bill-auger, Where is the best place to get your latest PGP key? Getting ```error: pacman-mirrorlist: signature from "bill-auger /jqmcih/siganture_from_bill_auger_is_unknown_trust/ Page title: 'comments : Parabola' More examples from others: https://old.reddit.com/r/Parabola/comments/jpm4de/bill_auger_peerscommunity_key_openrc_problem/ Page title: 'Too Many Requests' https://old.reddit.com/r/Parabola/comments/jpnr6s/trying_to_install_openrc_parabola_but_i_keep/ its an old known problem with the keyring package; not related to keyservers though - just let me know if you need any package other than linux-libre-api-headers Thanks for the response. I tried following the steps listed in https://wiki.parabola.nu/Parabola_Keyring to no avail. Is any info about this specific problem posted online? Page title: 'Parabola Keyring - ParabolaWiki' Also, I did a `pacman-key --list-keys 25DB7D9B5A8D4B40` and it appears that your pubkey is set to expire on 2020-11-19. * Disconnected () * davisr_ is already in use. Retrying with davisr_... * davisr_ is already in use. Retrying with davisr__... * Disconnected (Remote host closed socket) * Disconnected () * Disconnected (Remote host closed socket) * Disconnected () * davisr sets mode +Z on davisr * davisr sets mode +i on davisr * Now talking on #parabola * Topic for #parabola is: Welcome friend! - Parabola is a 100% free (as in freedom), labor of love, GNU/Linux distribution | Web: https://www.parabola.nu | Forum: https://labs.parabola.nu/projects/parabola-community-forum | Fediverse: https://gnusocial.net/group/parabola | Wiki: https://wiki.parabola.nu/ | Bug tracker: https://labs.parabola.nu | Email: https://lists.parabola.nu/mailman/listinfo/assist * Topic for #parabola set by bill-auger (Tue Jun 30 05:17:14 2020) * Channel #parabola url: https://parabola.nu So this seems strange, because `pacman-key --list-keys` shows the key isn't yet expired, but `pacman-key --verify` says the key _is_ expired. Looks like the sig on pacman-mirrorlist-20201002 was made using a subkey which has expired on 2020-11-08. Is that correct? Here's a paste: http://www.davisr.me/posts/2020/2020-11-14/parabola-paste-001.txt Sig was made using 3E8C7778 which expired on 2020-11-10, according to http://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0xFBCC5AD7421197B7ABA72853908710913E8C7778 Page title: 'Search results for '0xfbcc5ad7421197b7aba72853908710913e8c7778'' bill-auger, could you please put a new expiry sig on the 3E8C7778 key and upload it to the keyserver? I think that would allow verification to continue. It seems you just made a new expiry sig on 2020-11-08, but it only lasted for 2 days (kind of strange). oh yes i did that as an experiment - simply re-newing the expiry does not work - it probably should; but that is the bug im trying to ferret out bill-auger, I see -- I just found https://labs.parabola.nu/issues/2925 -- if you could please post some info there about what you know, I will have a bit of free time in the next few weeks and can at-least help you track down the bug. Page title: 'Housekeeping #2925: signature from bill-auger is unknown trust - Packages - Parabola Issue Tracker' there is little known conclusively to document yet, other than that all attempts so far have been fruitless - but it should have a bug report - i will document it better tonight - Thanks. FWIW, I *think* I fixed the problem by rolling back the date to 2020-11-01. The sequence was basically: (1) Get updated package list, (2) Try to update but then fail on that package sig, (3) set the date back to 2020-11-01, (4) Upgrade packages from cache. That upgraded most of them, but then my little embedded computer ran out of RAM during a post-transaction hook :( > upgraded *all of them that is a clever work-around - i dont think anyone had tried that before Aaaaaand...it looks like those hooks were important because now I have a bunch of busted packages. Ah well, good thing I have a backup (that takes 30 minutes to restore, grrr) bill-auger, is that sarcasm? no, it is a clever work-around better than the naive work-around, which is to ignore the signature Ah, well when pacman-key says "gpg: Note: This key has expired!" and then "y.pkg.tar.xz.sig could not be verified." (ref: that earlier paste-001.txt), it just seems like the natural thing to try. I wonder why adding a new expiry sig on your key doesn't work though. > ignore the signature ::: yeah, heck no, lol pacman-key should consider the "good signature" message from gpgi think the to be sufficient, unless the key was revoked ie:if it were so important, the expiry message would be "Error:" rather than "Note:"