Just today I have tried emerge-webrsync and got
to the following endless circle:

Fetching most recent snapshot ...
Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo ...
Fetching file portage-20180702.tar.xz.md5sum ...
Fetching file portage-20180702.tar.xz.gpgsig ...
Fetching file portage-20180702.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jul  3 03:51:21 2018 EEST
gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key
(Automated Signing Key)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
     Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250
Fetching file portage-20180702.tar.bz2.md5sum ...
Fetching file portage-20180702.tar.bz2.gpgsig ...
Fetching file portage-20180702.tar.bz2 ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jul  3 03:51:20 2018 EEST
gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key
(Automated Signing Key)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
     Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250
Fetching file portage-20180702.tar.gz.md5sum ...

The following command showed that all Gentoo signing keys in my system expired:

# gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
--with-fingerprint --list-keys
/var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
---------------------------------------------------------
pub   rsa4096 2014-10-03 [C] [expired: 2017-09-17]
      D2DE 1DBB A0F4 3EBA 341B  97D8 8255 33CB F6CD 6C97
uid           [ expired] Gentoo-keys Team <gk...@gentoo.org>

pub   dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
      D99E AC73 79A8 50BC E47D  A5F2 9E64 38C8 1707 2058
uid           [ expired] Gentoo Linux Release Engineering (Gentoo
Linux Release Signing Key) <rel...@gentoo.org>

pub   rsa4096 2011-11-25 [C] [expired: 2018-07-01]
      DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
uid           [ expired] Gentoo Portage Snapshot Signing Key
(Automated Signing Key)

pub   rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
      13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
uid           [ expired] Gentoo Linux Release Engineering (Automated
Weekly Release Key) <rel...@gentoo.org>


Trying to renew them manually with the following commands does not help:

# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x825533CBF6CD6C97
gpg: key 825533CBF6CD6C97: 2 signatures not checked due to missing keys
gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
<gk...@gentoo.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D
gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due to missing keys
gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage Snapshot Signing
Key (Automated Signing Key)" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x9E6438C817072058
gpg: key 9E6438C817072058: 83 signatures not checked due to missing keys
gpg: key 9E6438C817072058: public key "Gentoo Linux Release
Engineering (Gentoo Linux Release Signing Key) <rel...@gentoo.org>"
imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xBB572E0E2D182910
gpg: key BB572E0E2D182910: 10 signatures not checked due to missing keys
gpg: key BB572E0E2D182910: 1 bad signature
gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
Engineering (Automated Weekly Release Key) <rel...@gentoo.org>"
imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

Here https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
has been said the following:

If any of the keys installed from app-crypt/gentoo-keys should expire,
run gkeys from app-crypt/gkeys to refresh them from the key server:
root #emerge --ask app-crypt/gkeys
root #gkeys refresh-key -C gentoo

but gkeys are not stable in my architeture as it follows from the following:

$ eix gkeys
* app-crypt/gkeys
     Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7
python3_4 python3_5 python3_6"}
     Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys
     Description:         An OpenPGP/GPG key management tool and python libs

* app-crypt/gkeys-gen
     Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7
python3_4 python3_5 python3_6"}
     Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys
     Description:         Tool for generating OpenPGP/GPG keys using a
specifications file

Reply via email to