Re: [gentoo-user] All Gentoo signing key expired and no way to fix it - gentoo-user

From:	Mick <michaelkintzios@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
Date:	Tue, 03 Jul 2018 08:10:48
Message-Id:	`2232225.tjB07AdBqk@dell_xps`
In Reply to:	[gentoo-user] All Gentoo signing key expired and no way to fix it by gevisz

1

On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:

2

> Just today I have tried emerge-webrsync and got

3

> to the following endless circle:

4

>

5

> Fetching most recent snapshot ...

6

> Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo

7

> ... Fetching file portage-20180702.tar.xz.md5sum ...

8

> Fetching file portage-20180702.tar.xz.gpgsig ...

9

> Fetching file portage-20180702.tar.xz ...

10

> Checking digest ...

11

> Checking signature ...

12

> gpg: Signature made Tue Jul  3 03:51:21 2018 EEST

13

> gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250

14

> gpg: Good signature from "Gentoo Portage Snapshot Signing Key

15

> (Automated Signing Key)" [expired]

16

> gpg: Note: This key has expired!

17

> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D

18

>      Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250

19

> Fetching file portage-20180702.tar.bz2.md5sum ...

20

> Fetching file portage-20180702.tar.bz2.gpgsig ...

21

> Fetching file portage-20180702.tar.bz2 ...

22

> Checking digest ...

23

> Checking signature ...

24

> gpg: Signature made Tue Jul  3 03:51:20 2018 EEST

25

> gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250

26

> gpg: Good signature from "Gentoo Portage Snapshot Signing Key

27

> (Automated Signing Key)" [expired]

28

> gpg: Note: This key has expired!

29

> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D

30

>      Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250

31

> Fetching file portage-20180702.tar.gz.md5sum ...

32

>

33

> The following command showed that all Gentoo signing keys in my system

34

> expired:

35

>

36

> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release

37

> --with-fingerprint --list-keys

38

> /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg

39

> ---------------------------------------------------------

40

> pub   rsa4096 2014-10-03 [C] [expired: 2017-09-17]

41

>       D2DE 1DBB A0F4 3EBA 341B  97D8 8255 33CB F6CD 6C97

42

> uid           [ expired] Gentoo-keys Team <gkeys@g.o>

43

>

44

> pub   dsa1024 2004-07-20 [SC] [expired: 2018-07-01]

45

>       D99E AC73 79A8 50BC E47D  A5F2 9E64 38C8 1707 2058

46

> uid           [ expired] Gentoo Linux Release Engineering (Gentoo

47

> Linux Release Signing Key) <releng@g.o>

48

>

49

> pub   rsa4096 2011-11-25 [C] [expired: 2018-07-01]

50

>       DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D

51

> uid           [ expired] Gentoo Portage Snapshot Signing Key

52

> (Automated Signing Key)

53

>

54

> pub   rsa4096 2009-08-25 [SC] [expired: 2017-08-25]

55

>       13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910

56

> uid           [ expired] Gentoo Linux Release Engineering (Automated

57

> Weekly Release Key) <releng@g.o>

58

>

59

>

60

> Trying to renew them manually with the following commands does not help:

61

>

62

> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys

63

> 0x825533CBF6CD6C97 gpg: key 825533CBF6CD6C97: 2 signatures not checked due

64

> to missing keys gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team

65

> <gkeys@g.o>" imported

66

> gpg: no ultimately trusted keys found

67

> gpg: Total number processed: 1

68

> gpg:               imported: 1

69

> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys

70

> 0xDB6B8C1F96D8BF6D gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due

71

> to missing keys gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage

72

> Snapshot Signing Key (Automated Signing Key)" imported

73

> gpg: no ultimately trusted keys found

74

> gpg: Total number processed: 1

75

> gpg:               imported: 1

76

> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys

77

> 0x9E6438C817072058 gpg: key 9E6438C817072058: 83 signatures not checked due

78

> to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release

79

> Engineering (Gentoo Linux Release Signing Key) <releng@g.o>"

80

> imported

81

> gpg: no ultimately trusted keys found

82

> gpg: Total number processed: 1

83

> gpg:               imported: 1

84

> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys

85

> 0xBB572E0E2D182910 gpg: key BB572E0E2D182910: 10 signatures not checked due

86

> to missing keys gpg: key BB572E0E2D182910: 1 bad signature

87

> gpg: key BB572E0E2D182910: public key "Gentoo Linux Release

88

> Engineering (Automated Weekly Release Key) <releng@g.o>"

89

> imported

90

> gpg: no ultimately trusted keys found

91

> gpg: Total number processed: 1

92

> gpg:               imported: 1

93

>

94

> Here

95

> https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files

96

> has been said the following:

97

>

98

> If any of the keys installed from app-crypt/gentoo-keys should expire,

99

> run gkeys from app-crypt/gkeys to refresh them from the key server:

100

> root #emerge --ask app-crypt/gkeys

101

> root #gkeys refresh-key -C gentoo

102

>

103

> but gkeys are not stable in my architeture as it follows from the following:

104

>

105

> $ eix gkeys

106

> * app-crypt/gkeys

107

>      Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7

108

> python3_4 python3_5 python3_6"}

109

>      Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys

110

>      Description:         An OpenPGP/GPG key management tool and python libs

111

>

112

> * app-crypt/gkeys-gen

113

>      Available versions:  ~0.2 **9999 {PYTHON_TARGETS="python2_7

114

> python3_4 python3_5 python3_6"}

115

>      Homepage:            https://wiki.gentoo.org/wiki/Project:Gentoo-keys

116

>      Description:         Tool for generating OpenPGP/GPG keys using a

117

> specifications file

118

119

This package update came up yesterday:

120

121

app-crypt/openpgp-keys-gentoo-release-20180702

122

123

which as I understand will update the portage keys accordingly but I don't use 

124

webrsync to know if it applies the same way.

125

--

126

Regards,

127

Mick

Gentoo Archives: gentoo-user

Attachments

Replies

1	On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:
2	> Just today I have tried emerge-webrsync and got
3	> to the following endless circle:
4	>
5	> Fetching most recent snapshot ...
6	> Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo
7	> ... Fetching file portage-20180702.tar.xz.md5sum ...
8	> Fetching file portage-20180702.tar.xz.gpgsig ...
9	> Fetching file portage-20180702.tar.xz ...
10	> Checking digest ...
11	> Checking signature ...
12	> gpg: Signature made Tue Jul 3 03:51:21 2018 EEST
13	> gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
14	> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
15	> (Automated Signing Key)" [expired]
16	> gpg: Note: This key has expired!
17	> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
18	> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
19	> Fetching file portage-20180702.tar.bz2.md5sum ...
20	> Fetching file portage-20180702.tar.bz2.gpgsig ...
21	> Fetching file portage-20180702.tar.bz2 ...
22	> Checking digest ...
23	> Checking signature ...
24	> gpg: Signature made Tue Jul 3 03:51:20 2018 EEST
25	> gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
26	> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
27	> (Automated Signing Key)" [expired]
28	> gpg: Note: This key has expired!
29	> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
30	> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
31	> Fetching file portage-20180702.tar.gz.md5sum ...
32	>
33	> The following command showed that all Gentoo signing keys in my system
34	> expired:
35	>
36	> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
37	> --with-fingerprint --list-keys
38	> /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
39	> ---------------------------------------------------------
40	> pub rsa4096 2014-10-03 [C] [expired: 2017-09-17]
41	> D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
42	> uid [ expired] Gentoo-keys Team <gkeys@g.o>
43	>
44	> pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
45	> D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
46	> uid [ expired] Gentoo Linux Release Engineering (Gentoo
47	> Linux Release Signing Key) <releng@g.o>
48	>
49	> pub rsa4096 2011-11-25 [C] [expired: 2018-07-01]
50	> DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
51	> uid [ expired] Gentoo Portage Snapshot Signing Key
52	> (Automated Signing Key)
53	>
54	> pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
55	> 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
56	> uid [ expired] Gentoo Linux Release Engineering (Automated
57	> Weekly Release Key) <releng@g.o>
58	>
59	>
60	> Trying to renew them manually with the following commands does not help:
61	>
62	> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
63	> 0x825533CBF6CD6C97 gpg: key 825533CBF6CD6C97: 2 signatures not checked due
64	> to missing keys gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
65	> <gkeys@g.o>" imported
66	> gpg: no ultimately trusted keys found
67	> gpg: Total number processed: 1
68	> gpg: imported: 1
69	> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
70	> 0xDB6B8C1F96D8BF6D gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due
71	> to missing keys gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage
72	> Snapshot Signing Key (Automated Signing Key)" imported
73	> gpg: no ultimately trusted keys found
74	> gpg: Total number processed: 1
75	> gpg: imported: 1
76	> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
77	> 0x9E6438C817072058 gpg: key 9E6438C817072058: 83 signatures not checked due
78	> to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release
79	> Engineering (Gentoo Linux Release Signing Key) <releng@g.o>"
80	> imported
81	> gpg: no ultimately trusted keys found
82	> gpg: Total number processed: 1
83	> gpg: imported: 1
84	> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
85	> 0xBB572E0E2D182910 gpg: key BB572E0E2D182910: 10 signatures not checked due
86	> to missing keys gpg: key BB572E0E2D182910: 1 bad signature
87	> gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
88	> Engineering (Automated Weekly Release Key) <releng@g.o>"
89	> imported
90	> gpg: no ultimately trusted keys found
91	> gpg: Total number processed: 1
92	> gpg: imported: 1
93	>
94	> Here
95	> https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
96	> has been said the following:
97	>
98	> If any of the keys installed from app-crypt/gentoo-keys should expire,
99	> run gkeys from app-crypt/gkeys to refresh them from the key server:
100	> root #emerge --ask app-crypt/gkeys
101	> root #gkeys refresh-key -C gentoo
102	>
103	> but gkeys are not stable in my architeture as it follows from the following:
104	>
105	> $ eix gkeys
106	> * app-crypt/gkeys
107	> Available versions: ~0.2 **9999 {PYTHON_TARGETS="python2_7
108	> python3_4 python3_5 python3_6"}
109	> Homepage: https://wiki.gentoo.org/wiki/Project:Gentoo-keys
110	> Description: An OpenPGP/GPG key management tool and python libs
111	>
112	> * app-crypt/gkeys-gen
113	> Available versions: ~0.2 **9999 {PYTHON_TARGETS="python2_7
114	> python3_4 python3_5 python3_6"}
115	> Homepage: https://wiki.gentoo.org/wiki/Project:Gentoo-keys
116	> Description: Tool for generating OpenPGP/GPG keys using a
117	> specifications file
118
119	This package update came up yesterday:
120
121	app-crypt/openpgp-keys-gentoo-release-20180702
122
123	which as I understand will update the portage keys accordingly but I don't use
124	webrsync to know if it applies the same way.
125	--
126	Regards,
127	Mick