Am 05.07.2018 um 00:25 schrieb Mick: > On Wednesday, 4 July 2018 19:32:33 BST gevisz wrote: >> 2018-07-04 21:01 GMT+03:00 Mick <michaelkintz...@gmail.com>: >>> On Wednesday, 4 July 2018 18:57:56 BST gevisz wrote: >>>> 2018-07-04 11:55 GMT+03:00 Alex Thorne <lexiconifernel...@gmail.com>: >>>>>> I use rsync and get the following for more than a day now; >>>>>> >>>>>> !!! Manifest verification failed: >>>>>> OpenPGP verification failed: >>>>>> gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC >>>>>> gpg: using RSA key >>>>>> E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 >>>>>> gpg: Can't check signature: No public key >>>>> >>>>> I'm seeing this too. For me `app-crypt/gentoo-keys` is somehow no >>>>> longer >>>>> installed and `/var/lib/gentoo/gkeys` is missing. I have no idea how >>>>> this >>>>> happened. Perhaps it somehow got into `emerge --depclean` and I didn't >>>>> catch it. >>>> >>>> No. Gentoo maintainers just overlooked that all Gentoo signing keys >>>> expired >>>> on July 1, and added new openpgp-keys-gentoo into portage tree only on >>>> July >>>> 2. >>>> >>>> So, since July 1, rsync cannot verify any new portage tree and cannot >>>> download app-crypt/openpgp-keys-gentoo-release-20180702 >>>> >>>> It was discovered in the thread >>>> "All Gentoo signing key expired and no way to fix it" >>> >>> Is there a documented manual workaround we could follow at present, >>> irrespective of our sync'ing mechanism of choice? >> >> For me, it somehow worked by manually refreshing the Gentoo signing keys by >> executing the following two commands: >> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys >> 0xDB6B8C1F96D8BF6D in different order and sourcing /etc/profile >> >> But, please, note that I use emerge-webrsync to update the portage tree. > > Thanks gevisz, the first line to refresh keys fails, because in /var/lib/ > gentoo/ I only have a news/ subdirectory. > > Interestingly, I already have app-crypt/openpgp-keys-gentoo-release > installed, > but still get 'gpg: Can't check signature: No public key' error when running > rsync. > I had the same error (no public key) and fixed it today with a simple re-emerge. After that, sync runs without a problem.
Your keyfile location depends on the way you sync (git,rsync,webrsync). There is a nice wiki page for this.[1] I use portage with rsync, so I don't need app-crypt/gentoo-keys which should install the keyring for webrsync. First, i moved /usr/share/openpgp-keys/gentoo-release.asc, looked for the right key id, fetched the key from the keyserver, there was no difference because the Key ID published on gentoo.org is too old :-D After updating =app-crypt/openpgp-keys-gentoo-release-20180702 =app-crypt/openpgp-keys-gentoo-release-20180703 I've no clue why portage uses a key for only 1 day, but - everything works :-) [1] https://wiki.gentoo.org/wiki/Portage_Security
signature.asc
Description: OpenPGP digital signature
