1 |
On Sun, 1 Jan 2017 16:31:27 +0300 |
2 |
Andrew Savchenko <bircoph@g.o> wrote: |
3 |
|
4 |
> Hi, |
5 |
> |
6 |
> On Sun, 1 Jan 2017 18:12:23 +0700 (+07) grozin@g.o wrote: |
7 |
> > Happy new year to *, |
8 |
> > |
9 |
> > Yesterday I've changed expiration dates of my gpg key and its |
10 |
> > subkeys. And today I cannot push to Gentoo repo: |
11 |
> > |
12 |
> > remote: Signature found, but from unknown key (see push-cert) |
13 |
> > remote: Your push was not signed with a known key. |
14 |
> > remote: You MUST use git push --signed with a known key. |
15 |
> > remote: If you just updated your key, please wait 15 minutes for |
16 |
> > sync. remote: git-receive-pack variables: |
17 |
> > remote: GIT_PUSH_CERT='ef16430106a13fa3758d2211100be5b9f2bd88d8' |
18 |
> > remote: GIT_PUSH_CERT_KEY='' |
19 |
> > remote: GIT_PUSH_CERT_NONCE='1483268914-e0cd9c07e06304c00a64' |
20 |
> > remote: GIT_PUSH_CERT_NONCE_SLOP='' |
21 |
> > remote: GIT_PUSH_CERT_NONCE_STATUS='OK' |
22 |
> > remote: GIT_PUSH_CERT_SIGNER='' |
23 |
> > remote: GIT_PUSH_CERT_STATUS='N' |
24 |
> > remote: A push-cert was found, and follows: |
25 |
> > remote: ===== |
26 |
> > remote: certificate version 0.1 |
27 |
> > remote: pusher 0x3AFFCE974D34BD8C 1483268914 +0700 |
28 |
> |
29 |
> Looks like git hook is still using your old key. You should wait |
30 |
> for a day or so in order for your change to propagate through |
31 |
> servers. It this doesn't help, you should probably contact infra to |
32 |
> update your key. |
33 |
> |
34 |
> Best regards, |
35 |
> Andrew Savchenko |
36 |
|
37 |
No, infra has it refreshing keys several times an hour. |
38 |
|
39 |
I just dig another gkeys run and refreshed the keys from the servers. |
40 |
|
41 |
You did not reset the expiry on your signing subkey. See the following |
42 |
reports which show the details. After you reset it and gpg --send-key |
43 |
it to the keyservers again. It can take a few hours for it to |
44 |
propagate and to be able to push to the gentoo repo again. |
45 |
|
46 |
=================================================== |
47 |
|
48 |
dolsen@vulture /var/lib/gkeys $ |
49 |
python3.4 /var/lib/gkeys/gentoo-keys/gkeys/bin/gkeys |
50 |
-c /var/lib/gkeys/gkeys.conf list-key -C gentoo-devs -n grozin |
51 |
|
52 |
Nick.....: grozin |
53 |
Name.....: Andrey Grozin |
54 |
Keydir...: grozin |
55 |
Gpg info.: /var/lib/gkeys/keyrings/gentoo-devs/grozin/pubring.gpg |
56 |
------------------------------------------------------ |
57 |
pub rsa4096/53D4ABFA88DD61C4 2013-02-26 [SC] [expires: |
58 |
2017-12-24] Key fingerprint = 6FCC 83E2 6D94 FB05 4B76 1016 53D4 ABFA |
59 |
88DD 61C4 uid [ unknown] Andrey Grozin (science) |
60 |
<grozin@g.o> sub rsa4096/34966948B00C83E6 2013-02-26 [E] |
61 |
[expires: 2017-12-24] |
62 |
|
63 |
|
64 |
Gkey task results: |
65 |
Done. |
66 |
|
67 |
dolsen@vulture /var/lib/gkeys $ |
68 |
python3.4 /var/lib/gkeys/gentoo-keys/gkeys/bin/gkeys |
69 |
-c /var/lib/gkeys/gkeys.conf spec-check -C gentoo-devs -n grozin |
70 |
|
71 |
Checking keys... |
72 |
|
73 |
|
74 |
grozin, Andrey Grozin: 0x53D4ABFA88DD61C4 |
75 |
============================================== |
76 |
|
77 |
---------- |
78 |
Fingerprint......: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
79 |
Key type ........: PUB Capabilities.: scESC |
80 |
Algorithm........: Pass Bit Length...: Pass |
81 |
Create Date......: Pass Expire Date..: Pass |
82 |
Key Version......: Pass Validity.....: -, Unknown |
83 |
Days till expiry.: 356 |
84 |
Capability.......: Pass |
85 |
Qualified ID.....: Pass |
86 |
This primary key.: Pass |
87 |
|
88 |
---------- |
89 |
Fingerprint......: 902F154026C4AD5055486D0234966948B00C83E6 |
90 |
Key type ........: SUB Capabilities.: e encrypt |
91 |
Algorithm........: ---- Bit Length...: ---- |
92 |
Create Date......: Pass Expire Date..: Pass |
93 |
Key Version......: Pass Validity.....: -, Unknown |
94 |
Days till expiry.: 356 |
95 |
Capability.......: Pass |
96 |
Qualified ID.....: Pass |
97 |
This subkey......: Pass |
98 |
|
99 |
---------- |
100 |
Fingerprint......: 08C4EDF669C5A630FE7DEB943AFFCE974D34BD8C |
101 |
Key type ........: SUB Capabilities.: s |
102 |
Algorithm........: Pass Bit Length...: Pass |
103 |
Create Date......: Pass Expire Date..: Pass |
104 |
Key Version......: Pass Validity.....: e, Expired |
105 |
Days till expiry.: 0 |
106 |
Capability.......: Pass |
107 |
Qualified ID.....: Pass |
108 |
This subkey......: Fail |
109 |
|
110 |
Key summary |
111 |
primary..........: Pass signing subkey: Fail |
112 |
encryption subkey: Yes authentication subkey: No |
113 |
SPEC requirements: Fail |
114 |
|
115 |
|
116 |
|
117 |
No signing capable subkey: |
118 |
Andrey Grozin <grozin>: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
119 |
|
120 |
|
121 |
Failed to pass SPEC requirements: |
122 |
Andrey Grozin <grozin>: 6FCC83E26D94FB054B76101653D4ABFA88DD61C4 |
123 |
|
124 |
|
125 |
Gkey task results: |
126 |
|
127 |
Found Failures: |
128 |
------- |
129 |
Revoked................: 0 |
130 |
Invalid................: 0 |
131 |
No Signing subkey......: 1 |
132 |
No Encryption subkey...: 0 |
133 |
Algorithm..............: 0 |
134 |
Bit length.............: 0 |
135 |
Qualified IDs..........: 0 |
136 |
Expiry.................: 0 |
137 |
Expiry Warnings........: 0 |
138 |
SPEC requirements......: 1 |
139 |
============================= |
140 |
SPEC Approved..........: 0 |
141 |
|
142 |
dolsen@vulture /var/lib/gkeys $ |
143 |
|
144 |
-- |
145 |
Brian Dolbec <dolsen> |