}
{ print }
' create-arch-bootstrap.sh > create-arch-bootstrap.sh.tmp && mv create-arch-bootstrap.sh.tmp create-arch-bootstrap.sh
chmod +x create-arch-bootstrap.sh