Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 705952

Summary: https:// + gpg keys issues
Product: Gentoo Infrastructure Reporter: Felix Neumärker <xdch47>
Component: Web Node IssuesAssignee: Gentoo Infrastructure <infra-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal CC: fturco
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Felix Neumärker 2020-01-20 12:20:04 UTC
https-certificate for https://distfiles.gentoo.org/ does not work (because it redirects to https://gentoo.osuosl.org/

Steps to reproduce:
----
$ wget https://distfiles.gentoo.org                                                                                                                                                                                                                          
--2020-01-20 12:19:37--  https://distfiles.gentoo.org/
Resolving distfiles.gentoo.org... 64.50.236.52, 156.56.247.195, 216.165.129.135, ...
Connecting to distfiles.gentoo.org|64.50.236.52|:443... connected.
ERROR: no certificate subject alternative name matches
	requested host name 'distfiles.gentoo.org'.
To connect to distfiles.gentoo.org insecurely, use `--no-check-certificate'.
----

GPG Keys are not uptodate (https://www.gentoo.org/downloads/signatures/)

Steps to reproduce:
---
wget https://gentoo.osuosl.org/releases/amd64/autobuilds/current-stage3-amd64/stage4-amd64-minimal-20200119T214502Z.tar.xz.DIGESTS.asc 2> --quiet -O - | gpg
....
gpg: Signature made Mon Jan 20 06:05:25 2020 CET
gpg:                using RSA key 534E4209AB49EEE1C19D96162C44695DB9F6043
---
Comment 1 Thomas Deutschmann gentoo-dev 2021-01-04 02:37:51 UTC
Thank for the report. Please file one bug per issue next time.

Why are you accessing distfiles.gentoo.org directly? Are you following some documents? Because in that case you found an outdated document. distfiles.gentoo.org is not supposed to be directly accessible.

Please use https://www.gentoo.org/downloads/ which will make use of bouncer.gentoo.org which will be taking care of TLS.

*** This bug has been marked as a duplicate of bug 553882 ***
Comment 2 Thomas Deutschmann gentoo-dev 2021-01-04 02:54:11 UTC
Regarding your GPG issue:

Key 534E4209AB49EEE1C19D96162C44695DB9F6043D is a subkey of 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910. Please refresh listed releng key, i.e. do

> gpg --keyserver keys.gentoo.org --recv-keys 13EBBDBEDE7A12775DFDB1BABB572E0E2D182910

(maybe you have to use different keyserver like ha.pool.sks-keyservers.net
 in case keys.gentoo.org is down again)