Re: [gentoo-user] syncing via via git and signature failure

[Bill Kenworthy]

On 07/07/18 09:42, Floyd Anderson wrote:
> Hi Bill,
>
> On Sat, 07 Jul 2018 07:40:00 +0800
> Bill Kenworthy  wrote:
>>
>> I still have this error and  Ive tried a number of things including:
>>
>> gemato create -p ebuild -K /usr/share/openpgp-keys/gentoo-release.asc
>> /usr/portage/
>>
>> next emerge --sync error-ed on a lot of private manifest files but
>> missing toot manifest error disappeared.  Deleted them and successfully
>> resynced.
>>
>> olympus /usr/portage # gemato verify -s -K
>> /usr/share/openpgp-keys/gentoo-release.asc /usr/portage/
>> INFO:root:Refreshing keys from keyserver...
>> INFO:root:Keys refreshed.
>> ERROR:root:Top-level Manifest /usr/portage/Manifest is not OpenPGP
>> signed
>> olympus /usr/portage #
>>
>> also did a "git reset --hard"
>>
>> still get:
>>
>> olympus /usr/portage # emerge --sync
> Syncing repository 'gentoo' into '/usr/portage'...
>> /usr/bin/git pull
>> Already up to date.
>>  * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
>>  * Refreshing keys from keyserver
>> ...  
>>   
>>
>> [ ok ]
>>  * No valid signature found: unable to verify signature (missing key?)
>> q: Updating ebuild cache in /usr/portage ...
>
> please be aware of the context of my response to Mick. He use *rsync*
> and so do I. It seems you are using Git and thus, a different tree
> verification mechanism. I don't know why you have gemato installed,
> because it comes usually only with sys-apps/portage[rsync-verify] set
> and is only related to *rsync* therefore.
>
> Have a look at:
>
>  - [1] 
>  - [2]
> 
>  - [3] 
>
> for some further information. Maybe:
>
>  $ git status --untracked-files
>
> within your tree location can help to identify and sanitise the tree
> from any of your (with gemato) created files.
>
>
Brings up all the manifest files so I'll clean them out, resync and
see.  I do have rsync-verify set but I would not have thought that the
problem.  The system was converted to git syncing (by deletion and
recreating) soon after git became available so it could be something
ancient is the cause.  None of the docs I have examined seem to cover
portage and git problems very well.


BillK

Re: [gentoo-user] syncing via via git and signature failure

[Floyd Anderson]

Hi Bill,

On Sat, 07 Jul 2018 07:40:00 +0800
Bill Kenworthy  wrote:


I still have this error and  Ive tried a number of things including:

gemato create -p ebuild -K /usr/share/openpgp-keys/gentoo-release.asc
/usr/portage/

next emerge --sync error-ed on a lot of private manifest files but
missing toot manifest error disappeared.  Deleted them and successfully
resynced.

olympus /usr/portage # gemato verify -s -K
/usr/share/openpgp-keys/gentoo-release.asc /usr/portage/
INFO:root:Refreshing keys from keyserver...
INFO:root:Keys refreshed.
ERROR:root:Top-level Manifest /usr/portage/Manifest is not OpenPGP signed
olympus /usr/portage #

also did a "git reset --hard"

still get:

olympus /usr/portage # emerge --sync

Syncing repository 'gentoo' into '/usr/portage'...

/usr/bin/git pull
Already up to date.
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys from keyserver
... 
   
[ ok ]
 * No valid signature found: unable to verify signature (missing key?)
q: Updating ebuild cache in /usr/portage ...


please be aware of the context of my response to Mick. He use *rsync* 
and so do I. It seems you are using Git and thus, a different tree 
verification mechanism. I don't know why you have gemato installed, 
because it comes usually only with sys-apps/portage[rsync-verify] set 
and is only related to *rsync* therefore.


Have a look at:

 - [1] 
 - [2] 

 - [3] 

for some further information. Maybe:

 $ git status --untracked-files

within your tree location can help to identify and sanitise the tree 
from any of your (with gemato) created files.



--
Regards,
floyd

Re: [gentoo-user] syncing via via git and signature failure

[Bill Kenworthy]

On 06/07/18 00:06, Floyd Anderson wrote:
> On Wed, 04 Jul 2018 22:57:05 -0400
> John Covici  wrote:
>>
>> I got the following when running your command:
>> gemato verify -K /tmp/gentoo-release.asc.20180703 /usr/portage/
>> INFO:root:Refreshing keys from keyserver...
>> INFO:root:Keys refreshed.
>
> To be more specific, I wasn't interested in verifying the tree. My
> main goal was to get:
>
>  INFO:root:Keys refreshed.
>
> because my sync/update script hung at:
>
>  INFO:root:Refreshing keys from keyserver...
>
> all the time, caused by:
>
>  gpg: Can't check signature: No public key
>
> result, so I wasn't able to update.
>
>> ERROR:root:Top-level Manifest not found in /usr/portage/
>>
>> How can I fix, or do I need to fix?
>
> I've no idea why your portage tree doesn't have a top-level Manifest
> file (assuming "/usr/portage" is the location of your tree), but it
> should be created/updated on next syncing.
>
>

I still have this error and  Ive tried a number of things including:

gemato create -p ebuild -K /usr/share/openpgp-keys/gentoo-release.asc
/usr/portage/

next emerge --sync error-ed on a lot of private manifest files but
missing toot manifest error disappeared.  Deleted them and successfully
resynced.

olympus /usr/portage # gemato verify -s -K
/usr/share/openpgp-keys/gentoo-release.asc /usr/portage/
INFO:root:Refreshing keys from keyserver...
INFO:root:Keys refreshed.
ERROR:root:Top-level Manifest /usr/portage/Manifest is not OpenPGP signed
olympus /usr/portage #

also did a "git reset --hard"

still get:

olympus /usr/portage # emerge --sync
>>> Syncing repository 'gentoo' into '/usr/portage'...
/usr/bin/git pull
Already up to date.
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys from keyserver
... 
   
[ ok ]
 * No valid signature found: unable to verify signature (missing key?)
q: Updating ebuild cache in /usr/portage ...


BillK

Re: [gentoo-user] syncing via via git and signature failure

[Floyd Anderson]

On Wed, 04 Jul 2018 22:57:05 -0400
John Covici  wrote:


I got the following when running your command:
gemato verify -K /tmp/gentoo-release.asc.20180703 /usr/portage/
INFO:root:Refreshing keys from keyserver...
INFO:root:Keys refreshed.


To be more specific, I wasn't interested in verifying the tree. My main 
goal was to get:


 INFO:root:Keys refreshed.

because my sync/update script hung at:

 INFO:root:Refreshing keys from keyserver...

all the time, caused by:

 gpg: Can't check signature: No public key

result, so I wasn't able to update.


ERROR:root:Top-level Manifest not found in /usr/portage/

How can I fix, or do I need to fix?


I've no idea why your portage tree doesn't have a top-level Manifest 
file (assuming "/usr/portage" is the location of your tree), but it 
should be created/updated on next syncing.



--
Regards,
floyd

Re: [gentoo-user] syncing via via git and signature failure

[gevisz]

2018-07-05 1:25 GMT+03:00 Mick :
> On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote:
>> 2018-07-04 21:01 GMT+03:00 Mick :
>> > On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
>> >> 2018-07-04 11:55 GMT+03:00 Alex Thorne :
>> >> >> I use rsync and get the following for more than a day now;
>> >> >>
>> >> >> !!! Manifest verification failed:
>> >> >> OpenPGP verification failed:
>> >> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
>> >> >> gpg:using RSA key
>> >> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> >> >> gpg: Can't check signature: No public key
>> >> >
>> >> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no
>> >> > longer installed and `/var/lib/gentoo/gkeys` is missing. I have no idea
>> >> > how this happened. Perhaps it somehow got into `emerge --depclean`
>> >> > and I didn't catch it.
>> >>
>> >> No. Gentoo maintainers just overlooked that all Gentoo signing keys
>> >> expired on July 1, and added new openpgp-keys-gentoo into portage
>> >> tree only on July 2.
>> >>
>> >> So, since July 1, rsync cannot verify any new portage tree and cannot
>> >> download app-crypt/openpgp-keys-gentoo-release-20180702
>> >>
>> >> It was discovered in the thread
>> >> "All Gentoo signing key expired and no way to fix it"
>> >
>> > Is there a documented manual workaround we could follow at present,
>> > irrespective of our sync'ing mechanism of choice?

It seems that everything is explained in
https://wiki.gentoo.org/wiki/Portage_Security
(This link was first provided in this thread by methylherd.)

>> For me, it somehow worked by manually refreshing the Gentoo signing keys by
>> executing the following two commands:
>> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile
>>
>> But, please, note that I use emerge-webrsync to update the portage tree.
>
> Thanks gevisz, the first line to refresh keys fails, because in /var/lib/
> gentoo/ I only have a news/ subdirectory.

Interestingly, it was the second line that seemed to fail in my case.
(I was in a hurry and executed it so many times, so that I cannot
 say if for sure.)

But, as it has already been pointed out by Bill Kenworthy and
explained in https://wiki.gentoo.org/wiki/Portage_Security ,
the internal mechanisms for checking Gentoo signatures
are different between git, rsync and webrsync.

Re: [gentoo-user] syncing via via git and signature failure

[John Covici]

On Wed, 04 Jul 2018 19:06:29 -0400,
Floyd Anderson wrote:
> 
> On Wed, 04 Jul 2018 23:25:16 +0100
> Mick  wrote:
> > 
> > Thanks gevisz, the first line to refresh keys fails, because in /var/lib/
> > gentoo/ I only have a news/ subdirectory.
> > 
> > Interestingly, I already have app-crypt/openpgp-keys-gentoo-release 
> > installed,
> > but still get 'gpg: Can't check signature: No public key' error when running
> > rsync.
> 
> For me, using the keys from package:
> 
>  app-crypt/openpgp-keys-gentoo-release-20180703 [1]
> 
> and running gemato with those:
> 
>  # gemato verify -K /tmp/gentoo-release.asc.20180703 /usr/portage/
> 
> solves the issue. Afterwards I was able to update (pulls and
> install the new version
> app-crypt/openpgp-keys-gentoo-release-20180703).
> 
> Hope that helps.
> 
> 
> References:
> 
>  - [1] 
> 

I got the following when running your command:
gemato verify -K /tmp/gentoo-release.asc.20180703 /usr/portage/
INFO:root:Refreshing keys from keyserver...
INFO:root:Keys refreshed.
ERROR:root:Top-level Manifest not found in /usr/portage/

How can I fix, or do I need to fix?

Thanks.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com

Re: [gentoo-user] syncing via via git and signature failure

[methylherd]

Am 05.07.2018 um 00:25 schrieb Mick:
> On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote:
>> 2018-07-04 21:01 GMT+03:00 Mick :
>>> On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
 2018-07-04 11:55 GMT+03:00 Alex Thorne :
>> I use rsync and get the following for more than a day now;
>>
>> !!! Manifest verification failed:
>> OpenPGP verification failed:
>> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
>> gpg:using RSA key
>> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> gpg: Can't check signature: No public key
>
> I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no
> longer
> installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how
> this
> happened. Perhaps it somehow got into `emerge --depclean` and I didn't
> catch it.

 No. Gentoo maintainers just overlooked that all Gentoo signing keys
 expired
 on July 1, and added new openpgp-keys-gentoo into portage tree only on
 July
 2.

 So, since July 1, rsync cannot verify any new portage tree and cannot
 download app-crypt/openpgp-keys-gentoo-release-20180702

 It was discovered in the thread
 "All Gentoo signing key expired and no way to fix it"
>>>
>>> Is there a documented manual workaround we could follow at present,
>>> irrespective of our sync'ing mechanism of choice?
>>
>> For me, it somehow worked by manually refreshing the Gentoo signing keys by
>> executing the following two commands:
>> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile
>>
>> But, please, note that I use emerge-webrsync to update the portage tree.
> 
> Thanks gevisz, the first line to refresh keys fails, because in /var/lib/
> gentoo/ I only have a news/ subdirectory.
> 
> Interestingly, I already have app-crypt/openpgp-keys-gentoo-release 
> installed, 
> but still get 'gpg: Can't check signature: No public key' error when running 
> rsync.
> 
I had the same error (no public key) and fixed it today with a simple
re-emerge. After that, sync runs without a problem.

Your keyfile location depends on the way you sync (git,rsync,webrsync).
There is a nice wiki page for this.[1]

I use portage with rsync, so I don't need app-crypt/gentoo-keys which
should install the keyring for webrsync.

First, i moved /usr/share/openpgp-keys/gentoo-release.asc, looked for
the right key id, fetched the key from the keyserver, there was no
difference because the Key ID published on gentoo.org is too old :-D


After updating
=app-crypt/openpgp-keys-gentoo-release-20180702

=app-crypt/openpgp-keys-gentoo-release-20180703


I've no clue why portage uses a key for only 1 day, but - everything
works :-)


[1] https://wiki.gentoo.org/wiki/Portage_Security



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-user] syncing via via git and signature failure

[Floyd Anderson]

On Wed, 04 Jul 2018 23:25:16 +0100
Mick  wrote:


Thanks gevisz, the first line to refresh keys fails, because in /var/lib/
gentoo/ I only have a news/ subdirectory.

Interestingly, I already have app-crypt/openpgp-keys-gentoo-release installed,
but still get 'gpg: Can't check signature: No public key' error when running
rsync.


For me, using the keys from package:

 app-crypt/openpgp-keys-gentoo-release-20180703 [1]

and running gemato with those:

 # gemato verify -K /tmp/gentoo-release.asc.20180703 /usr/portage/

solves the issue. Afterwards I was able to update (pulls and install the 
new version app-crypt/openpgp-keys-gentoo-release-20180703).


Hope that helps.


References:

 - [1] 




--
Regards,
floyd

Re: [gentoo-user] syncing via via git and signature failure

[Bill Kenworthy]

On 05/07/18 02:32, gevisz wrote:
> 2018-07-04 21:01 GMT+03:00 Mick :
>> On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
>>> 2018-07-04 11:55 GMT+03:00 Alex Thorne :
> I use rsync and get the following for more than a day now;
>
> !!! Manifest verification failed:
> OpenPGP verification failed:
> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
> gpg:using RSA key
> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Can't check signature: No public key
 I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
 installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
 happened. Perhaps it somehow got into `emerge --depclean` and I didn't
 catch it.
>>> No. Gentoo maintainers just overlooked that all Gentoo signing keys expired
>>> on July 1, and added new openpgp-keys-gentoo into portage tree only on July
>>> 2.
>>>
>>> So, since July 1, rsync cannot verify any new portage tree and cannot
>>> download app-crypt/openpgp-keys-gentoo-release-20180702
>>>
>>> It was discovered in the thread
>>> "All Gentoo signing key expired and no way to fix it"
>> Is there a documented manual workaround we could follow at present,
>> irrespective of our sync'ing mechanism of choice?
> For me, it somehow worked by manually refreshing the Gentoo signing keys by
> executing the following two commands:
> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D
> in different order and sourcing /etc/profile
>
> But, please, note that I use emerge-webrsync to update the portage tree.
>
I believe the internal mechanisms are different between git and rsync. 
Ive tried manually updating the keys with no luck.


BillK

Re: [gentoo-user] syncing via via git and signature failure

[Mick]

On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote:
> 2018-07-04 21:01 GMT+03:00 Mick :
> > On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
> >> 2018-07-04 11:55 GMT+03:00 Alex Thorne :
> >> >> I use rsync and get the following for more than a day now;
> >> >> 
> >> >> !!! Manifest verification failed:
> >> >> OpenPGP verification failed:
> >> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
> >> >> gpg:using RSA key
> >> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> >> >> gpg: Can't check signature: No public key
> >> > 
> >> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no
> >> > longer
> >> > installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how
> >> > this
> >> > happened. Perhaps it somehow got into `emerge --depclean` and I didn't
> >> > catch it.
> >> 
> >> No. Gentoo maintainers just overlooked that all Gentoo signing keys
> >> expired
> >> on July 1, and added new openpgp-keys-gentoo into portage tree only on
> >> July
> >> 2.
> >> 
> >> So, since July 1, rsync cannot verify any new portage tree and cannot
> >> download app-crypt/openpgp-keys-gentoo-release-20180702
> >> 
> >> It was discovered in the thread
> >> "All Gentoo signing key expired and no way to fix it"
> > 
> > Is there a documented manual workaround we could follow at present,
> > irrespective of our sync'ing mechanism of choice?
> 
> For me, it somehow worked by manually refreshing the Gentoo signing keys by
> executing the following two commands:
> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile
> 
> But, please, note that I use emerge-webrsync to update the portage tree.

Thanks gevisz, the first line to refresh keys fails, because in /var/lib/
gentoo/ I only have a news/ subdirectory.

Interestingly, I already have app-crypt/openpgp-keys-gentoo-release installed, 
but still get 'gpg: Can't check signature: No public key' error when running 
rsync.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] syncing via via git and signature failure

[gevisz]

2018-07-04 21:01 GMT+03:00 Mick :
> On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
>> 2018-07-04 11:55 GMT+03:00 Alex Thorne :
>> >> I use rsync and get the following for more than a day now;
>> >>
>> >> !!! Manifest verification failed:
>> >> OpenPGP verification failed:
>> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
>> >> gpg:using RSA key
>> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> >> gpg: Can't check signature: No public key
>> >
>> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
>> > installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
>> > happened. Perhaps it somehow got into `emerge --depclean` and I didn't
>> > catch it.
>>
>> No. Gentoo maintainers just overlooked that all Gentoo signing keys expired
>> on July 1, and added new openpgp-keys-gentoo into portage tree only on July
>> 2.
>>
>> So, since July 1, rsync cannot verify any new portage tree and cannot
>> download app-crypt/openpgp-keys-gentoo-release-20180702
>>
>> It was discovered in the thread
>> "All Gentoo signing key expired and no way to fix it"
>
> Is there a documented manual workaround we could follow at present,
> irrespective of our sync'ing mechanism of choice?

For me, it somehow worked by manually refreshing the Gentoo signing keys by
executing the following two commands:
# gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D
in different order and sourcing /etc/profile

But, please, note that I use emerge-webrsync to update the portage tree.

Re: [gentoo-user] syncing via via git and signature failure

[Mick]

On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote:
> 2018-07-04 11:55 GMT+03:00 Alex Thorne :
> >> I use rsync and get the following for more than a day now;
> >> 
> >> !!! Manifest verification failed:
> >> OpenPGP verification failed:
> >> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
> >> gpg:using RSA key
> >> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> >> gpg: Can't check signature: No public key
> > 
> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
> > installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
> > happened. Perhaps it somehow got into `emerge --depclean` and I didn't
> > catch it.
> 
> No. Gentoo maintainers just overlooked that all Gentoo signing keys expired
> on July 1, and added new openpgp-keys-gentoo into portage tree only on July
> 2.
> 
> So, since July 1, rsync cannot verify any new portage tree and cannot
> download app-crypt/openpgp-keys-gentoo-release-20180702
> 
> It was discovered in the thread
> "All Gentoo signing key expired and no way to fix it"

Is there a documented manual workaround we could follow at present, 
irrespective of our sync'ing mechanism of choice?

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] syncing via via git and signature failure

[gevisz]

2018-07-04 11:55 GMT+03:00 Alex Thorne :
>>>
>> I use rsync and get the following for more than a day now;
>>
>> !!! Manifest verification failed:
>> OpenPGP verification failed:
>> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
>> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> gpg: Can't check signature: No public key
>>
>>
> I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
> installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
> happened. Perhaps it somehow got into `emerge --depclean` and I didn't catch
> it.

No. Gentoo maintainers just overlooked that all Gentoo signing keys expired
on July 1, and added new openpgp-keys-gentoo into portage tree only on July 2.

So, since July 1, rsync cannot verify any new portage tree and cannot download
app-crypt/openpgp-keys-gentoo-release-20180702

It was discovered in the thread
"All Gentoo signing key expired and no way to fix it"

Re: [gentoo-user] syncing via via git and signature failure

[Mick]

On Wednesday, 4 July 2018 09:55:25 BST Alex Thorne wrote:
> >> I use rsync and get the following for more than a day now;
> > 
> > !!! Manifest verification failed:
> > OpenPGP verification failed:
> > gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
> > gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> > gpg: Can't check signature: No public key
> > 
> > 
> > I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
> 
> installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
> happened. Perhaps it somehow got into `emerge --depclean` and I didn't
> catch it.
> 
> Alex

I use good ol' rsync, because git creates too big a local portage for my disk 
space requirements.

I came across the same problem today, after noticing the sync was hanging for 
a few minutes at:

>>> Syncing repository 'gentoo' into '/usr/portage'...
 * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys from keyserver ...

I'm guessing it was trying to connect to a key server and failing.  Eventually 
it continued, then sync'ed with a mirror and then arrived at the same "no 
public key" error.  Having waited for 15 years to arrive at a more secure 
method of validating the portage content, the need to sort out the 
infrastructure to support this shouldn't hopefully take too long.

Are there any news how/when this problem may be overcome?
-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] syncing via via git and signature failure

[Alex Thorne]

>
>
>> I use rsync and get the following for more than a day now;
>
> !!! Manifest verification failed:
> OpenPGP verification failed:
> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Can't check signature: No public key
>
>
> I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no longer
installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how this
happened. Perhaps it somehow got into `emerge --depclean` and I didn't
catch it.

Alex

Re: [gentoo-user] syncing via via git and signature failure

[Adam Carter]

On Wed, Jul 4, 2018 at 1:16 PM, Bill Kenworthy  wrote:

> I am using git to sync portage and have added  the enabling line to
> repos.conf:
>
> "sync-git-verify-commit-signature = true"
>
> but only ever get (been enabled for a week now):
>
> * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
>  * Refreshing keys from keyserver ...
> [ ok ]
>  * No valid signature found: unable to verify signature (missing key?)
>
> Is there something else needed?  I do have
> app-crypt/openpgp-keys-gentoo-release installed and updated.
>

I use rsync and get the following for more than a day now;

!!! Manifest verification failed:
OpenPGP verification failed:
gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC
gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Can't check signature: No public key

[gentoo-user] syncing via via git and signature failure

[Bill Kenworthy]

I am using git to sync portage and have added  the enabling line to
repos.conf:

"sync-git-verify-commit-signature = true"

but only ever get (been enabled for a week now):

* Using keys from /usr/share/openpgp-keys/gentoo-release.asc
 * Refreshing keys from keyserver ...   
[ ok ]
 * No valid signature found: unable to verify signature (missing key?)

Is there something else needed?  I do have
app-crypt/openpgp-keys-gentoo-release installed and updated.

BillK