All keys from the package have expired on 2024-07-01: $ gpg --show-keys </usr/share/openpgp-keys/gentoo-release.asc 2>/dev/null | grep expired pub rsa4096 2018-05-28 [C] [expired: 2024-07-01] sub rsa2048 2018-05-28 [S] [expired: 2024-07-01] pub rsa4096 2011-11-25 [C] [expired: 2024-07-01] sub rsa4096 2011-11-25 [S] [expired: 2024-07-01] pub dsa1024 2004-07-20 [SC] [expired: 2024-01-01] sub elg2048 2004-07-20 [E] [expired: 2024-01-01] pub rsa4096 2009-08-25 [SC] [expired: 2024-07-01] sub rsa2048 2019-02-23 [S] [expired: 2024-07-01]
I also noticed the problem while I was trying to sync my portage tree: * Fetching file gentoo-20240702.tar.xz ... --2024-07-03 09:59:14-- ftp://ftp.free.fr/mirrors/ftp.gentoo.org/snapshots/gentoo-20240702.tar.xz => ‘/var/tmp/portage/webrsync-Ti3hrs/gentoo-20240702.tar.xz’ Resolving ftp.free.fr... 212.27.60.27, 2a01:e0c:1:1598::1 Connecting to ftp.free.fr|212.27.60.27|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /mirrors/ftp.gentoo.org/snapshots ... done. ==> SIZE gentoo-20240702.tar.xz ... 46752364 ==> PASV ... done. ==> RETR gentoo-20240702.tar.xz ... done. Length: 46752364 (45M) (unauthoritative) gentoo-20240702.tar.xz 100%[==========================================================================================================================================================================>] 44.59M 11.2MB/s in 4.1s 2024-07-03 09:59:19 (11.0 MB/s) - ‘/var/tmp/portage/webrsync-Ti3hrs/gentoo-20240702.tar.xz’ saved [46752364] * Checking digest ... * Checking signature ... * Falling back to gpg as gemato is not installed gpg: keybox '/var/tmp/portage/webrsync-MVjegr/pubring.kbx' created gpg: key A13D0EF1914E7A72: 1 signature not checked due to a missing key gpg: /var/tmp/portage/webrsync-MVjegr/trustdb.gpg: trustdb created gpg: key A13D0EF1914E7A72: public key "Gentoo repository mirrors (automated git signing key) <repomirrorci@gentoo.org>" imported gpg: key DB6B8C1F96D8BF6D: 1 signature not checked due to a missing key gpg: key DB6B8C1F96D8BF6D: public key "Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>" imported gpg: key 9E6438C817072058: 2 signatures not checked due to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <releng@gentoo.org>" imported gpg: key BB572E0E2D182910: 1 signature not checked due to a missing key gpg: key BB572E0E2D182910: public key "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" imported gpg: Total number processed: 4 gpg: imported: 4 gpg: no ultimately trusted keys found gpg: Signature made Wed 03 Jul 2024 02:56:59 AM CEST gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 gpg: Good signature from "Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>" [expired] gpg: aka "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [expired] gpg: Note: This key has expired! Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 * ERROR: /:: failed: * signature verification failed * * If you need support, post the output of `emerge --info '=/::'`, * the complete build log and the output of `emerge -pqv '=/::'`. * Working directory: '/var/tmp/portage/webrsync-Ti3hrs' !!! emerge-webrsync error in /var/db/repos/gentoo Thanks for your help
In any case, how could we get the new key without syncing the tree? (well, I guess I could try to sync without the checksum verification... but maybe there is a more "elegant" solution that I am missing) Thanks
(In reply to Pacho Ramos from comment #2) > In any case, how could we get the new key without syncing the tree? (well, I > guess I could try to sync without the checksum verification... but maybe > there is a more "elegant" solution that I am missing) > > Thanks https://bugs.gentoo.org/830418#c3
commit 3f6f91c9f322abcfaf02e9a5ad4096fd6311218c Author: Michał Górny <mgorny@gentoo.org> Date: Wed Jul 3 18:16:54 2024 +0200 sec-keys/openpgp-keys-gentoo-release: Bump to 20240703 Signed-off-by: Michał Górny <mgorny@gentoo.org>
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36dfefc2c949e5e844dada0e328fd3aee16ba69f commit 36dfefc2c949e5e844dada0e328fd3aee16ba69f Author: Sam James <sam@gentoo.org> AuthorDate: 2024-07-07 05:19:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-07-07 05:19:22 +0000 sys-apps/portage: depend on >=sec-keys/openpgp-keys-gentoo-release-20200704 The older ones have expired. Most people use gemato for refreshes so it's not an issue but let's depend on newer to help people out. Bug: https://bugs.gentoo.org/935387 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/portage/{portage-3.0.61-r1.ebuild => portage-3.0.61-r2.ebuild} | 2 +- sys-apps/portage/{portage-3.0.63-r1.ebuild => portage-3.0.63-r2.ebuild} | 2 +- sys-apps/portage/{portage-3.0.64-r3.ebuild => portage-3.0.64-r4.ebuild} | 2 +- sys-apps/portage/{portage-3.0.65.ebuild => portage-3.0.65-r1.ebuild} | 2 +- sys-apps/portage/portage-9999.ebuild | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-)