| 1 |
On Fri, 17 Jul 2015 08:36:25 -0400 |
| 2 |
Rich Freeman <rich0@g.o> wrote: |
| 3 |
|
| 4 |
> On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec <dolsen@g.o> |
| 5 |
> wrote: |
| 6 |
> > |
| 7 |
> > I don't know tbh, most are already signed, with the git migration, |
| 8 |
> > the strongly recommended commit signing will become MANDATORY. |
| 9 |
> > |
| 10 |
> > So, we are at 50 devs with valid gpg keys now, with 200 more gpg |
| 11 |
> > keys listed in LDAP that fail to meet the new spec. PLEASE fix |
| 12 |
> > them or create new keys... |
| 13 |
> |
| 14 |
> How does somebody know whether their key meets the spec or not? I |
| 15 |
> looked at the gentoo-keys website and didn't see any simple way to |
| 16 |
> check. |
| 17 |
> |
| 18 |
> There was documentation on the gkeys utility for checking keys, but I |
| 19 |
> ran into a few issues with this. First, it can't be installed on a |
| 20 |
> stable system with mirrorselect. |
| 21 |
> |
| 22 |
> On a clean ~arch stage3 when trying to run "gkeys fetch-seed -C |
| 23 |
> gentoo-devs" it outputs: |
| 24 |
> Connector.connect_url(); Failed to retrieve the content from: |
| 25 |
> https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds |
| 26 |
> Error was: Invalid header value 'Wed, 15 Jul 2015 17:50:17 GMT\n' |
| 27 |
> |
| 28 |
> |
| 29 |
> After removing the files in /var/lib/gentoo/gkeys/seeds the fetch |
| 30 |
> works. However, attempting to run "gkeys install-key -C gentoo-devs" |
| 31 |
> results in: |
| 32 |
> Found GKEY seeds: |
| 33 |
> Traceback (most recent call last): |
| 34 |
> File "/usr/lib/python-exec/python2.7/gkeys", line 50, in <module> |
| 35 |
> success = main() |
| 36 |
> File "/usr/lib64/python2.7/site-packages/gkeys/cli.py", line 63, in |
| 37 |
> __call__ return self.run(args) |
| 38 |
> File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 303, |
| 39 |
> in run success, results = func(args) |
| 40 |
> File "/usr/lib64/python2.7/site-packages/gkeys/actions.py", line |
| 41 |
> 264, in installkey |
| 42 |
> self.output(['', gkey], "\n Found GKEY seeds:") |
| 43 |
> File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 323, |
| 44 |
> in output_results |
| 45 |
> print("\n".join([x.pretty_print for x in msg])) |
| 46 |
> UnicodeEncodeError: 'ascii' codec can't encode character u'\u017b' in |
| 47 |
> position 1233: ordinal not in range(128) |
| 48 |
> |
| 49 |
> |
| 50 |
|
| 51 |
Yes, the ssl-fetch issue is fixed with ssl-fetch-0.3 and it is now |
| 52 |
stabilized. So that conflict is fixed. |
| 53 |
|
| 54 |
|
| 55 |
> It might not hurt to publish the list of keys that fail checks. If |
| 56 |
> that list is going to be used to block commits then obviously it needs |
| 57 |
> to be updated very frequently. I do not know if there are any plans |
| 58 |
> to block commits with signatures that do not conform to the GLEP. |
| 59 |
> |
| 60 |
|
| 61 |
Yeah, I was thinking of putting up a gkeys spec-check report, but we |
| 62 |
were (unsuccessfully) trying to get more wiki pages help done on how to |
| 63 |
fix those issues reported. Before we did such a report. Also I need |
| 64 |
to make another release, currently gkeys-9999 and gkeys-gen-999 is the |
| 65 |
best option with the most fixes, best functionality. Hopefully I'll |
| 66 |
get those release this weekend. |
| 67 |
|
| 68 |
-- |
| 69 |
Brian Dolbec <dolsen> |
Archives