diff options
| author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-28 15:33:07 +0100 |
|---|---|---|
| committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-28 15:34:25 +0100 |
| commit | 80c66a1ab9e0e4f5da3fea4a3f7d4c6930dfedd6 (patch) | |
| tree | abaaac9a4cc661f00153f280515d44ff050326b1 /users | |
| parent | 52ffee47899a7c7a5a76f6983e83c1d4384ffd2c (diff) | |
GNUtoo: switch to subkey
I don't have my main key on any of the computers that are involved in
building signing or pushing Parabola packages:
$ gpg -K FB31DBA3AB8DB76A4157329F7651568F80374459
sec# rsa4096 2017-05-29 [SC] [expires: 2022-10-12]
FB31DBA3AB8DB76A4157329F7651568F80374459
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
ssb rsa4096 2017-07-22 [S] [expires: 2022-10-12]
ssb rsa4096 2017-07-22 [E] [expires: 2022-10-12]
So the 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263 subkey is used instead:
$ gpg --list-options show-unusable-subkeys \
--with-subkey-fingerprint --list-keys \
FB31DBA3AB8DB76A4157329F7651568F80374459
pub rsa4096 2017-05-29 [SC] [expires: 2022-10-12]
FB31DBA3AB8DB76A4157329F7651568F80374459
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
sub rsa4096 2017-07-22 [S] [expires: 2022-10-12]
782F9DDBE36BA7F3D4DE49065F5DFCC14177E263
sub rsa4096 2017-07-22 [E] [expires: 2022-10-12]
A0AD5A691D5E1A819FB3007C91EDBFDAAEDC2DB4
sub rsa4096 2017-05-29 [E] [expired: 2018-04-04]
E01713B69D72CA8CBB0A3F739EF8F853E2CF85BB
And for some reason, that might be the cause why uploading new
packages fails (though it didn't fail before), so it's worth trying to
see if adding in the subkey makes it work:
==> Running db-update on repos
removed 'sources/parabola/netpbm-10.73.36-1.parabola1-armv7h.src.tar.gz'
==> WARNING: file already exists: sources/parabola/netpbm-10.73.36-1.parabola1-armv7h.src.tar.gz.sig
die "Package %s does not have a valid signature"
==> Checking /home/gnutoo/staging//libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz.sig... (detached)
gpg: Signature made Sun Nov 28 13:15:39 2021 GMT
gpg: using RSA key 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263
gpg: Note: trustdb not writable
gpg: Good signature from "Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB31 DBA3 AB8D B76A 4157 329F 7651 568F 8037 4459
Subkey fingerprint: 782F 9DDB E36B A7F3 D4DE 4906 5F5D FCC1 4177 E263
==> ERROR: The signature identified by /home/gnutoo/staging//libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz.sig could not be verified.
==> ERROR: Package libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz does not have a valid signature
==> Removing left over lock from [libre] (x86_64)
==> Removing left over lock from [libre] (i686)
==> Removing left over lock from [libre] (armv7h)
==> Removing left over lock from [libre] (ppc64le)
==> ERROR: An unknown error has occurred. Exiting...
User defined signal 1
Thanks a lot to bill-auger for the help on finding the gpg command to
list subkeys in long form and for the suggestion to use a subkey (Bill
has a similar setup and had to use his subkey).
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'users')
| -rw-r--r-- | users/1042.yml | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/users/1042.yml b/users/1042.yml index c8a3fc1..de22240 100644 --- a/users/1042.yml +++ b/users/1042.yml @@ -5,7 +5,7 @@ email: - GNUtoo@cyberdimension.org groups: - hackers -pgp_keyid: FB31DBA3AB8DB76A4157329F7651568F80374459 +pgp_keyid: 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263 ssh_keys: GNUtoo@cyberdimension.org: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuT5ri53jXXNjf/ms6Fy603vNIRj9+UBluzQwr4Qwhw shell: "/bin/bash" |