Re: [gentoo-user] Re: Untrusted PGP signing key
On Sun, May 24, 2020 at 07:08:41PM +0100, Michael wrote: > Check your /usr/share/openpgp-keys/gentoo-release.asc file. This is the hash > I get here: > > $ sha512sum gentoo-release.asc > 3b168b7e43ad2cf4f042be585abc761c5786f55c94592dc916d13a1ef5557f047e614a7d70827471ace113f16eceb4e455228c4a5f7b9293f6a185a8e5183781 > > gentoo-release.asc Same hash. Weird.
Re: [gentoo-user] Re: Untrusted PGP signing key
On Sunday, 24 May 2020 18:36:28 BST Nikos Chantziaras wrote: > On 24/05/2020 20:15, Consus wrote: > > I've got this today: > > $ sudo emerge --sync > > Checking signature ... > > gpg: Signature made Sun 24 May 2020 03:56:07 MSK > > gpg:using RSA key > > E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 > > gpg: Good signature from "Gentoo ebuild repository signing key (Automated > > Signing Key) " [unknown] gpg: > > aka "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" > > [unknown] gpg: WARNING: Using untrusted key! > > ... > > > > Is this warning expected? > > Certainly not. Check your /usr/share/openpgp-keys/gentoo-release.asc file. This is the hash I get here: $ sha512sum gentoo-release.asc 3b168b7e43ad2cf4f042be585abc761c5786f55c94592dc916d13a1ef5557f047e614a7d70827471ace113f16eceb4e455228c4a5f7b9293f6a185a8e5183781 gentoo-release.asc and these are the keys it contains: $ gpg gentoo-release.asc gpg: enabled debug flags: memstat gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: keydb: handles=0 locks=0 parse=0 get=0 gpg:build=0 update=0 insert=0 delete=0 gpg:reset=0 found=0 not=0 cache=0 not=0 gpg: kid_not_found_cache: count=0 peak=0 flushes=0 gpg: sig_cache: total=37 cached=0 good=0 bad=0 gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg: rndjent stat: collector=0x calls=0 bytes=0 gpg: secmem usage: 0/65536 bytes in 0 blocks pub rsa4096 2011-11-25 [C] [expires: 2021-01-01] DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D uid Gentoo Portage Snapshot Signing Key (Automated Signing Key) sigDB6B8C1F96D8BF6D 2019-10-30 [selfsig] sigDB6B8C1F96D8BF6D 2011-11-25 [selfsig] sigDB6B8C1F96D8BF6D 2015-11-23 [selfsig] sigDB6B8C1F96D8BF6D 2016-07-01 [selfsig] sigDB6B8C1F96D8BF6D 2018-01-27 [selfsig] sigDB6B8C1F96D8BF6D 2019-04-27 [selfsig] uid Gentoo ebuild repository signing key (Automated Signing Key) sigDB6B8C1F96D8BF6D 2019-10-30 [selfsig] sigDB6B8C1F96D8BF6D 2019-01-01 [selfsig] sigDB6B8C1F96D8BF6D 2019-04-27 [selfsig] sigDB6B8C1F96D8BF6D 2018-07-04 [selfsig] sub rsa4096 2011-11-25 [S] [expires: 2021-01-01] sigDB6B8C1F96D8BF6D 2019-04-27 [keybind] sigDB6B8C1F96D8BF6D 2019-10-30 [keybind] pub dsa1024 2004-07-20 [SC] [expires: 2020-07-01] D99EAC7379A850BCE47DA5F29E6438C817072058 uid Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) sig9E6438C817072058 2018-06-28 [selfsig] sig9E6438C817072058 2006-08-16 [selfsig] sig9E6438C817072058 2016-07-01 [selfsig] sig9E6438C817072058 2004-07-20 [selfsig] sig9E6438C817072058 2004-07-20 [selfsig] sub elg2048 2004-07-20 [E] [expires: 2020-07-01] sig9E6438C817072058 2018-06-28 [keybind] pub rsa4096 2009-08-25 [SC] [expires: 2021-01-01] 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910 uid Gentoo Linux Release Engineering (Automated Weekly Release Key) sigBB572E0E2D182910 2019-10-30 [selfsig] sigBB572E0E2D182910 2013-08-24 [selfsig] sigBB572E0E2D182910 2015-08-26 [selfsig] sigBB572E0E2D182910 2009-08-25 [selfsig] sigBB572E0E2D182910 2009-08-25 [selfsig] sigBB572E0E2D182910 2017-08-22 [selfsig] sigBB572E0E2D182910 2019-02-23 [selfsig] sigBB572E0E2D182910 2019-04-27 [selfsig] sigBB572E0E2D182910 2019-02-24 [selfsig] sub rsa2048 2019-02-23 [S] [expires: 2021-01-01] sigBB572E0E2D182910 2019-04-27 [keybind] sigBB572E0E2D182910 2019-10-30 [keybind] pub rsa4096 2018-05-28 [C] [expires: 2021-01-01] EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72 uid Gentoo repository mirrors (automated git signing key) sigA13D0EF1914E7A72 2019-10-30 [selfsig] sigA13D0EF1914E7A72 2018-05-28 [selfsig] sigA13D0EF1914E7A72 2018-05-29 [selfsig] sigA13D0EF1914E7A72 2018-11-25 [selfsig] sigA13D0EF1914E7A72 2019-02-23 [selfsig] sigA13D0EF1914E7A72 2019-04-27 [selfsig] sub rsa2048 2018-05-28 [S] [expires: 2021-01-01] sigA13D0EF1914E7A72 2019-04-27 [keybind] sigA13D0EF1914E7A72 2019-10-30 [keybind] More information: https://www.gentoo.org/downloads/signatures/ signature.asc Description: This is a digitally signed message part.