| 1 |
On Sun, 1 Jan 2017 16:31:27 +0300 |
| 2 |
Andrew Savchenko <bircoph@g.o> wrote: |
| 3 |
|
| 4 |
> Hi, |
| 5 |
> |
| 6 |
> On Sun, 1 Jan 2017 18:12:23 +0700 (+07) grozin@g.o wrote: |
| 7 |
> > Happy new year to *, |
| 8 |
> > |
| 9 |
> > Yesterday I've changed expiration dates of my gpg key and its |
| 10 |
> > subkeys. And today I cannot push to Gentoo repo: |
| 11 |
> > |
| 12 |
> > remote: Signature found, but from unknown key (see push-cert) |
| 13 |
> > remote: Your push was not signed with a known key. |
| 14 |
> > remote: You MUST use git push --signed with a known key. |
| 15 |
> > remote: If you just updated your key, please wait 15 minutes for |
| 16 |
> > sync. remote: git-receive-pack variables: |
| 17 |
> > remote: GIT_PUSH_CERT='ef16430106a13fa3758d2211100be5b9f2bd88d8' |
| 18 |
> > remote: GIT_PUSH_CERT_KEY='' |
| 19 |
> > remote: GIT_PUSH_CERT_NONCE='1483268914-e0cd9c07e06304c00a64' |
| 20 |
> > remote: GIT_PUSH_CERT_NONCE_SLOP='' |
| 21 |
> > remote: GIT_PUSH_CERT_NONCE_STATUS='OK' |
| 22 |
> > remote: GIT_PUSH_CERT_SIGNER='' |
| 23 |
> > remote: GIT_PUSH_CERT_STATUS='N' |
| 24 |
> > remote: A push-cert was found, and follows: |
| 25 |
> > remote: ===== |
| 26 |
> > remote: certificate version 0.1 |
| 27 |
> > remote: pusher 0x3AFFCE974D34BD8C 1483268914 +0700 |
| 28 |
> |
| 29 |
> Looks like git hook is still using your old key. You should wait |
| 30 |
> for a day or so in order for your change to propagate through |
| 31 |
> servers. It this doesn't help, you should probably contact infra to |
| 32 |
> update your key. |
| 33 |
> |
| 34 |
> Best regards, |
| 35 |
> Andrew Savchenko |
| 36 |
|
| 37 |
No, infra has it refreshing keys several times an hour. |
| 38 |
|
| 39 |
I just dig another gkeys run and refreshed the keys from the servers. |
| 40 |
|
| 41 |
You did not reset the expiry on your signing subkey. See the following |
| 42 |
reports which show the details. After you reset it and gpg --send-key |
| 43 |
it to the keyservers again. It can take a few hours for it to |
| 44 |
propagate and to be able to push to the gentoo repo again. |
| 45 |
|
| 46 |
=================================================== |
| 47 |
|
| 48 |
dolsen@vulture /var/lib/gkeys $ |
| 49 |
python3.4 /var/lib/gkeys/gentoo-keys/gkeys/bin/gkeys |
| 50 |
-c /var/lib/gkeys/gkeys.conf list-key -C gentoo-devs -n grozin |
| 51 |
|
| 52 |
Nick.....: grozin |
| 53 |
Name.....: Andrey Grozin |
| 54 |
Keydir...: grozin |
| 55 |
Gpg info.: /var/lib/gkeys/keyrings/gentoo-devs/grozin/pubring.gpg |
| 56 |
------------------------------------------------------ |
| 57 |
pub rsa4096/53D4ABFA88DD61C4 2013-02-26 [SC] [expires: |
| 58 |
2017-12-24] Key fingerprint = 6FCC 83E2 6D94 FB05 4B76 1016 53D4 ABFA |
| 59 |
88DD 61C4 uid [ unknown] Andrey Grozin (science) |
| 60 |
<grozin@g.o> sub rsa4096/34966948B00C83E6 2013-02-26 [E] |
| 61 |
[expires: 2017-12-24] |
| 62 |
|
| 63 |
|
| 64 |
Gkey task results: |
| 65 |
Done. |
| 66 |
|
| 67 |
dolsen@vulture /var/lib/gkeys $ |
| 68 |
python3.4 /var/lib/gkeys/gentoo-keys/gkeys/bin/gkeys |
| 69 |
-c /var/lib/gkeys/gkeys.conf spec-check -C gentoo-devs -n grozin |
| 70 |
|
| 71 |
Checking keys... |
| 72 |
|
| 73 |
|
| 74 |
grozin, Andrey Grozin: 0x53D4ABFA88DD61C4 |
| 75 |
============================================== |
| 76 |
|
| 77 |
---------- |
| 78 |
Fingerprint......: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
| 79 |
Key type ........: PUB Capabilities.: scESC |
| 80 |
Algorithm........: Pass Bit Length...: Pass |
| 81 |
Create Date......: Pass Expire Date..: Pass |
| 82 |
Key Version......: Pass Validity.....: -, Unknown |
| 83 |
Days till expiry.: 356 |
| 84 |
Capability.......: Pass |
| 85 |
Qualified ID.....: Pass |
| 86 |
This primary key.: Pass |
| 87 |
|
| 88 |
---------- |
| 89 |
Fingerprint......: 902F154026C4AD5055486D0234966948B00C83E6 |
| 90 |
Key type ........: SUB Capabilities.: e encrypt |
| 91 |
Algorithm........: ---- Bit Length...: ---- |
| 92 |
Create Date......: Pass Expire Date..: Pass |
| 93 |
Key Version......: Pass Validity.....: -, Unknown |
| 94 |
Days till expiry.: 356 |
| 95 |
Capability.......: Pass |
| 96 |
Qualified ID.....: Pass |
| 97 |
This subkey......: Pass |
| 98 |
|
| 99 |
---------- |
| 100 |
Fingerprint......: 08C4EDF669C5A630FE7DEB943AFFCE974D34BD8C |
| 101 |
Key type ........: SUB Capabilities.: s |
| 102 |
Algorithm........: Pass Bit Length...: Pass |
| 103 |
Create Date......: Pass Expire Date..: Pass |
| 104 |
Key Version......: Pass Validity.....: e, Expired |
| 105 |
Days till expiry.: 0 |
| 106 |
Capability.......: Pass |
| 107 |
Qualified ID.....: Pass |
| 108 |
This subkey......: Fail |
| 109 |
|
| 110 |
Key summary |
| 111 |
primary..........: Pass signing subkey: Fail |
| 112 |
encryption subkey: Yes authentication subkey: No |
| 113 |
SPEC requirements: Fail |
| 114 |
|
| 115 |
|
| 116 |
|
| 117 |
No signing capable subkey: |
| 118 |
Andrey Grozin <grozin>: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
| 119 |
|
| 120 |
|
| 121 |
Failed to pass SPEC requirements: |
| 122 |
Andrey Grozin <grozin>: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
| 123 |
|
| 124 |
|
| 125 |
Gkey task results: |
| 126 |
|
| 127 |
Found Failures: |
| 128 |
------- |
| 129 |
Revoked................: 0 |
| 130 |
Invalid................: 0 |
| 131 |
No Signing subkey......: 1 |
| 132 |
No Encryption subkey...: 0 |
| 133 |
Algorithm..............: 0 |
| 134 |
Bit length.............: 0 |
| 135 |
Qualified IDs..........: 0 |
| 136 |
Expiry.................: 0 |
| 137 |
Expiry Warnings........: 0 |
| 138 |
SPEC requirements......: 1 |
| 139 |
============================= |
| 140 |
SPEC Approved..........: 0 |
| 141 |
|
| 142 |
dolsen@vulture /var/lib/gkeys $ |
| 143 |
|
| 144 |
-- |
| 145 |
Brian Dolbec <dolsen> |
Archives