| 1 |
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec <dolsen@g.o> wrote: |
| 2 |
> |
| 3 |
> I don't know tbh, most are already signed, with the git migration, the |
| 4 |
> strongly recommended commit signing will become MANDATORY. |
| 5 |
> |
| 6 |
> So, we are at 50 devs with valid gpg keys now, with 200 more gpg keys |
| 7 |
> listed in LDAP that fail to meet the new spec. PLEASE fix them or |
| 8 |
> create new keys... |
| 9 |
|
| 10 |
How does somebody know whether their key meets the spec or not? I |
| 11 |
looked at the gentoo-keys website and didn't see any simple way to |
| 12 |
check. |
| 13 |
|
| 14 |
There was documentation on the gkeys utility for checking keys, but I |
| 15 |
ran into a few issues with this. First, it can't be installed on a |
| 16 |
stable system with mirrorselect. |
| 17 |
|
| 18 |
On a clean ~arch stage3 when trying to run "gkeys fetch-seed -C |
| 19 |
gentoo-devs" it outputs: |
| 20 |
Connector.connect_url(); Failed to retrieve the content from: |
| 21 |
https://api.gentoo.org/gentoo-keys/seeds/gentoo-devs.seeds |
| 22 |
Error was: Invalid header value 'Wed, 15 Jul 2015 17:50:17 GMT\n' |
| 23 |
|
| 24 |
|
| 25 |
After removing the files in /var/lib/gentoo/gkeys/seeds the fetch |
| 26 |
works. However, attempting to run "gkeys install-key -C gentoo-devs" |
| 27 |
results in: |
| 28 |
Found GKEY seeds: |
| 29 |
Traceback (most recent call last): |
| 30 |
File "/usr/lib/python-exec/python2.7/gkeys", line 50, in <module> |
| 31 |
success = main() |
| 32 |
File "/usr/lib64/python2.7/site-packages/gkeys/cli.py", line 63, in __call__ |
| 33 |
return self.run(args) |
| 34 |
File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 303, in run |
| 35 |
success, results = func(args) |
| 36 |
File "/usr/lib64/python2.7/site-packages/gkeys/actions.py", line |
| 37 |
264, in installkey |
| 38 |
self.output(['', gkey], "\n Found GKEY seeds:") |
| 39 |
File "/usr/lib64/python2.7/site-packages/gkeys/base.py", line 323, |
| 40 |
in output_results |
| 41 |
print("\n".join([x.pretty_print for x in msg])) |
| 42 |
UnicodeEncodeError: 'ascii' codec can't encode character u'\u017b' in |
| 43 |
position 1233: ordinal not in range(128) |
| 44 |
|
| 45 |
|
| 46 |
It might not hurt to publish the list of keys that fail checks. If |
| 47 |
that list is going to be used to block commits then obviously it needs |
| 48 |
to be updated very frequently. I do not know if there are any plans |
| 49 |
to block commits with signatures that do not conform to the GLEP. |
| 50 |
|
| 51 |
-- |
| 52 |
Rich |
Archives