1 |
On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote: |
2 |
> 2018-07-04 21:01 GMT+03:00 Mick <michaelkintzios@×××××.com>: |
3 |
> > On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote: |
4 |
> >> 2018-07-04 11:55 GMT+03:00 Alex Thorne <lexiconifernelius@×××××.com>: |
5 |
> >> >> I use rsync and get the following for more than a day now; |
6 |
> >> >> |
7 |
> >> >> !!! Manifest verification failed: |
8 |
> >> >> OpenPGP verification failed: |
9 |
> >> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC |
10 |
> >> >> gpg: using RSA key |
11 |
> >> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 |
12 |
> >> >> gpg: Can't check signature: No public key |
13 |
> >> > |
14 |
> >> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no |
15 |
> >> > longer |
16 |
> >> > installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how |
17 |
> >> > this |
18 |
> >> > happened. Perhaps it somehow got into `emerge --depclean` and I didn't |
19 |
> >> > catch it. |
20 |
> >> |
21 |
> >> No. Gentoo maintainers just overlooked that all Gentoo signing keys |
22 |
> >> expired |
23 |
> >> on July 1, and added new openpgp-keys-gentoo into portage tree only on |
24 |
> >> July |
25 |
> >> 2. |
26 |
> >> |
27 |
> >> So, since July 1, rsync cannot verify any new portage tree and cannot |
28 |
> >> download app-crypt/openpgp-keys-gentoo-release-20180702 |
29 |
> >> |
30 |
> >> It was discovered in the thread |
31 |
> >> "All Gentoo signing key expired and no way to fix it" |
32 |
> > |
33 |
> > Is there a documented manual workaround we could follow at present, |
34 |
> > irrespective of our sync'ing mechanism of choice? |
35 |
> |
36 |
> For me, it somehow worked by manually refreshing the Gentoo signing keys by |
37 |
> executing the following two commands: |
38 |
> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys |
39 |
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys |
40 |
> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile |
41 |
> |
42 |
> But, please, note that I use emerge-webrsync to update the portage tree. |
43 |
|
44 |
Thanks gevisz, the first line to refresh keys fails, because in /var/lib/ |
45 |
gentoo/ I only have a news/ subdirectory. |
46 |
|
47 |
Interestingly, I already have app-crypt/openpgp-keys-gentoo-release installed, |
48 |
but still get 'gpg: Can't check signature: No public key' error when running |
49 |
rsync. |
50 |
|
51 |
-- |
52 |
Regards, |
53 |
Mick |