Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 900895 - net-misc/wget-1.21.3-r1 - PGP signature verification failed
Summary: net-misc/wget-1.21.3-r1 - PGP signature verification failed
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-11 21:24 UTC by Toralf Förster
Modified: 2023-03-15 05:53 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge-info.txt (emerge-info.txt,18.91 KB, text/plain)
2023-03-11 21:24 UTC, Toralf Förster
Details
emerge-history.txt (emerge-history.txt,13.59 KB, text/plain)
2023-03-11 21:24 UTC, Toralf Förster
Details
environment (environment,117.47 KB, text/plain)
2023-03-11 21:24 UTC, Toralf Förster
Details
etc.portage.tar.bz2 (etc.portage.tar.bz2,10.36 KB, application/x-bzip)
2023-03-11 21:24 UTC, Toralf Förster
Details
logs.tar.bz2 (logs.tar.bz2,1.85 KB, application/x-bzip)
2023-03-11 21:24 UTC, Toralf Förster
Details
net-misc:wget-1.21.3-r1:20230311-200820.log (net-misc:wget-1.21.3-r1:20230311-200820.log,2.44 KB, text/plain)
2023-03-11 21:24 UTC, Toralf Förster
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Toralf Förster gentoo-dev 2023-03-11 21:24:10 UTC
gpg:                 aka "Darshit Shah <darnir@gnu.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 7845 120B 07CB D8D6 ECE5  FF2B 2A17 43ED A91A 35B6
     Subkey fingerprint: 6B98 F637 D879 C523 6E27  7C5C 64FF 90AA E8C7 0AF9

 * ERROR: net-misc/wget-1.21.3-r1::gentoo failed (unpack phase):
 *   PGP signature verification failed
 * 
 * Call stack:

  -------------------------------------------------------------------

  This is an unstable amd64 chroot image at a tinderbox (==build bot)
  name: 17.1_desktop_plasma_systemd_merged_usr-j5-20230311-164515

  -------------------------------------------------------------------

gcc-config -l:
 [1] x86_64-pc-linux-gnu-12 *
clang/llvm (if any):
/usr/lib/llvm/15
15.0.7
Python 3.10.10
Available Rust versions:
  [1]   rust-bin-1.67.1 *
php cli (if any):

  HEAD of ::gentoo
commit f490623150c29444f28c51148b0cc22a69a44636
Author: Repository mirror & CI <repomirrorci@gentoo.org>
Date:   Sat Mar 11 16:31:48 2023 +0000

    2023-03-11 16:31:48 UTC

emerge -qpvO net-misc/wget
[ebuild   R   ] net-misc/wget-1.21.3-r1  USE="ipv6 nls pcre (ssl) verify-sig* zlib -cookie-check -debug -gnutls -idn -metalink -ntlm -static -test -uuid"
Comment 1 Toralf Förster gentoo-dev 2023-03-11 21:24:11 UTC
Created attachment 857335 [details]
emerge-info.txt
Comment 2 Toralf Förster gentoo-dev 2023-03-11 21:24:12 UTC
Created attachment 857337 [details]
emerge-history.txt
Comment 3 Toralf Förster gentoo-dev 2023-03-11 21:24:14 UTC
Created attachment 857339 [details]
environment
Comment 4 Toralf Förster gentoo-dev 2023-03-11 21:24:14 UTC
Created attachment 857341 [details]
etc.portage.tar.bz2
Comment 5 Toralf Förster gentoo-dev 2023-03-11 21:24:15 UTC
Created attachment 857343 [details]
logs.tar.bz2
Comment 6 Toralf Förster gentoo-dev 2023-03-11 21:24:16 UTC
Created attachment 857345 [details]
net-misc:wget-1.21.3-r1:20230311-200820.log
Comment 7 Larry the Git Cow gentoo-dev 2023-03-13 20:50:00 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6efa842ac4114bb18af18474883260cba12722ad

commit 6efa842ac4114bb18af18474883260cba12722ad
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-03-13 20:48:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-13 20:48:04 +0000

    net-misc/wget: update openpgp-keys version
    
    Closes: https://bugs.gentoo.org/900895
    Signed-off-by: Sam James <sam@gentoo.org>

 net-misc/wget/wget-1.21.3-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=659cab9931ee5424de3e993d656d9d3b9cb6dca3

commit 659cab9931ee5424de3e993d656d9d3b9cb6dca3
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-03-13 20:47:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-13 20:47:30 +0000

    sec-keys/openpgp-keys-wget: add 20230313
    
    Closes: https://bugs.gentoo.org/900895
    Signed-off-by: Sam James <sam@gentoo.org>

 sec-keys/openpgp-keys-wget/Manifest                   |  1 +
 .../openpgp-keys-wget-20230313.ebuild                 | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
Comment 8 psh0r 2023-03-13 23:57:56 UTC
Still fails for me (key expired) with sec-keys/openpgp-keys-wget-20230313 installed.
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-14 00:03:00 UTC
(In reply to gentoo from comment #8)
> Still fails for me (key expired) with sec-keys/openpgp-keys-wget-20230313
> installed.

You're right - sorry, I thought I'd checked. I've pinged upstream.
Comment 10 Larry the Git Cow gentoo-dev 2023-03-15 05:45:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd848cc2696798c83e34a941068420aa56b43460

commit fd848cc2696798c83e34a941068420aa56b43460
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-03-15 05:12:31 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-15 05:44:59 +0000

    profiles/base: mask ~net-misc/wget-1.21.3[verify-sig]
    
    Signing key is expired on Savannah. The same key is renewed elsewhere
    and the signature is valid, but it's easier to disable verify-sig here
    for now as it's not a new release.
    
    Recent Gemato got stricter with this which is how it appears now.
    
    Bug: https://bugs.gentoo.org/900895
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.mask | 7 +++++++
 1 file changed, 7 insertions(+)