Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 72873 - signing with repoman and with an expired key == angry
Summary: signing with repoman and with an expired key == angry
Status: RESOLVED DUPLICATE of bug 57445
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Repoman (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-11-29 17:23 UTC by SpanKY
Modified: 2006-02-17 16:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2004-11-29 17:23:33 UTC 
so i tried to commit something today and gpg/repoman hit a nice loop ... turns out my signing key expired yesterday (too bad the frickin error message wasnt helpful) ... anyways, here's a small snippet of it (the actual log was over 10k lines and took like 10secs to generate :P)

gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: no default secret key: Unusable secret key
gpg: .//Manifest: clearsign failed: Unusable secret key
!!! YOU MUST sign the Manifest.
!!! You can also disable this for the time being by removing FEATURES='sign'gpg:  
 NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: no default secret key: Unusable secret key
gpg: .//Manifest: clearsign failed: Unusable secret key
!!! YOU MUST sign the Manifest.
!!! You can also disable this for the time being by removing FEATURES='sign'gpg:  
 NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: no default secret key: Unusable secret key
gpg: .//Manifest: clearsign failed: Unusable secret key
!!! YOU MUST sign the Manifest.
!!! You can also disable this for the time being by removing FEATURES='sign'gpg:  
 NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: no default secret key: Unusable secret key
gpg: .//Manifest: clearsign failed: Unusable secret key
!!! YOU MUST sign the Manifest.
!!! You can also disable this for the time being by removing FEATURES='sign'gpg:
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2004-12-25 19:15:02 UTC 
vapier join that club. Had that problem today. But the useful tidbit is the fact that gpg returns 2 when it's an expired key rather then 0 or 1.
Comment 2 John Mylchreest (RETIRED) gentoo-dev 2005-01-02 05:10:40 UTC 
you could just run gpg --verify ./Manifest once its signed.
if it returns 0, its valid, whether its trusted or not.
Comment 3 Marius Mauch (RETIRED) gentoo-dev 2005-01-02 23:28:19 UTC 
trust isn't the problem, the issue is with gpg refusing to sign stuff.
Comment 4 Torsten Veller (RETIRED) gentoo-dev 2005-02-23 05:20:24 UTC 
/usr/doc/gnupg-*/DETAILS.gz contains interesting information.

gpg --fixed-list-mode --with-colons --list-keys --with-fingerprint --with-fingerprint  ${PORTAGE_GPG_KEY}

The seventh field of the relevant key (fifth field) contains the expiration date in seconds since epoch.
Maybe it is necessary to obey the KEYEXPIRED note (date in ISO format).

So it should be possible to check if the key has expired or will expire in the near future before starting the initial commit.
Comment 5 Jason Stubbs (RETIRED) gentoo-dev 2005-04-22 20:58:42 UTC 
Added a 3 second wait between failed gpg runs. At best, it should allow you to ctrl-c a bit easier.
Comment 6 Alec Warner (RETIRED) archtester gentoo-dev Security 2006-02-17 16:27:29 UTC 
I'm looking into this, but there are more cases than just expired keys, and I'm looking to get them all.

*** This bug has been marked as a duplicate of 57445 ***