Using Ubuntu PPA Repositories Behind a Firewall

[Note: this post has been migrated from its original home at http://rockycode.com/blog/using-ubuntu-ppa-repositories-behind-firewall/, posted 24 May 2011.  It is outdated, but perhaps still useful.]

This post describes a quick and dirty way to configure apt-add-repository to use port 80 instead of port 11371.

Ubuntu Personal Package Archives (PPA) are an easy way for developers to make their source packages available to the common user (like myself) through APT, Debian's great package manager. Packages from the default repositories are often out of date, where the developer has published newer versions that may have fixed serious bugs. In order to ensure that the ppa is trusted, an encrypted connection over gpg is used. However, apt by default connects via port 11371, likely to be blocked if you are behind a corporate firewall. When you try to add the ppa you're likely to see the following error:

gpg: requesting key 34EF4A35 from hkp server keyserver.ubuntu.com

?: keyserver.ubuntu.com: Connection refused

gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused

gpg: no valid OpenPGP data found.

gpg: Total number processed: 0

The simplest way I found to configure apt to use port 80 instead of the default was found in this launchpad bug, post #9:
 To make add-apt-repository use port 80 by default, the /usr/share/pyshared/softwareproperties/ppa.py file used by add-apt-repository can be modified to use port 80. Edit the file /usr/share/pyshared/softwareproperties/ppa.py Search for "keyserver.ubuntu.com" Replace it [with] "hkp://keyserver.ubuntu.com:80" and save the file. add-apt-repository should work behind a proxy now.
The downside to a code change, like we're doing here to `ppa.py`, is that a typical upgrade would overwrite our changes. However, according to the thread referenced above, this change has already been made in Ubuntu 11.04 and up.


  1. Thanks, this helped me out. I didn't permanently replace the key source, but I just substituted hkp://keyserver.ubuntu.com:80 in place of keyserver.ubuntu.com when making the initial call the receive trusted key. It made the rest work as expected.

  2. I tried the solution still didn't seem to work. :(


Note: Only a member of this blog may post a comment.