2018-07-05 1:25 GMT+03:00 Mick <michaelkintz...@gmail.com>: > On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote: >> 2018-07-04 21:01 GMT+03:00 Mick <michaelkintz...@gmail.com>: >> > On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote: >> >> 2018-07-04 11:55 GMT+03:00 Alex Thorne <lexiconifernel...@gmail.com>: >> >> >> I use rsync and get the following for more than a day now; >> >> >> >> >> >> !!! Manifest verification failed: >> >> >> OpenPGP verification failed: >> >> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC >> >> >> gpg: using RSA key >> >> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 >> >> >> gpg: Can't check signature: No public key >> >> > >> >> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no >> >> > longer installed and `/var/lib/gentoo/gkeys` is missing. I have no idea >> >> > how this happened. Perhaps it somehow got into `emerge --depclean` >> >> > and I didn't catch it. >> >> >> >> No. Gentoo maintainers just overlooked that all Gentoo signing keys >> >> expired on July 1, and added new openpgp-keys-gentoo into portage >> >> tree only on July 2. >> >> >> >> So, since July 1, rsync cannot verify any new portage tree and cannot >> >> download app-crypt/openpgp-keys-gentoo-release-20180702 >> >> >> >> It was discovered in the thread >> >> "All Gentoo signing key expired and no way to fix it" >> > >> > Is there a documented manual workaround we could follow at present, >> > irrespective of our sync'ing mechanism of choice?
It seems that everything is explained in https://wiki.gentoo.org/wiki/Portage_Security (This link was first provided in this thread by methylherd.) >> For me, it somehow worked by manually refreshing the Gentoo signing keys by >> executing the following two commands: >> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys >> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile >> >> But, please, note that I use emerge-webrsync to update the portage tree. > > Thanks gevisz, the first line to refresh keys fails, because in /var/lib/ > gentoo/ I only have a news/ subdirectory. Interestingly, it was the second line that seemed to fail in my case. (I was in a hurry and executed it so many times, so that I cannot say if for sure.) But, as it has already been pointed out by Bill Kenworthy and explained in https://wiki.gentoo.org/wiki/Portage_Security , the internal mechanisms for checking Gentoo signatures are different between git, rsync and webrsync.
