| 1 |
Just today I have tried emerge-webrsync and got |
| 2 |
to the following endless circle: |
| 3 |
|
| 4 |
Fetching most recent snapshot ... |
| 5 |
Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo ... |
| 6 |
Fetching file portage-20180702.tar.xz.md5sum ... |
| 7 |
Fetching file portage-20180702.tar.xz.gpgsig ... |
| 8 |
Fetching file portage-20180702.tar.xz ... |
| 9 |
Checking digest ... |
| 10 |
Checking signature ... |
| 11 |
gpg: Signature made Tue Jul 3 03:51:21 2018 EEST |
| 12 |
gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 |
| 13 |
gpg: Good signature from "Gentoo Portage Snapshot Signing Key |
| 14 |
(Automated Signing Key)" [expired] |
| 15 |
gpg: Note: This key has expired! |
| 16 |
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D |
| 17 |
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 |
| 18 |
Fetching file portage-20180702.tar.bz2.md5sum ... |
| 19 |
Fetching file portage-20180702.tar.bz2.gpgsig ... |
| 20 |
Fetching file portage-20180702.tar.bz2 ... |
| 21 |
Checking digest ... |
| 22 |
Checking signature ... |
| 23 |
gpg: Signature made Tue Jul 3 03:51:20 2018 EEST |
| 24 |
gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 |
| 25 |
gpg: Good signature from "Gentoo Portage Snapshot Signing Key |
| 26 |
(Automated Signing Key)" [expired] |
| 27 |
gpg: Note: This key has expired! |
| 28 |
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D |
| 29 |
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 |
| 30 |
Fetching file portage-20180702.tar.gz.md5sum ... |
| 31 |
|
| 32 |
The following command showed that all Gentoo signing keys in my system expired: |
| 33 |
|
| 34 |
# gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release |
| 35 |
--with-fingerprint --list-keys |
| 36 |
/var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg |
| 37 |
--------------------------------------------------------- |
| 38 |
pub rsa4096 2014-10-03 [C] [expired: 2017-09-17] |
| 39 |
D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97 |
| 40 |
uid [ expired] Gentoo-keys Team <gkeys@g.o> |
| 41 |
|
| 42 |
pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01] |
| 43 |
D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058 |
| 44 |
uid [ expired] Gentoo Linux Release Engineering (Gentoo |
| 45 |
Linux Release Signing Key) <releng@g.o> |
| 46 |
|
| 47 |
pub rsa4096 2011-11-25 [C] [expired: 2018-07-01] |
| 48 |
DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D |
| 49 |
uid [ expired] Gentoo Portage Snapshot Signing Key |
| 50 |
(Automated Signing Key) |
| 51 |
|
| 52 |
pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25] |
| 53 |
13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 |
| 54 |
uid [ expired] Gentoo Linux Release Engineering (Automated |
| 55 |
Weekly Release Key) <releng@g.o> |
| 56 |
|
| 57 |
|
| 58 |
Trying to renew them manually with the following commands does not help: |
| 59 |
|
| 60 |
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x825533CBF6CD6C97 |
| 61 |
gpg: key 825533CBF6CD6C97: 2 signatures not checked due to missing keys |
| 62 |
gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team |
| 63 |
<gkeys@g.o>" imported |
| 64 |
gpg: no ultimately trusted keys found |
| 65 |
gpg: Total number processed: 1 |
| 66 |
gpg: imported: 1 |
| 67 |
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D |
| 68 |
gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due to missing keys |
| 69 |
gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage Snapshot Signing |
| 70 |
Key (Automated Signing Key)" imported |
| 71 |
gpg: no ultimately trusted keys found |
| 72 |
gpg: Total number processed: 1 |
| 73 |
gpg: imported: 1 |
| 74 |
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x9E6438C817072058 |
| 75 |
gpg: key 9E6438C817072058: 83 signatures not checked due to missing keys |
| 76 |
gpg: key 9E6438C817072058: public key "Gentoo Linux Release |
| 77 |
Engineering (Gentoo Linux Release Signing Key) <releng@g.o>" |
| 78 |
imported |
| 79 |
gpg: no ultimately trusted keys found |
| 80 |
gpg: Total number processed: 1 |
| 81 |
gpg: imported: 1 |
| 82 |
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xBB572E0E2D182910 |
| 83 |
gpg: key BB572E0E2D182910: 10 signatures not checked due to missing keys |
| 84 |
gpg: key BB572E0E2D182910: 1 bad signature |
| 85 |
gpg: key BB572E0E2D182910: public key "Gentoo Linux Release |
| 86 |
Engineering (Automated Weekly Release Key) <releng@g.o>" |
| 87 |
imported |
| 88 |
gpg: no ultimately trusted keys found |
| 89 |
gpg: Total number processed: 1 |
| 90 |
gpg: imported: 1 |
| 91 |
|
| 92 |
Here https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files |
| 93 |
has been said the following: |
| 94 |
|
| 95 |
If any of the keys installed from app-crypt/gentoo-keys should expire, |
| 96 |
run gkeys from app-crypt/gkeys to refresh them from the key server: |
| 97 |
root #emerge --ask app-crypt/gkeys |
| 98 |
root #gkeys refresh-key -C gentoo |
| 99 |
|
| 100 |
but gkeys are not stable in my architeture as it follows from the following: |
| 101 |
|
| 102 |
$ eix gkeys |
| 103 |
* app-crypt/gkeys |
| 104 |
Available versions: ~0.2 **9999 {PYTHON_TARGETS="python2_7 |
| 105 |
python3_4 python3_5 python3_6"} |
| 106 |
Homepage: https://wiki.gentoo.org/wiki/Project:Gentoo-keys |
| 107 |
Description: An OpenPGP/GPG key management tool and python libs |
| 108 |
|
| 109 |
* app-crypt/gkeys-gen |
| 110 |
Available versions: ~0.2 **9999 {PYTHON_TARGETS="python2_7 |
| 111 |
python3_4 python3_5 python3_6"} |
| 112 |
Homepage: https://wiki.gentoo.org/wiki/Project:Gentoo-keys |
| 113 |
Description: Tool for generating OpenPGP/GPG keys using a |
| 114 |
specifications file |
Archives