| 1 |
On 12/14/2015 04:00 AM, Brian Dolbec wrote: |
| 2 |
> On Sun, 13 Dec 2015 22:20:01 +0300 |
| 3 |
> Andrew Savchenko <bircoph@g.o> wrote: |
| 4 |
> |
| 5 |
>> Hi, |
| 6 |
>> |
| 7 |
>> On Sun, 13 Dec 2015 18:36:51 +0100 Patrick Lauer wrote: |
| 8 |
>>> Oh hey. We're in the future. Let's try to commit something to |
| 9 |
>>> repo/gentoo.git! |
| 10 |
>>> |
| 11 |
>>> So apparently we're signing things with gpg now, so let's read the |
| 12 |
>>> official documentation. |
| 13 |
>>> The [1] wiki seems to be the canonical location for such things. |
| 14 |
> ... |
| 15 |
> |
| 16 |
>>> Since signing is mandatory since the git migration, ahem, this means |
| 17 |
>>> that no one in the last 5 months(!) actually followed the |
| 18 |
>>> documentation (because that does NOT work!). I'm almost impressed, |
| 19 |
>>> but, wow, this is enterprisey. |
| 20 |
>> It is absolutely possible to create correct gpg key, put it into |
| 21 |
>> LDAP according to GLEP and to sign commits and pushes properly. |
| 22 |
>> What is not currently possible is to verify all tree automatically. |
| 23 |
>> |
| 24 |
>> I agree that gkeys needs more work. But we are all volunteers here. |
| 25 |
>> You may help them if you are that interested into this |
| 26 |
>> functionality. |
| 27 |
>> |
| 28 |
>> What worries me more that we still have no way for rsync users to |
| 29 |
>> verify the portage tree (or Gentoo tree in the newspeak someone |
| 30 |
>> prefers here). And most users use rsync. |
| 31 |
>> |
| 32 |
>>> So, what can we do to make this whole story of 'commit (and push) to |
| 33 |
>>> repo/gentoo.git' make sense? And why do I appear to be the only one |
| 34 |
>>> to notice this chain of breakage?! |
| 35 |
>> We need to complete gkeys project, right? That's not all of the |
| 36 |
>> story, but a start. So send patches :) As for the full story, we |
| 37 |
>> still need to somehow verify rsync tree. For now only snapshots are |
| 38 |
>> verified. |
| 39 |
>> |
| 40 |
>> Best regards, |
| 41 |
>> Andrew Savchenko |
| 42 |
> Thank you Andrew. |
| 43 |
> |
| 44 |
> Let me first say, that while I am leading the gentoo-keys project. I |
| 45 |
> have not been doing much with making progress to get another release |
| 46 |
> out. My time is mostly taken up by full time work, add some health |
| 47 |
> issues (not serious), plus with coding full time now (it was just a |
| 48 |
> hobby before). I am finding it difficult to switch codebases to keep |
| 49 |
> development going in a non work project. There is a certain amount of |
| 50 |
> time needed to get back into the code to make any significant progress. |
| 51 |
> |
| 52 |
> But, one of the biggest things keeping me from doing more work on it |
| 53 |
> when I do have some time, is the fact that barely any of the devs seem |
| 54 |
> to care (other than the OP, who just seems to bitch about everything |
| 55 |
> not working for him). Since the GLEP 63 spec has been approved. |
| 56 |
> Barely any of the gentoo developers have even tried to update their gpg |
| 57 |
> key or generate a new one that does meet the spec. For that reason, I |
| 58 |
> have not endeavored to get more done in it. I've been trying to |
| 59 |
> keep the gentoo-devs seed file reasonably up to date, but since there |
| 60 |
> are few devs actually fixing or generating new keys, it is not needed |
| 61 |
> that often. In fact weeks go by before there is a change in LDAP in |
| 62 |
> regards to gpg keys. |
| 63 |
> |
| 64 |
> As Andrew pointed out in another reply, there is a fairly decent |
| 65 |
> document about generating new gpg keys either directly using gpg or |
| 66 |
> using gkeys-gen (gkeys-gen-9999) has the most troublesome bugs fixed in |
| 67 |
> it btw). |
| 68 |
> |
| 69 |
> But lets get back to the OP's gpg keys. |
| 70 |
> |
| 71 |
> dolsen@vulture /var/lib/gkeys $ gkeys spec-check -C gentoo-devs -n patrick |
| 72 |
> |
| 73 |
> Checking keys... |
| 74 |
> |
| 75 |
> |
| 76 |
> patrick, Patrick Lauer: 0x10F17899A28441CC, 0xA8447784E52864CE |
| 77 |
> ============================================== |
| 78 |
> |
| 79 |
> ---------- |
| 80 |
> Fingerprint......: 0A0901B8F018D5D6A4A31A4410F17899A28441CC |
| 81 |
> Key type ........: PUB Capabilities.: sc |
| 82 |
> Algorithm........: Pass Bit Length...: Fail |
| 83 |
> Create Date......: Pass Expire Date..: Pass |
| 84 |
> Key Version......: Pass Validity.....: e, Expired |
| 85 |
> Days till expiry.: 0 |
| 86 |
> Capability.......: Pass |
| 87 |
> Qualified ID.....: Fail <== '@gentoo.org' user id not found |
| 88 |
> This primary key.: Fail |
| 89 |
> |
| 90 |
> ---------- |
| 91 |
> Fingerprint......: 043F1AB5B35382E666BDBEA4058F9332F0BAE0B1 |
| 92 |
> Key type ........: SUB Capabilities.: e |
| 93 |
> Algorithm........: ---- Bit Length...: ---- |
| 94 |
> Create Date......: Pass Expire Date..: Pass |
| 95 |
> Key Version......: Pass Validity.....: e, Expired |
| 96 |
> Days till expiry.: 0 |
| 97 |
> Capability.......: Pass |
| 98 |
> Qualified ID.....: Fail <== '@gentoo.org' user id not found |
| 99 |
> This subkey......: Fail |
| 100 |
> |
| 101 |
> Key summary |
| 102 |
> primary..........: Fail signing subkey: Fail |
| 103 |
> encryption subkey: No authentication subkey: No |
| 104 |
> SPEC requirements: Fail |
| 105 |
> |
| 106 |
> |
| 107 |
> ---------- |
| 108 |
> Fingerprint......: F941D86BAA0D851BFE411493A8447784E52864CE |
| 109 |
> Key type ........: PUB Capabilities.: scaESCA |
| 110 |
> Algorithm........: Pass Bit Length...: Fail |
| 111 |
> Create Date......: Pass Expire Date..: Fail |
| 112 |
> Key Version......: Pass Validity.....: -, Unknown |
| 113 |
> Days till expiry.: infinite <== Exceeds specification |
| 114 |
> Capability.......: Pass |
| 115 |
> Qualified ID.....: Pass |
| 116 |
> This primary key.: Fail |
| 117 |
> |
| 118 |
> ---------- |
| 119 |
> Fingerprint......: 8FE9C051CD0859ED2E03274104711EEBFBF3D64A |
| 120 |
> Key type ........: SUB Capabilities.: e encrypt |
| 121 |
> Algorithm........: ---- Bit Length...: ---- |
| 122 |
> Create Date......: Pass Expire Date..: Fail |
| 123 |
> Key Version......: Pass Validity.....: -, Unknown |
| 124 |
> Days till expiry.: infinite <== Exceeds specification |
| 125 |
> Capability.......: Pass |
| 126 |
> Qualified ID.....: Pass |
| 127 |
> This subkey......: Fail |
| 128 |
> |
| 129 |
> Key summary |
| 130 |
> primary..........: Fail signing subkey: Fail |
| 131 |
> encryption subkey: Yes authentication subkey: No |
| 132 |
> SPEC requirements: Fail |
| 133 |
> |
| 134 |
> |
| 135 |
> |
| 136 |
> No signing capable subkey: |
| 137 |
> Patrick Lauer <patrick>: 0A0901B8F018D5D6A4A31A4410F17899A28441CC |
| 138 |
> Patrick Lauer <patrick>: F941D86BAA0D851BFE411493A8447784E52864CE |
| 139 |
> |
| 140 |
> |
| 141 |
> No Encryption capable subkey (Notice only): |
| 142 |
> Patrick Lauer <patrick>: 0A0901B8F018D5D6A4A31A4410F17899A28441CC |
| 143 |
> |
| 144 |
> |
| 145 |
> Incorrect bit length: |
| 146 |
> Patrick Lauer <patrick>: 0A0901B8F018D5D6A4A31A4410F17899A28441CC |
| 147 |
> Patrick Lauer <patrick>: F941D86BAA0D851BFE411493A8447784E52864CE |
| 148 |
> |
| 149 |
> |
| 150 |
> Expiry keys: |
| 151 |
> Patrick Lauer <patrick>: 8FE9C051CD0859ED2E03274104711EEBFBF3D64A |
| 152 |
> Patrick Lauer <patrick>: F941D86BAA0D851BFE411493A8447784E52864CE |
| 153 |
> |
| 154 |
> |
| 155 |
> Failed to pass SPEC requirements: |
| 156 |
> Patrick Lauer <patrick>: 0A0901B8F018D5D6A4A31A4410F17899A28441CC |
| 157 |
> Patrick Lauer <patrick>: F941D86BAA0D851BFE411493A8447784E52864CE |
| 158 |
> |
| 159 |
> |
| 160 |
> Gkey task results: |
| 161 |
> |
| 162 |
> Found Failures: |
| 163 |
> ------- |
| 164 |
> Revoked................: 0 |
| 165 |
> Invalid................: 0 |
| 166 |
> No Signing subkey......: 2 |
| 167 |
> No Encryption subkey...: 1 |
| 168 |
> Algorithm..............: 0 |
| 169 |
> Bit length.............: 2 |
| 170 |
> Expiry.................: 2 |
| 171 |
> Expiry Warnings........: 0 |
| 172 |
> SPEC requirements......: 2 |
| 173 |
> ============================= |
| 174 |
> SPEC Approved..........: 0 |
| 175 |
> |
| 176 |
> dolsen@vulture /var/lib/gkeys $ |
| 177 |
> |
| 178 |
> |
| 179 |
> Like so many of the dev's gpg keys, they can not ever meet the new spec |
| 180 |
> because the bit length of the keys are unsatisfactory and proven to be |
| 181 |
> crackable. Of which, both of his 2 registered (in LDAP) gpg keys are |
| 182 |
> still the insecure type. At least his first one is now expired, but he |
| 183 |
> has not attempted to remove it from LDAP, hmm... |
| 184 |
> |
| 185 |
> Since he has in the past generated gpg keys on 2 separate occasions, |
| 186 |
> You would think he should be able to generate a new gpg key that does |
| 187 |
> meet the GLEP 63 spec. But we have not seen any change in gpg keys |
| 188 |
> nor had requests for help. Just complaints. I'm sorry, but I'm not |
| 189 |
> volunteering my time to things in Gentoo just because I want to please |
| 190 |
> someone that lately just seems to bitch and moan about things not being |
| 191 |
> a single button or keypress fixable for him. |
| 192 |
> |
| 193 |
> We have offered help to devs many times in the past, but few have taken |
| 194 |
> us up on it and fixed or generated a new gpg key. It has been my |
| 195 |
> contention these past few months that the only way to get devs to fix |
| 196 |
> their gpg keys or generate new ones will be to enforce GLEP 63 approved |
| 197 |
> gpg keys for commit access. I know, that will almost completely |
| 198 |
> stall out progress in the gentoo tree for a while. But it seems that |
| 199 |
> is the only way many people will get off their ass and finally do |
| 200 |
> something about it. |
| 201 |
> |
| 202 |
> |
| 203 |
> As for gkeys integration into portage to be able to verify the |
| 204 |
> manifests. It was not difficult, I had preliminary code working in it |
| 205 |
> in just a few days for both portage and pkgcore. It would use gkeys to |
| 206 |
> do the verification since it controlled the gpg key directories and |
| 207 |
> keyrings. Both Zac and Tim said the tie ins should be done a little |
| 208 |
> differently, but I still had code that did the job. I have a gpg |
| 209 |
> wrapper script that git can be configured to use instead of gpg |
| 210 |
> directly. That way it can use the gkeys keyring system. GPG still |
| 211 |
> does the verification work, gkeys just controls the keyrings it sees) |
| 212 |
> One of the things preventing it from mainstream was properly wrapping |
| 213 |
> only the verify, but re-spawn ggp to do any signing (signed commits) |
| 214 |
> without interference from any of gkeys. I believe I have that done |
| 215 |
> now, but it has not been through enough testing to go into a release. |
| 216 |
> It is very close I think. So volunteers please emerge gkeys-9999 and |
| 217 |
> test the gkeys-gpg script and libs. I need to finish up a few more |
| 218 |
> re-writes of a few more maintenance actions to follow the rest of the |
| 219 |
> code changes Pavlos did as part of his GSOC project work. It should |
| 220 |
> then be ready for another release. There have been some changes in the |
| 221 |
> newest versions of gpg that I have been coming across. I am updating |
| 222 |
> pyGPG to handle them as I discover them. So if anyone testing the live |
| 223 |
> version find one, please report it with the traceback so we can update |
| 224 |
> the code for it. |
| 225 |
> |
| 226 |
> Sorry in advance for spouting off some, but I found Patrick's original |
| 227 |
> post in this thread quite offensive. After all a first release of |
| 228 |
> gkeys-0.1 of a new developing code base had some bugs once tested on a |
| 229 |
> wider machine and user base. Oh my, that has never happened before in |
| 230 |
> the history of computing!!!! |
| 231 |
> |
| 232 |
> Patrick, I think it's time you put up or shut up. Bringing up |
| 233 |
> shortcomings or other things that need attention is useful, but your |
| 234 |
> near constant bitching is quite tiresome. You could start by fixing |
| 235 |
> your own gpg key situation. If you don't find adequate documentation |
| 236 |
> to do it, then create a some that does meets your satisfaction. |
| 237 |
> |
| 238 |
> |
| 239 |
Ok then. |
| 240 |
|
| 241 |
|
| 242 |
Why. |
| 243 |
|
| 244 |
|
| 245 |
WHYYYY |
| 246 |
|
| 247 |
|
| 248 |
Why does the official documentation point me at gkeys-gen, which doesn't |
| 249 |
work |
| 250 |
|
| 251 |
|
| 252 |
|
| 253 |
On a wiki that's horribly broken |
| 254 |
|
| 255 |
|
| 256 |
gkeys-gen, which has known showstopper-bugs for a year |
| 257 |
|
| 258 |
|
| 259 |
|
| 260 |
|
| 261 |
Like seriously, every time I try to approach this set of problems I run |
| 262 |
into enough stupidity that it takes me about a week until I even want to |
| 263 |
try again. |
| 264 |
|
| 265 |
|
| 266 |
|
| 267 |
Yes of course I could read a few different bits of documentation and |
| 268 |
make educated guesses. But why do we have documentation then when it's |
| 269 |
not adequate, and why do we have a helper tool when it doesn't work? |
| 270 |
|
| 271 |
|
| 272 |
... and now I walk away for another week, in the hope that things maybe |
| 273 |
are saner then. Just to find even more bugs, I expect, but no one uses |
| 274 |
the documentation anyway, so it doesn't matter, and why am I even |
| 275 |
bothering to reply to this insanity. |
Archives