Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 674388 - Automated Signing Key expired, unable to use webrsync
Summary: Automated Signing Key expired, unable to use webrsync
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Other web server issues (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-03 07:15 UTC by Sebastian
Modified: 2019-01-04 07:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian 2019-01-03 07:15:57 UTC 
Hi all,

webrsync doesn't work anymore.

Checking signature ...
gpg: Signature made Thu 03 Jan 2019 01:51:32 AM CET
gpg:                using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Good signature from "Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>" [expired]
gpg:                 aka "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F  44AC DB6B 8C1F 96D8 BF6D
     Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F  DF1C EC59 0EEA C918 9250
emerge-webrsync: error: signature verification failed

They key has expired on Monday:

pub   rsa4096 2011-11-25 [C] [expired: 2019-01-01]
      DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
uid           [ expired] Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
uid           [ expired] Gentoo Portage Snapshot Signing Key (Automated Signing Key)

I attempted a key refresh, but there doesn't seem to be an update available.

Kind regards,
Seb

Reproducible: Always

Actual Results:  
Invalid signing key

Expected Results:  
Valid signing key

N/A
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2019-01-03 11:35:18 UTC 
ya, I've had to use 'emerge --sync' to at least trigger the gpg key sync (should be able to cancel out after that) then do a normal webrsync.
Comment 2 Sebastian 2019-01-04 07:26:29 UTC 
This morning I ran

gpg --keyserver hkps.pool.sks-keyservers.net --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys

and got two new signatures for the "Automated Signing Key" and now it's valid for another year:

pub   rsa4096 2011-11-25 [C] [expires: 2020-01-01]
      DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
uid           [ unknown] Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
uid           [ unknown] Gentoo Portage Snapshot Signing Key (Automated Signing Key)
sub   rsa4096 2011-11-25 [S] [expires: 2020-01-01]

In the updates I see app-crypt/openpgp-keys-gentoo-release got updated to 20190102 on 2nd of January. I wish somebody had done the same with Gentoo keys. And I wish it had been done before the key expired :) See you next year then :)

I'll close this bug.

Kind regards,
Seb