Age | Commit message (Collapse) | Author |
|
|
|
|
|
My gpg key was updated.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
This community has become toxic because there is no reguard for
contributors health.
See the following issue for more details:
https://labs.parabola.nu/issues/1035
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
I don't have my main key on any of the computers that are involved in
building signing or pushing Parabola packages:
$ gpg -K FB31DBA3AB8DB76A4157329F7651568F80374459
sec# rsa4096 2017-05-29 [SC] [expires: 2022-10-12]
FB31DBA3AB8DB76A4157329F7651568F80374459
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
ssb rsa4096 2017-07-22 [S] [expires: 2022-10-12]
ssb rsa4096 2017-07-22 [E] [expires: 2022-10-12]
So the 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263 subkey is used instead:
$ gpg --list-options show-unusable-subkeys \
--with-subkey-fingerprint --list-keys \
FB31DBA3AB8DB76A4157329F7651568F80374459
pub rsa4096 2017-05-29 [SC] [expires: 2022-10-12]
FB31DBA3AB8DB76A4157329F7651568F80374459
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>
uid [ultimate] Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
sub rsa4096 2017-07-22 [S] [expires: 2022-10-12]
782F9DDBE36BA7F3D4DE49065F5DFCC14177E263
sub rsa4096 2017-07-22 [E] [expires: 2022-10-12]
A0AD5A691D5E1A819FB3007C91EDBFDAAEDC2DB4
sub rsa4096 2017-05-29 [E] [expired: 2018-04-04]
E01713B69D72CA8CBB0A3F739EF8F853E2CF85BB
And for some reason, that might be the cause why uploading new
packages fails (though it didn't fail before), so it's worth trying to
see if adding in the subkey makes it work:
==> Running db-update on repos
removed 'sources/parabola/netpbm-10.73.36-1.parabola1-armv7h.src.tar.gz'
==> WARNING: file already exists: sources/parabola/netpbm-10.73.36-1.parabola1-armv7h.src.tar.gz.sig
die "Package %s does not have a valid signature"
==> Checking /home/gnutoo/staging//libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz.sig... (detached)
gpg: Signature made Sun Nov 28 13:15:39 2021 GMT
gpg: using RSA key 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263
gpg: Note: trustdb not writable
gpg: Good signature from "Denis 'GNUtoo' Carikli <GNUtoo@makefreedom.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@no-log.org>" [unknown]
gpg: aka "Denis 'GNUtoo' Carikli <GNUtoo@riseup.net>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB31 DBA3 AB8D B76A 4157 329F 7651 568F 8037 4459
Subkey fingerprint: 782F 9DDB E36B A7F3 D4DE 4906 5F5D FCC1 4177 E263
==> ERROR: The signature identified by /home/gnutoo/staging//libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz.sig could not be verified.
==> ERROR: Package libre/netpbm-10.73.36-1.parabola1-armv7h.pkg.tar.xz does not have a valid signature
==> Removing left over lock from [libre] (x86_64)
==> Removing left over lock from [libre] (i686)
==> Removing left over lock from [libre] (armv7h)
==> Removing left over lock from [libre] (ppc64le)
==> ERROR: An unknown error has occurred. Exiting...
User defined signal 1
Thanks a lot to bill-auger for the help on finding the gpg command to
list subkeys in long form and for the suggestion to use a subkey (Bill
has a similar setup and had to use his subkey).
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
experiment to resolve #2931
|
|
The following commit broke login on the Parabola servers:
8f03372 Andreas Grapentin: Remove gpg key to refresh it in parabola-keyring
8f0337256560c4a16a2d271b7118aee854fedd31
Apparently removing gpg keys and the shell entry break login in the
Parabola servers that depend on the data in hackers to setup that
login process.
At first I got some help on IRC to guide me on how to do it, then as I got
some errors from the remote lint script, I tried to find a working
combination that wasn't triggered by it through trial and error.
Running the lint script locally with that patch also finds no error.
Once the login were broken, bill-auger tried to fix it by removing the SSH
keys:
6f4f6b2 fix users/1038.yml
6f4f6b2331a9b697355ee568b246ab9eb9d4262a
and re-adding a shell:
43a438f fix users/1038.yml
43a438fee15e23e95146ed317e5078876e760e05
Once that was done bill-auger tried to rebuild the keyring but that failed
because the login service was not running. But then the service could be
started.
Then bill-auger pushed an empty commit and the keyring build did succeed.
As this is now all fixed, we now know:
- How to break login with malformed yaml that doesn't trigger any warnings
nor errors. We will need to fix that.
- How to repair that once it happens. You probably need a root shell on the
affected machine to fix that though.
- How to effectively disable a user gpg key without breaking the login
service.
So we can now revert to the state before the "8f03372 Andreas Grapentin:
Remove gpg key to refresh it in parabola-keyring" commit to effectively
refresh Andreas Grapentin's gpg key.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
The parabola-keyring package has an old version of Andreas Grapentin's key
which is expired.
Andreas Grapentin's key was updated weeks ago and the new version with
the increased expiry date is already on the keyservers.
Removing and re-adding Andreas's key will probably trigger the autobuilder
that will in turn produce and release a new version of parabola-keyring.
This commit will be pushed alone, and if it triggers a rebuild, I will
then revert it to trigger a rebuild again, this time with the updated key.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
This is because with priv-sep'd dbscripts, it needs to ssh to
autobuilder@localhost to run db-update.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
These are people who satisfy both of these criteria:
1. Haven't been named as an author or as a committer in any of the git
repos at git.parabola.nu in over a year, AND
2. Are not listed as the packager of any packages currently in the pacman
repos, on any architecture.
I've emailed each of them with an email roughly following the format:
Hi <NAME>,
It seems you have no packages in the current pacman repos, and haven't
committed to any of the repos at git.parabola.nu in over a year. So,
I'm disabling your access to Parabola infrastructure, and moving you
from "hackers" to "fellows". That isn't to say that we don't want you
around, or that you aren't welcome! If you'd like to start
contributing again, just let us know.
Your <USERNAME>@parabola.nu email forwarding address will continue to
function. If you would like to update where it forwards to, or would
like it disabled, let me know.
--
Happy hacking,
~ Luke Shumaker
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(this is a silly no-op change to test the server hooks)
|
|
|
|
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
|
|
Also update contact info
Signed-off-by: David P <megver83@parabola.nu>
|
|
|
|
|
|
heckyel: https://lists.parabola.nu/pipermail/dev/2017-October/006034.html
skwid: https://lists.parabola.nu/pipermail/dev/2017-October/006032.html
Good luck in your new home heckyel! :-P
|
|
|
|
|
|
|
|
he's been working with oaken-source to create a modern, graphical
installation ISO.
reference:
https://lists.parabola.nu/pipermail/dev/2017-September/005836.html
|
|
|