On 11-Dec-2008, at 14:29, Karsten Bräckelmann wrote:
...or read the documentation.
I read a hell of a lot of stuff about all this, and have been running
SA since 2.mumble If you are a plug-n-play sysadmin, then no
problem. If you are already well-versed in the vagaries of gpg, then
fine, you already know this. If you are coming at this newly, the
documentation is unclear, incomplete, and in some cases points at
pages that are several years old.
If you think it's perfectly clear, then fine. Maybe I'm wrong. But I
bet you will have a people asking the same exact questions in the
future and having the same exact confusion. I know it took asking
several times before anyone was able to even begin to explain where
this number comes from other than "the author". Well, it doesn't, in
fact, come from the author. Most people don't seem to be aware of
this, so obviously there is some confusion. It comes from gpg, which
has as far as I can tell a very exacting syntax to access this bit of
info, which again most people don't seem to know, as the wrong syntax
was posted to this thread.
IIRC (too lazy to look up the details for you) it accepts key IDs,
fingerprints, email-addresses, names, and any substring at least of
the
latter two. Did you try it? It's enlightening...
really?
mail# gpg --list-keys sought
gpg: error reading key: No public key
mail# gpg --list-keys sought_rules_yerp_org
gpg: error reading key: No public key
mail# gpg --list-keys sought.rules.yerp.org
gpg: error reading key: No public key
mail# gpg --list-keys updates.spamassassin.org
gpg: error reading key: No public key
mail# gpg --list-keys rele...@spamassasin.org
gpg: error reading key: No public key
the only command that seems to do anything is:
gpg --list-keys --no-default-keyring --keyring sa-update-keys/
pubring.gpg
even this command, posted to the list as a way to get the --gpgkey
value:
gpg --no-default-keyring --keyring /etc/mail/spamassassin/sa-update-
keys/pubring.gpg
returns:
gpg: Go ahead and type your message ...
and then accepts input until and EOF at which point it returns
gpg: no valid OpenPGP data found.
gpg: processing message failed: Unknown system error
# gpg --version
gpg (GnuPG) 2.0.3
On 11-Dec-2008, at 14:56, Karsten Bräckelmann wrote:
FWIW, here would be a good place to start.
http://wiki.apache.org/spamassassin/RuleUpdates
That's a bit late in the thread to be posting that, but and it gives a
brand new piece of information which no one else has yet to mention:
Generally it's safer to specify the whole key fingerprint, but it
is more common to see simply the last 8 hex digits used.
So it's not a number that has to be generated by gpg, it's just the
last 8 digits of the fingerprint. It's not a hash of the fingerprint,
as was posted in this thread, it's just the last 8 digits.
And you don't think there's confusion? As far as I can tell, ever
single person who posted in this thread and said anything about gpg
and keys got at least something wrong except for you. And even you
left out what I consider some fairly crucial information.
And yes, it does explain what the sa-update --gpgkey option does, and
what it is used for.
Yes, it does. It even indirectly explains how to get the value.
Indirectly. Given that information I could at least have searched for
'gpg fingerprint' and found out how to get the fingerprint (and the
last 8 digits of it). I would not, as it turns out, have gotten any
further since all the instructions I've found on getting a fingerprint
assume the key is stored in your own pubring, and not in some other
file, so the critical flags of
--no-default-keyring --keyring /etc/mail/spamassassin/sa-update-keys/
pubring.gpg
are missing from those instructions (and those flags are required for
both the --list-keys and the --fingerprint to work). So I checked
google for help, now that I know EXACTLY what to search for: "sa-
update list-keys no-default-keyring"
<http://www.google.com/search?q=sa-update+list-keys+no-default-keyring&ie=ISO-8859-1&oe=ISO-8859-1
>
The only hits are from today. this tells me there is not a single
page indexed on Google that gives full and complete instructions on
how to get the --gpgkey value. Not until I hit send, at least. :)
--
So now you know the words to our song, pretty soon you'll all be
singing along, when you're sad, when you're lonely and it all
turns out wrong...
