|
1
|
<davisr_> bill-auger, Where is the best place to get your latest PGP key? Getting ```error: pacman-mirrorlist: signature from "bill-auger <bill-auger@peers.community" is unknown trust```. Seems hkps://hkps.pool.sks-keyservers.net is down a lot. I used a different keyserver `pacman-key --keyserver hkp://keyserver.ubuntu.com --refresh-keys` but it didn't change yours. Seems like others have the same issue: https://old.reddit.com/r/Parabola/comments
|
|
2
|
<davisr_> /jqmcih/siganture_from_bill_auger_is_unknown_trust/
|
|
3
|
<pbot> Page title: 'comments : Parabola'
|
|
4
|
<davisr_> More examples from others: https://old.reddit.com/r/Parabola/comments/jpm4de/bill_auger_peerscommunity_key_openrc_problem/
|
|
5
|
<pbot> Page title: 'Too Many Requests'
|
|
6
|
<davisr_> https://old.reddit.com/r/Parabola/comments/jpnr6s/trying_to_install_openrc_parabola_but_i_keep/
|
|
7
|
<bill-auger> its an old known problem with the keyring package; not related to keyservers though - just let me know if you need any package other than linux-libre-api-headers
|
|
8
|
<davisr_> Thanks for the response. I tried following the steps listed in https://wiki.parabola.nu/Parabola_Keyring to no avail. Is any info about this specific problem posted online?
|
|
9
|
<pbot> Page title: 'Parabola Keyring - ParabolaWiki'
|
|
10
|
<davisr_> Also, I did a `pacman-key --list-keys 25DB7D9B5A8D4B40` and it appears that your pubkey is set to expire on 2020-11-19.
|
|
11
|
* Disconnected ()
|
|
12
|
* davisr_ is already in use. Retrying with davisr_...
|
|
13
|
* davisr_ is already in use. Retrying with davisr__...
|
|
14
|
* Disconnected (Remote host closed socket)
|
|
15
|
* Disconnected ()
|
|
16
|
* Disconnected (Remote host closed socket)
|
|
17
|
* Disconnected ()
|
|
18
|
* davisr sets mode +Z on davisr
|
|
19
|
* davisr sets mode +i on davisr
|
|
20
|
* Now talking on #parabola
|
|
21
|
* Topic for #parabola is: Welcome friend! - Parabola is a 100% free (as in freedom), labor of love, GNU/Linux distribution | Web: https://www.parabola.nu | Forum: https://labs.parabola.nu/projects/parabola-community-forum | Fediverse: https://gnusocial.net/group/parabola | Wiki: https://wiki.parabola.nu/ | Bug tracker: https://labs.parabola.nu | Email: https://lists.parabola.nu/mailman/listinfo/assist
|
|
22
|
* Topic for #parabola set by bill-auger (Tue Jun 30 05:17:14 2020)
|
|
23
|
* Channel #parabola url: https://parabola.nu
|
|
24
|
<davisr> So this seems strange, because `pacman-key --list-keys` shows the key isn't yet expired, but `pacman-key --verify` says the key _is_ expired. Looks like the sig on pacman-mirrorlist-20201002 was made using a subkey which has expired on 2020-11-08. Is that correct?
|
|
25
|
<davisr> Here's a paste: http://www.davisr.me/posts/2020/2020-11-14/parabola-paste-001.txt
|
|
26
|
<davisr> Sig was made using 3E8C7778 which expired on 2020-11-10, according to http://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0xFBCC5AD7421197B7ABA72853908710913E8C7778
|
|
27
|
<pbot> Page title: 'Search results for '0xfbcc5ad7421197b7aba72853908710913e8c7778''
|
|
28
|
<davisr> bill-auger, could you please put a new expiry sig on the 3E8C7778 key and upload it to the keyserver? I think that would allow verification to continue. It seems you just made a new expiry sig on 2020-11-08, but it only lasted for 2 days (kind of strange).
|
|
29
|
<bill-auger> oh yes i did that as an experiment - simply re-newing the expiry does not work - it probably should; but that is the bug im trying to ferret out
|
|
30
|
<davisr> bill-auger, I see -- I just found https://labs.parabola.nu/issues/2925 -- if you could please post some info there about what you know, I will have a bit of free time in the next few weeks and can at-least help you track down the bug.
|
|
31
|
<pbot> Page title: 'Housekeeping #2925: signature from bill-auger is unknown trust - Packages - Parabola Issue Tracker'
|
|
32
|
<bill-auger> there is little known conclusively to document yet, other than that all attempts so far have been fruitless - but it should have a bug report - i will document it better tonight -
|
|
33
|
<davisr> Thanks. FWIW, I *think* I fixed the problem by rolling back the date to 2020-11-01. The sequence was basically: (1) Get updated package list, (2) Try to update but then fail on that package sig, (3) set the date back to 2020-11-01, (4) Upgrade packages from cache. That upgraded most of them, but then my little embedded computer ran out of RAM during a post-transaction hook :(
|
|
34
|
<davisr> > upgraded *all of them
|
|
35
|
<bill-auger> that is a clever work-around - i dont think anyone had tried that before
|
|
36
|
<davisr> Aaaaaand...it looks like those hooks were important because now I have a bunch of busted packages. Ah well, good thing I have a backup (that takes 30 minutes to restore, grrr)
|
|
37
|
<davisr> bill-auger, is that sarcasm?
|
|
38
|
<bill-auger> no, it is a clever work-around
|
|
39
|
<bill-auger> better than the naive work-around, which is to ignore the signature
|
|
40
|
<davisr> Ah, well when pacman-key says "gpg: Note: This key has expired!" and then "y.pkg.tar.xz.sig could not be verified." (ref: that earlier paste-001.txt), it just seems like the natural thing to try. I wonder why adding a new expiry sig on your key doesn't work though.
|
|
41
|
<davisr> > ignore the signature ::: yeah, heck no, lol
|
|
42
|
<bill-auger> pacman-key should consider the "good signature" message from gpgi think the to be sufficient, unless the key was revoked
|
|
43
|
<bill-auger> ie:if it were so important, the expiry message would be "Error:" rather than "Note:"
|
