so i tried to commit something today and gpg/repoman hit a nice loop ... turns out my signing key expired yesterday (too bad the frickin error message wasnt helpful) ... anyways, here's a small snippet of it (the actual log was over 10k lines and took like 10secs to generate :P) gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: no default secret key: Unusable secret key gpg: .//Manifest: clearsign failed: Unusable secret key !!! YOU MUST sign the Manifest. !!! You can also disable this for the time being by removing FEATURES='sign'gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: no default secret key: Unusable secret key gpg: .//Manifest: clearsign failed: Unusable secret key !!! YOU MUST sign the Manifest. !!! You can also disable this for the time being by removing FEATURES='sign'gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: no default secret key: Unusable secret key gpg: .//Manifest: clearsign failed: Unusable secret key !!! YOU MUST sign the Manifest. !!! You can also disable this for the time being by removing FEATURES='sign'gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! gpg: no default secret key: Unusable secret key gpg: .//Manifest: clearsign failed: Unusable secret key !!! YOU MUST sign the Manifest. !!! You can also disable this for the time being by removing FEATURES='sign'gpg:
vapier join that club. Had that problem today. But the useful tidbit is the fact that gpg returns 2 when it's an expired key rather then 0 or 1.
you could just run gpg --verify ./Manifest once its signed. if it returns 0, its valid, whether its trusted or not.
trust isn't the problem, the issue is with gpg refusing to sign stuff.
/usr/doc/gnupg-*/DETAILS.gz contains interesting information. gpg --fixed-list-mode --with-colons --list-keys --with-fingerprint --with-fingerprint ${PORTAGE_GPG_KEY} The seventh field of the relevant key (fifth field) contains the expiration date in seconds since epoch. Maybe it is necessary to obey the KEYEXPIRED note (date in ISO format). So it should be possible to check if the key has expired or will expire in the near future before starting the initial commit.
Added a 3 second wait between failed gpg runs. At best, it should allow you to ctrl-c a bit easier.
I'm looking into this, but there are more cases than just expired keys, and I'm looking to get them all. *** This bug has been marked as a duplicate of 57445 ***