On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:
> Just today I have tried emerge-webrsync and got
> to the following endless circle:
> 
> Fetching most recent snapshot ...
> Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo
> ... Fetching file portage-20180702.tar.xz.md5sum ...
> Fetching file portage-20180702.tar.xz.gpgsig ...
> Fetching file portage-20180702.tar.xz ...
> Checking digest ...
> Checking signature ...
> gpg: Signature made Tue Jul  3 03:51:21 2018 EEST
> gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
>      Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250
> Fetching file portage-20180702.tar.bz2.md5sum ...
> Fetching file portage-20180702.tar.bz2.gpgsig ...
> Fetching file portage-20180702.tar.bz2 ...
> Checking digest ...
> Checking signature ...
> gpg: Signature made Tue Jul  3 03:51:20 2018 EEST
> gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
>      Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250
> Fetching file portage-20180702.tar.gz.md5sum ...
> 
> The following command showed that all Gentoo signing keys in my system
> expired:
> 
> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
> --with-fingerprint --list-keys
> /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
> ---------------------------------------------------------
> pub   rsa4096 2014-10-03 [C] [expired: 2017-09-17]
>       D2DE 1DBB A0F4 3EBA 341B  97D8 8255 33CB F6CD 6C97
> uid           [ expired] Gentoo-keys Team <gk...@gentoo.org>
> 
> pub   dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
>       D99E AC73 79A8 50BC E47D  A5F2 9E64 38C8 1707 2058
> uid           [ expired] Gentoo Linux Release Engineering (Gentoo
> Linux Release Signing Key) <rel...@gentoo.org>
> 
> pub   rsa4096 2011-11-25 [C] [expired: 2018-07-01]
>       DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
> uid           [ expired] Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)
> 
> pub   rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
>       13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910
> uid           [ expired] Gentoo Linux Release Engineering (Automated
> Weekly Release Key) <rel...@gentoo.org>
> 
> 
> Trying to renew them manually with the following commands does not help:
> 
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0x825533CBF6CD6C97 gpg: key 825533CBF6CD6C97: 2 signatures not checked due
> to missing keys gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
> <gk...@gentoo.org>" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg:               imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0xDB6B8C1F96D8BF6D gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due
> to missing keys gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage
> Snapshot Signing Key (Automated Signing Key)" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg:               imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0x9E6438C817072058 gpg: key 9E6438C817072058: 83 signatures not checked due
> to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release
> Engineering (Gentoo Linux Release Signing Key) <rel...@gentoo.org>"
> imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg:               imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0xBB572E0E2D182910 gpg: key BB572E0E2D182910: 10 signatures not checked due
> to missing keys gpg: key BB572E0E2D182910: 1 bad signature
> gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
> Engineering (Automated Weekly Release Key) <rel...@gentoo.org>"
> imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg:               imported: 1
> 
> Here
> https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
> has been said the following:
> 
> If any of the keys installed from app-crypt/gentoo-keys should expire,
> run gkeys from app-crypt/gkeys to refresh them from the key server:
> root #emerge --ask app-crypt/gkeys
> root #gkeys refresh-key -C gentoo
> 
> but gkeys are not stable in my architeture as it follows from the following:
> 
> $ eix gkeys
> * app-crypt/gkeys
>      Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7
> python3_4 python3_5 python3_6"}
>      Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys
>      Description:         An OpenPGP/GPG key management tool and python libs
> 
> * app-crypt/gkeys-gen
>      Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7
> python3_4 python3_5 python3_6"}
>      Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys
>      Description:         Tool for generating OpenPGP/GPG keys using a
> specifications file

This package update came up yesterday:

app-crypt/openpgp-keys-gentoo-release-20180702

which as I understand will update the portage keys accordingly but I don't use 
webrsync to know if it applies the same way.
-- 
Regards,
Mick

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to