1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [gentoo-dev] A problem with updating my key (again)

    From Andrey Grozin@21:1/5 to All on Tue Jun 13 19:10:02 2023
    Hi *,

    My key was going to expire soon. So, as usual, I have prolonged it for the
    next year (several days ago). I've sent it to the Gentoo keyserver. I've checked that the fingerpring of my key in LDAP coinsides with the
    fingerprint I see locally.

    Today I've tried to bump dev-lisp/sbcl to 2.3.5. But I got

    remote: *** None of your keys comply with GLEP 63.
    remote: Please update the keys into conformance if you wish to
    continue
    remote: using them. If not, please remove unused keys from LDAP.
    remote: FATAL: VREF/proj-gentoo-02-gpg: helper program exit status 256
    remote: 53D4ABFA88DD61C4 [Andrey Grozin (science) <grozin@gentoo.org>] [E] expire:short Expiration date is too close, please renew (is 2023-06-17 15:32:53, less than 14 days)
    remote: 53D4ABFA88DD61C4:3AFFCE974D34BD8C [Andrey Grozin (science) <grozin@gentoo.org>] [E] expire:short Expiration date is too close, please renew (is 2023-06-17 15:34:59, less than 14 days)
    remote: error: hook declined to update refs/heads/master
    To git.gentoo.org:repo/gentoo.git
    ! [remote rejected] master -> master (hook declined)
    error: failed to push some refs to 'git.gentoo.org:repo/gentoo.git'

    It seems that the remote git has ignored the fact that my key has been prolonged about 3 days ago. One year ago I had the same situation. Is
    there any reliable way to inform this git hook about the prolongation of
    my key?

    Every year the same problem :-(

    Andrey

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Sam James@21:1/5 to Andrey Grozin on Tue Jun 13 19:30:01 2023
    Andrey Grozin <grozin@woodpecker.gentoo.org> writes:

    Hi *,

    My key was going to expire soon. So, as usual, I have prolonged it for
    the next year (several days ago). I've sent it to the Gentoo
    keyserver. I've checked that the fingerpring of my key in LDAP
    coinsides with the fingerprint I see locally.

    Today I've tried to bump dev-lisp/sbcl to 2.3.5. But I got

    remote: *** None of your keys comply with GLEP 63.
    remote: Please update the keys into conformance if you wish to
    continue
    remote: using them. If not, please remove unused keys from LDAP.
    remote: FATAL: VREF/proj-gentoo-02-gpg: helper program exit status 256 remote: 53D4ABFA88DD61C4 [Andrey Grozin (science) <grozin@gentoo.org>]
    [E] expire:short Expiration date is too close, please renew (is
    2023-06-17 15:32:53, less than 14 days)
    remote: 53D4ABFA88DD61C4:3AFFCE974D34BD8C [Andrey Grozin (science) <grozin@gentoo.org>] [E] expire:short Expiration date is too close,
    please renew (is 2023-06-17 15:34:59, less than 14 days)
    remote: error: hook declined to update refs/heads/master
    To git.gentoo.org:repo/gentoo.git
    ! [remote rejected] master -> master (hook declined)
    error: failed to push some refs to 'git.gentoo.org:repo/gentoo.git'

    It seems that the remote git has ignored the fact that my key has been prolonged about 3 days ago. One year ago I had the same situation. Is
    there any reliable way to inform this git hook about the prolongation
    of my key?

    Every year the same problem :-(

    You should ping in #gentoo-infra on IRC if you're having trouble, or
    file a bug in the Gentoo Infrastructure component.


    -----BEGIN PGP SIGNATURE-----

    iOUEARYKAI0WIQQlpruI3Zt2TGtVQcJzhAn1IN+RkAUCZIilml8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MjVB NkJCODhERDlCNzY0QzZCNTU0MUMyNzM4NDA5RjUyMERGOTE5MA8cc2FtQGdlbnRv by5vcmcACgkQc4QJ9SDfkZDcxQD+NXIIARWq55JVqIwVltVef2iTmzSza+w9gakm dFyo320A/0vPPaPJE+AaWEXiO9Br/maty7kBW42loB90nN6nFtYE
    =BfWP
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Robin H. Johnson@21:1/5 to Andrey Grozin on Thu Jun 15 04:10:01 2023
    On Tue, Jun 13, 2023 at 05:00:16PM +0000, Andrey Grozin wrote:
    Hi *,

    My key was going to expire soon. So, as usual, I have prolonged it for the next year (several days ago). I've sent it to the Gentoo keyserver. I've checked that the fingerpring of my key in LDAP coinsides with the fingerprint I see locally.
    Hi Andrey,

    As I wrote in the direct email to you, your new key is not present on
    any of the three keyservers. You said you sent it to the keyserver, but
    I don't see it there. Can you please confirm what you used to upload it?

    It should be these steps: https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys#Submit_the_new_key_to_the_keyserver

    I have just verified that the steps work because I had to update the
    expiry on my own keys, and the new expiry can be verified: https://keys.gentoo.org/pks/lookup?search=robbat2&fingerprint=on&hash=on&op=vindex

    You can check that it's present shortly after uploading again: https://keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex

    If the servers are out of sync, it can be seen as well (they are in sync
    as I write this): https://motmot.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
    https://trogan.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
    https://kookaburra.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex

    It seems that the remote git has ignored the fact that my key has been prolonged about 3 days ago. One year ago I had the same situation. Is
    there any reliable way to inform this git hook about the prolongation of
    my key?
    After uploading updates to an existing key, you should need to wait at
    most 20 minutes: the keyservers are exported to a keyring, that's hosted
    on the qa-reports site, and that keyring is fetched frequently by other
    hosts that have a need to verify keys.

    If you upload a *new* primary key, you need update ldap (yourself) and
    then to alert infra to re-sync the gitolite listing of permitted keys
    for your user.

    --
    Robin Hugh Johnson
    Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
    E-Mail : robbat2@gentoo.org
    GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
    GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2
    Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it.

    iQKTBAABCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAmSKcudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsRN6A/+PMGEf9wUxRhHZuhff+RzJbovcrOCrMU4gh8GJ/4PBkat9Z9wferWbN0+ Pp53DBu3Bc2Rz6x8E8rHesCLASgtg2f0Mp8gZrnM9Qb9uHqKhoTLSFeGPNMSF95i UYogBPJS5Et6kbnZa0aTlyM9aqcv4p+N1HvEnwTnCILuuz5sBIB4NA1R5i7qWLGI G+8rK/JfgM3pamQb4y/KHCdRxrQoycM7cAjKkMovAo0Dhwu7dJ4nLjdXa2WyTmy8 creJ+pFS9aPecd83UsoQzQSN1yG4pgvqB0BggmjGgWfOCNbrFNtYJ6l2U6zrmcRu 0JzVMlyv8SqyMaOupotcbjIo7sXuKltNoyuBSs9CWNlI1K8l2m4GDDKnehBd0qtT oIPcsrJnjUFlOhTzI8CD