[gentoo-user] Multilib help
I have to admit that I'm a recent convert to Gentoo and don't really understand (read: haven't the slightest clue about) the inner workings of portage, emerge, ebuild et al. My problem is that I've installed a multilib-enabled 64-bit system and realised that /usr/lib32 and /usr/lib64 are vastly of different. There are around 2200 dynamic and some 130 static libs in lib64 while there are around 300 dynamic and 15 static libs in lib32. That is, about 85% of libraries exist in 64-bit version only. Consequently, pretty much any 32-bit binary fails to launch due to missing libraries. Which is most unfortunate as I have quite a few of such binaries from EDA tools to productivity tools to games. I would much appreciate if someone would explain how to tell the system to build a 32-bit version of *every* library it installs (and have already installed) so that 32-bit binaries could run (and could also be built against those libs, actually). Due to my complete lack of understanding of the magic embedded in portage, my reading of the Gentoo Wiki did not help at all. Yes, I found the multilib pages, all sorts of references to ebuild categories but, unfortunately, I don't really understand what they talk about. So if a good soul came down to the level of the unfranked and told me what to do, I'd be most obliged. In addition, if there's some decent documentation on the package management system (apart from the Wiki), preferably in a format that can be printed for night-time reading, I'd be glad to receive some pointers. Thanks, Zoltan
Re: [gentoo-user] syncing via via git and signature failure
On Wed, Jul 4, 2018 at 1:16 PM, Bill Kenworthy wrote: > I am using git to sync portage and have added the enabling line to > repos.conf: > > "sync-git-verify-commit-signature = true" > > but only ever get (been enabled for a week now): > > * Using keys from /usr/share/openpgp-keys/gentoo-release.asc > * Refreshing keys from keyserver ... > [ ok ] > * No valid signature found: unable to verify signature (missing key?) > > Is there something else needed? I do have > app-crypt/openpgp-keys-gentoo-release installed and updated. > I use rsync and get the following for more than a day now; !!! Manifest verification failed: OpenPGP verification failed: gpg: Signature made Wed 04 Jul 2018 04:08:28 AM UTC gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 gpg: Can't check signature: No public key
Re: [gentoo-user] Change keyserver used by portage?
> > Since you know the server IPs, and there's only a small number so you > could try connection to each of them and see which one(s) fail. > > Or tcpdump, or netstat etc. > FWIW i can route to all the v4 addresses; # for i in 18.9.60.141 18.191.65.131 37.191.226.104 92.43.111.21 193.164.133.100 216.66.15.2 ; do nc -zv $i 443; done cryptonomicon.mit.edu [18.9.60.141] 443 (https) open ec2-18-191-65-131.us-east-2.compute.amazonaws.com [18.191.65.131] 443 (https) open host-37-191-226-104.lynet.no [37.191.226.104] 443 (https) open Warning: forward host lookup failed for oteiza.siccegge.de: oteiza.siccegge.de [92.43.111.21] 443 (https) open DNS fwd/rev mismatch: mail.b4ckbone.de != beta.b4ckbone.de mail.b4ckbone.de [193.164.133.100] 443 (https) open zimmermann.mayfirst.org [216.66.15.2] 443 (https) open
Re: [gentoo-user] Change keyserver used by portage?
Yes. That is how the pool URL works. It does some sort of load-balancing via > DNS resolution. That's why it has so many addresses. I am well aware of the /etc/hosts hack, but it's an ugly work-around. I'd > rather be able to configure portage itself to use a different pool or a > specific > server, rather than mess around with DNS resolutions. And I haven't been > having any luck in searching for how to configure the keyserver used by > Portage. > > Yes, there is an email address I could message to notify them that there > is a > problematic server, but because Portage tells me nothing about which > server > it's using other than the pool URL, I have nothing helpful to tell them. > Since you know the server IPs, and there's only a small number so you could try connection to each of them and see which one(s) fail. Or tcpdump, or netstat etc.
[gentoo-user] syncing via via git and signature failure
I am using git to sync portage and have added the enabling line to repos.conf: "sync-git-verify-commit-signature = true" but only ever get (been enabled for a week now): * Using keys from /usr/share/openpgp-keys/gentoo-release.asc * Refreshing keys from keyserver ... [ ok ] * No valid signature found: unable to verify signature (missing key?) Is there something else needed? I do have app-crypt/openpgp-keys-gentoo-release installed and updated. BillK
Re: [gentoo-user] Change keyserver used by portage?
On Monday, July 2, 2018 12:40:29 AM CDT Adam Carter wrote: > > > > Anyone one know how I can change the keyserver address used by > > > > portage? I > > > > > > keep getting "no route to host" for hkps.pool.sks-keyservers.net when > > > > I > > > > > > sync. > > > > > > What are you trying to do? Find the command being run and run it > > > manually while specifying --keyserver. Also file a bug report. > > > > > > I posted my last reply after pgp.mit.edu also failed. The URL you give > > > is obviously a key server pool, but it looks like MIT's may be also > > > (without inspecting it). I retried on MIT's URL until the request went > > > through. If you can't change the URL then keep trying. > > > > > > The issue is, I think, that the pool will give you servers that don't > > > support HKP, but I have had this issue when contacting keyservers > > > directly. > > > > > > Cheers, > > > > > > R0b0t1 > > > > Currently, portage is using that pool url when I run emaint's sync module. > > I > > keep getting the "no route to host" error from it, and no indication what > > server it's actually being directed to. > > > > What I want to do is reconfigure portage to use a particular server that I > > know > > is reliable. > > Looks like its using multiple A records; > > $ host hkps.pool.sks-keyservers.net > hkps.pool.sks-keyservers.net has address 18.9.60.141 > hkps.pool.sks-keyservers.net has address 18.191.65.131 > hkps.pool.sks-keyservers.net has address 37.191.226.104 > hkps.pool.sks-keyservers.net has address 92.43.111.21 > hkps.pool.sks-keyservers.net has address 193.164.133.100 > hkps.pool.sks-keyservers.net has address 216.66.15.2 > hkps.pool.sks-keyservers.net has IPv6 address 2001:470:1:116::6 > hkps.pool.sks-keyservers.net has IPv6 address 2600:1f16:41e:bd0a::73:6b73 > hkps.pool.sks-keyservers.net has IPv6 address > 2a01:4a0:59:1000:223:9eff:fe00:100f > hkps.pool.sks-keyservers.net has IPv6 address 2a02:c205:3001:3626::1 > > For an ugly hack you could test these to find one that works, then add that > one to your /etc/hosts file. > > Perhaps there's a hostmas...@hkps.pool.sks-keyservers.net you could notify > to fix it? Yes. That is how the pool URL works. It does some sort of load-balancing via DNS resolution. That's why it has so many addresses. I am well aware of the /etc/hosts hack, but it's an ugly work-around. I'd rather be able to configure portage itself to use a different pool or a specific server, rather than mess around with DNS resolutions. And I haven't been having any luck in searching for how to configure the keyserver used by Portage. Yes, there is an email address I could message to notify them that there is a problematic server, but because Portage tells me nothing about which server it's using other than the pool URL, I have nothing helpful to tell them. -- Elijah Mark Anderson m...@kd0bpv.name -- 「塵も積もれば山となる。」 "Even dust, when piled up, becomes a mountain" - Ancient Japanese proverb signature.asc Description: This is a digitally signed message part.
[gentoo-user] how best to encrypt a file
In which use case? :-D *If I want to keep files only for me, i use gpg with a keyfile. I use kde dolphin as file-manager. It has an option in the context menu to en-/decrypt files or folder with gpg. The really cool feature is the recovery :) If I break my gui - what, of course, never will happen because I use a nvidia card :-D , i can easy access my data in a shell. *If I want to share files with trusted users, i use gpg with a password. *If I need a backup, i use borgbackup for 1/2 year now and it's easy to use, fast and powerful. I run two small scripts, basically a list of borg options, as cron jobs and get a mail with the repo status after every run. [1] http://borgbackup.readthedocs.io/ ;) > I have a couple of small files which need to be encrypted : > one is simple text ( .txt ), the other a spreadsheet ( .ods ). > > I haven't used encryption like this before : what do others use ? > signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] how best to encrypt a file
On Tue, Jul 03, 2018 at 07:27:35AM -0400, Philip Webb wrote: > 180703 Alec Ten Harmsel wrote: > > On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: > >> I have a couple of small files which need to be encrypted : > >> one is simple text ( .txt ), the other a spreadsheet ( .ods ). > >> I haven't used encryption like this before : what do others use ? > > I have used `gpg' to do this before: > > # Encrypt with a passphrase > > gpg -c > > # Decrypt > > gpg -d .gpg > > I do have some files I keep encrypted locally > > that I use `gpg' to encrypt/decrypt, but with my personal key pair. > > For that, I use a vim plugin [1] that transparently decrypts to `/tmp', > > lets me edit and then saves back to the original file. > > This prevents the decrypted contents from ever being on my hard drive, > > as I have `/tmp' mounted as tmpfs. > > Thanks, that's very helpful except that you forgot to append [1] (smile). Ouch. I meant to link to https://github.com/jamessan/vim-gnupg. > I don't need to encrypt the files locally, > but do need to when I create copies to up-load as off-site back-ups. Someone else mentioned duplicity, which I've used in the past. It's built to do encrypted backups to S3/Dropbox/scp. Alec
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tue, Jul 3, 2018 at 6:00 AM, gevisz wrote: > 2018-07-03 13:35 GMT+03:00 Virgil Dupras : >> On Tue, 03 Jul 2018 09:55:38 +0100 >> Mick wrote: >> >>> On Tuesday, 3 July 2018 09:53:27 BST Arve Barsnes wrote: >>> > On 3 July 2018 at 09:48, gevisz wrote: >>> > > Trying to renew them manually with the following commands does not help: >>> > > >>> > > # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys >>> > > 0x825533CBF6CD6C97 >>> > It solved itself for me after running >>> > gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >>> > >>> > Cheers, >>> > Arve >>> >>> Hmm ... >>> >>> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >>> gpg: keyblock resource '/var/lib/gentoo/gkeys/keyrings/gentoo/release/ >>> pubring.kbx': No such file or directory >>> >>> :-/ >>> >>> -- >>> Regards, >>> Mick >> >> Are you, by any chance, running this command through something like >> lxc-attach or ssh? >> I had the exact same problem two days ago and it turned out to be something >> about the >> environment being passed to the remote system. Sourcing /etc/profile did the >> trick. > > No, I do it on my desktop staying just in front of me. > So, no need for ssh (and I do not know what lxc-attach is at all). > > Still, sourcing /etc/profile somehow helped: > > # emerge-webrsync > Fetching most recent snapshot ... > Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo > ... > Fetching file portage-20180702.tar.xz.md5sum ... > Fetching file portage-20180702.tar.xz.gpgsig ... > Fetching file portage-20180702.tar.xz ... > Checking digest ... > Checking signature ... > gpg: Signature made Tue Jul 3 03:51:21 2018 EEST > gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 > gpg: Good signature from "Gentoo Portage Snapshot Signing Key > (Automated Signing Key)" [unknown] > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D > Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 > Getting snapshot timestamp ... > Syncing local tree ... > > Number of files: 161,691 (reg: 134,254, dir: 27,437) > Number of created files: 308 (reg: 301, dir: 7) > Number of deleted files: 272 (reg: 268, dir: 4) > Number of regular files transferred: 1,462 > Total file size: 218.08M bytes > Total transferred file size: 10.83M bytes > Literal data: 10.83M bytes > Matched data: 0 bytes > File list size: 589.73K > File list generation time: 0.001 seconds > File list transfer time: 0.000 seconds > Total bytes sent: 11.76M > Total bytes received: 69.61K > > sent 11.76M bytes received 69.61K bytes 463.97K bytes/sec > total size is 218.08M speedup is 18.43 > Cleaning up ... > It looks like you resolved the issue. I had to refresh the keys multiple times.
Re: [gentoo-user] how best to encrypt a file
On Tuesday, 3 July 2018 13:33:27 BST Samuraiii wrote: > On 3.7.2018 13:27, Philip Webb wrote: > > 180703 Alec Ten Harmsel wrote: > >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: > >>> I have a couple of small files which need to be encrypted : > >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ). > >>> I haven't used encryption like this before : what do others use ? > >> > >> I have used `gpg' to do this before: > >> # Encrypt with a passphrase > >> gpg -c > >> # Decrypt > >> gpg -d .gpg > >> > >> I do have some files I keep encrypted locally > >> that I use `gpg' to encrypt/decrypt, but with my personal key pair. > >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp', > >> lets me edit and then saves back to the original file. > >> This prevents the decrypted contents from ever being on my hard drive, > >> as I have `/tmp' mounted as tmpfs. > > > > Thanks, that's very helpful except that you forgot to append [1] (smile). > > > > I don't need to encrypt the files locally, > > but do need to when I create copies to up-load as off-site back-ups. > > > > Does anyone else have a useful suggestion ? > > Hi, > > there is "reverse" encfs if there are more files to encrypt for backup. > > encfs --reverse ~/dir /tmp/dir > > It will encrypt original files on fly as you read /tmp/dir. > > I used this before (now I backup with duplicity). > > S > > PS: link to arch page with some more info > > https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup If you use gpg -c then the symmetric key is stored in ciphertext of the resulting file. You can use a salt and multiple iterations to make it more secure (check --s2k-mode and --s2k-count in the fine manual) against brute force attacks. If you use gpg -e for asymmetric encryption, then the private key remains yours to store securely offline. Asymmetric encryption is computationally expensive, so it wouldn't be used for backing up a whole filesystem with loads of files, but could be used to encrypt the back up key and similarly small in size but sensitive data. You can also use openssl for the same purpose. For the odd file I use gpg -e and shred to delete securely the decrypted file from the disk after I have finished reading it (some times my tmpfs is on disk). Libreoffice can also use gpg to encrypt your files. Look for the option on the File/Save As pop up. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] how best to encrypt a file
On July 3, 2018 7:33:27 AM CDT, Samuraiii wrote: >On 3.7.2018 13:27, Philip Webb wrote: >> 180703 Alec Ten Harmsel wrote: >>> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: I have a couple of small files which need to be encrypted : one is simple text ( .txt ), the other a spreadsheet ( .ods ). I haven't used encryption like this before : what do others use ? >>> I have used `gpg' to do this before: >>> # Encrypt with a passphrase >>> gpg -c >>> # Decrypt >>> gpg -d .gpg >>> I do have some files I keep encrypted locally >>> that I use `gpg' to encrypt/decrypt, but with my personal key pair. >>> For that, I use a vim plugin [1] that transparently decrypts to >`/tmp', >>> lets me edit and then saves back to the original file. >>> This prevents the decrypted contents from ever being on my hard >drive, >>> as I have `/tmp' mounted as tmpfs. >> Thanks, that's very helpful except that you forgot to append [1] >(smile). >> >> I don't need to encrypt the files locally, >> but do need to when I create copies to up-load as off-site back-ups. >> >> Does anyone else have a useful suggestion ? >> >Hi, > >there is "reverse" encfs if there are more files to encrypt for backup. > >encfs --reverse ~/dir /tmp/dir > >It will encrypt original files on fly as you read /tmp/dir. > >I used this before (now I backup with duplicity). > >S > >PS: link to arch page with some more info > >https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup I'd recommend taking a look at borg backup. I've used it for remote backups over ssh and the deduplication and automatic encryption is aweaome. Maybe a bit overkill, but I believe in encryptes backups. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On 3 July 2018 at 15:22, Mart Raudsepp wrote: > How do you obtain root privileges for the command? > > If you use su, you should be using "su -" (or "su -l" or "su --login"), > not "su". I did not need to do so to make this work. It all depends on the environment you start out with I guess.
[gentoo-user] Re: Any utility to forcibly freeze or swap out a specific pid?
On 2018-07-03 00:32, Walter Dnes wrote: > Actually, minimizing all the spreadsheets and remaining in the same > workspace similarly reduces cpu usage. Why would gnumeric > spreadsheets be using cpu just sitting there, visible or behind > another program? You can get that question answered by rebuilding with profiling information - CFLAGS="-pg -g" -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
Ühel kenal päeval, T, 03.07.2018 kell 14:00, kirjutas gevisz: > Are you, by any chance, running this command through something like > > lxc-attach or ssh? > > I had the exact same problem two days ago and it turned out to be > > something about the > > environment being passed to the remote system. Sourcing > > /etc/profile did the trick. > > No, I do it on my desktop staying just in front of me. > So, no need for ssh (and I do not know what lxc-attach is at all). > > Still, sourcing /etc/profile somehow helped: How do you obtain root privileges for the command? If you use su, you should be using "su -" (or "su -l" or "su --login"), not "su". If you use sudo, you might need to pass -i (--login) option to it. And I mean that in general, not just for overcoming this error. Mart signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tue, Jul 3, 2018 at 8:44 AM gevisz wrote: > > 2018-07-03 14:47 GMT+03:00 Rich Freeman : > > On Tue, Jul 3, 2018 at 7:06 AM gevisz wrote: > >> > >> Why not to put new openpgp-keys-gentoo-release > >> into the portage tree BEFORE all existing Gentoo > >> singing keys expire? > >> > > > > My guess is that it was an oversight. > > > > I note that emerge --sync seems to update keys from the keyserver > > automatically, and thus it didn't report any errors syncing for me. > > On the other hand, I believe it will leave /usr/portage compromised if > > an error is detected, so if you don't actually catch the error it > > throws you can still be harmed. I assume webrsync won't do that, but > > I haven't checked (the repository I use isn't available to webrsync as > > far as I'm aware). > > emerge-webrsync do check gpg Gentoo signitures, if webrsync-gpg > feature is enabled in /etc/portage/make.conf, but it cannot do so, if > all Gentoo signitures expired, as it was the case after 1 July 2018. > I know it checks sigs. I was assuming that it won't actually overwrite a good /usr/portage with a bad one if the verification fails. emerge --sync, with git at least, overwrites /usr/portage in place and so it will leave it in a bad state if verification fails. -- Rich
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
2018-07-03 14:47 GMT+03:00 Rich Freeman : > On Tue, Jul 3, 2018 at 7:06 AM gevisz wrote: >> >> Why not to put new openpgp-keys-gentoo-release >> into the portage tree BEFORE all existing Gentoo >> singing keys expire? >> > > My guess is that it was an oversight. > > I note that emerge --sync seems to update keys from the keyserver > automatically, and thus it didn't report any errors syncing for me. > On the other hand, I believe it will leave /usr/portage compromised if > an error is detected, so if you don't actually catch the error it > throws you can still be harmed. I assume webrsync won't do that, but > I haven't checked (the repository I use isn't available to webrsync as > far as I'm aware). emerge-webrsync do check gpg Gentoo signitures, if webrsync-gpg feature is enabled in /etc/portage/make.conf, but it cannot do so, if all Gentoo signitures expired, as it was the case after 1 July 2018.
Re: [gentoo-user] how best to encrypt a file
On 3.7.2018 13:27, Philip Webb wrote: > 180703 Alec Ten Harmsel wrote: >> On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: >>> I have a couple of small files which need to be encrypted : >>> one is simple text ( .txt ), the other a spreadsheet ( .ods ). >>> I haven't used encryption like this before : what do others use ? >> I have used `gpg' to do this before: >> # Encrypt with a passphrase >> gpg -c >> # Decrypt >> gpg -d .gpg >> I do have some files I keep encrypted locally >> that I use `gpg' to encrypt/decrypt, but with my personal key pair. >> For that, I use a vim plugin [1] that transparently decrypts to `/tmp', >> lets me edit and then saves back to the original file. >> This prevents the decrypted contents from ever being on my hard drive, >> as I have `/tmp' mounted as tmpfs. > Thanks, that's very helpful except that you forgot to append [1] (smile). > > I don't need to encrypt the files locally, > but do need to when I create copies to up-load as off-site back-ups. > > Does anyone else have a useful suggestion ? > Hi, there is "reverse" encfs if there are more files to encrypt for backup. encfs --reverse ~/dir /tmp/dir It will encrypt original files on fly as you read /tmp/dir. I used this before (now I backup with duplicity). S PS: link to arch page with some more info https://wiki.archlinux.org/index.php/EncFS#Encrypted_backup signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tue, Jul 3, 2018 at 7:06 AM gevisz wrote: > > Why not to put new openpgp-keys-gentoo-release > into the portage tree BEFORE all existing Gentoo > singing keys expire? > My guess is that it was an oversight. I note that emerge --sync seems to update keys from the keyserver automatically, and thus it didn't report any errors syncing for me. On the other hand, I believe it will leave /usr/portage compromised if an error is detected, so if you don't actually catch the error it throws you can still be harmed. I assume webrsync won't do that, but I haven't checked (the repository I use isn't available to webrsync as far as I'm aware). Improving signature checking is an area of recent interest, as you can imagine, so I suspect these will improve. -- Rich
Re: [gentoo-user] how best to encrypt a file
180703 Alec Ten Harmsel wrote: > On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: >> I have a couple of small files which need to be encrypted : >> one is simple text ( .txt ), the other a spreadsheet ( .ods ). >> I haven't used encryption like this before : what do others use ? > I have used `gpg' to do this before: > # Encrypt with a passphrase > gpg -c > # Decrypt > gpg -d .gpg > I do have some files I keep encrypted locally > that I use `gpg' to encrypt/decrypt, but with my personal key pair. > For that, I use a vim plugin [1] that transparently decrypts to `/tmp', > lets me edit and then saves back to the original file. > This prevents the decrypted contents from ever being on my hard drive, > as I have `/tmp' mounted as tmpfs. Thanks, that's very helpful except that you forgot to append [1] (smile). I don't need to encrypt the files locally, but do need to when I create copies to up-load as off-site back-ups. Does anyone else have a useful suggestion ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] A config file for the magical combo of....
On 07/02/2018 01:36 PM, Mick wrote: > On Monday, 2 July 2018 19:20:29 BST Corbin Bird wrote: >> On 07/01/2018 03:04 PM, Mick wrote: >>> What do you mean "would not load"? From the live ISO? >>> >>> I had no such problem here on a bare metal install (no Windows) with >>> sysrescuecd. You have to make sure the sysrescuecd is booting in UEFI >>> mode >>> before you proceed with the installation. >>> >> ( Clarification ) The UEFI implementation installed on my MB would not >> load the VFAT driver. > What error messages, indications, behaviour do you get and at what stage? > > > Well, the Gentoo Live-CD may not be the best image to boot your hardware > with. > I'd give systemrescuecd a spin, it has never failed me so far, although a few > years ago I had to perform some tricks to get it to boot into UEFI mode. > Answers to questions : The VFAT driver in question is built-in to UEFI. It is not the Linux kernel module you may be thinking of. UEFI was a long list of built-in drivers. Old BIOS based systems had a 1 or 2 Megabyte EPROM in use for the BIOS. UEFI has 32, 64, or 128 Megabyte EPROMs on the motherboard == driver storage space. Remember DOS and all those drivers that had to be setup, just to get basic hardware working? UEFI is the equivalent of all those drivers being packaged into the EPROM, with auto-config enabled. The EFI Shell has a specific command that will "print-to-screen" all loaded UEFI drivers. That command was showing only the NTFS filesystem driver loading. After Windows was installed on a second drive, the UEFI VFAT driver started loading. ( the Windows Boot Loader had installed itself into the UEFI ) My MB has the latest firmware from the factory. Linux has to be run with "efi=old_map" appended to the kernel parameters. ( Windows 8.1 UEFI memory map ) I was using the standard Gentoo install ISO, Minimal Installation CD. Link : https://www.gentoo.org/downloads/ Memory is fuzzy ... I think I did try it in UEFI mode. Next time I will try the systemrescuecd in UEFI mode instead. Corbin
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
2018-07-03 13:41 GMT+03:00 gevisz :
> 2018-07-03 11:10 GMT+03:00 Mick :
>> On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:
...
>>
>> This package update came up yesterday:
>>
>> app-crypt/openpgp-keys-gentoo-release-20180702
>>
>
> Too late: Gentoo signing keys expired on 1 July 2018.
> So, no way to update portage tree on 2 July 2018. :(
And only after updating the portage tree, I have got
app-crypt/openpgp-keys-gentoo-release-20180702.
Why not to put new openpgp-keys-gentoo-release
into the portage tree BEFORE all existing Gentoo
singing keys expire?
# emerge --update --deep --with-bdeps=y --newuse --backtrack=120 --ask world
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild U ] dev-util/gperf-3.1 [3.0.4]
[ebuild U ] app-crypt/openpgp-keys-gentoo-release-20180702 [20180530]
[ebuild NS] sys-kernel/gentoo-sources-4.14.52 [4.9.95]
USE="-build -experimental -symlink"
[ebuild U ] dev-python/pydot-1.2.3 [1.0.28-r2] USE="{-test%}"
PYTHON_TARGETS="python3_5%* -python3_4% -python3_6%"
Would you like to merge these packages? [Yes/No] y
...
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
2018-07-03 13:35 GMT+03:00 Virgil Dupras : > On Tue, 03 Jul 2018 09:55:38 +0100 > Mick wrote: > >> On Tuesday, 3 July 2018 09:53:27 BST Arve Barsnes wrote: >> > On 3 July 2018 at 09:48, gevisz wrote: >> > > Trying to renew them manually with the following commands does not help: >> > > >> > > # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys >> > > 0x825533CBF6CD6C97 >> > It solved itself for me after running >> > gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >> > >> > Cheers, >> > Arve >> >> Hmm ... >> >> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys >> gpg: keyblock resource '/var/lib/gentoo/gkeys/keyrings/gentoo/release/ >> pubring.kbx': No such file or directory >> >> :-/ >> >> -- >> Regards, >> Mick > > Are you, by any chance, running this command through something like > lxc-attach or ssh? > I had the exact same problem two days ago and it turned out to be something > about the > environment being passed to the remote system. Sourcing /etc/profile did the > trick. No, I do it on my desktop staying just in front of me. So, no need for ssh (and I do not know what lxc-attach is at all). Still, sourcing /etc/profile somehow helped: # emerge-webrsync Fetching most recent snapshot ... Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo ... Fetching file portage-20180702.tar.xz.md5sum ... Fetching file portage-20180702.tar.xz.gpgsig ... Fetching file portage-20180702.tar.xz ... Checking digest ... Checking signature ... gpg: Signature made Tue Jul 3 03:51:21 2018 EEST gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 Getting snapshot timestamp ... Syncing local tree ... Number of files: 161,691 (reg: 134,254, dir: 27,437) Number of created files: 308 (reg: 301, dir: 7) Number of deleted files: 272 (reg: 268, dir: 4) Number of regular files transferred: 1,462 Total file size: 218.08M bytes Total transferred file size: 10.83M bytes Literal data: 10.83M bytes Matched data: 0 bytes File list size: 589.73K File list generation time: 0.001 seconds File list transfer time: 0.000 seconds Total bytes sent: 11.76M Total bytes received: 69.61K sent 11.76M bytes received 69.61K bytes 463.97K bytes/sec total size is 218.08M speedup is 18.43 Cleaning up ...
Re: [gentoo-user] how best to encrypt a file
On Tue, Jul 03, 2018 at 05:47:22AM -0400, Philip Webb wrote: > I have a couple of small files which need to be encrypted : > one is simple text ( .txt ), the other a spreadsheet ( .ods ). > > I haven't used encryption like this before : what do others use ? I have used `gpg' to do this before: # Encrypt with a passphrase gpg -c # Decrypt gpg -d .gpg I do have some files I keep encrypted locally that I use `gpg' to encrypt/decrypt, but with my personal key pair. For that, I use a vim plugin[1] that transparently decrypts to `/tmp', lets me edit, and then saves back to the original file. This prevents the decrypted contents from ever being on my hard drive, as I have `/tmp' mounted as tmpfs. Hope this helps, Alec
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
2018-07-03 11:53 GMT+03:00 Arve Barsnes : > On 3 July 2018 at 09:48, gevisz wrote: >> Trying to renew them manually with the following commands does not help: >> >> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x825533CBF6CD6C97 > > It solved itself for me after running > gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys Thank you for your reply, but running the command above have not solved my problem: # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys gpg: refreshing 4 keys from hkps://hkps.pool.sks-keyservers.net gpg: key 825533CBF6CD6C97: 2 signatures not checked due to missing keys gpg: key 825533CBF6CD6C97: "Gentoo-keys Team " 5 new signatures gpg: key 825533CBF6CD6C97: "Gentoo-keys Team " 2 new subkeys gpg: Total number processed: 1 gpg:new subkeys: 2 gpg: new signatures: 5 gpg: no ultimately trusted keys found # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --with-fingerprint --list-keys /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg - pub rsa4096 2014-10-03 [C] [expires: 2019-06-29] D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97 uid [ unknown] Gentoo-keys Team sub rsa4096 2014-10-03 [S] [expires: 2018-12-31] sub rsa4096 2018-06-29 [S] [expires: 2018-12-26] pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01] D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058 uid [ expired] Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) pub rsa4096 2011-11-25 [C] [expired: 2018-07-01] DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D uid [ expired] Gentoo Portage Snapshot Signing Key (Automated Signing Key) pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25] 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 uid [ expired] Gentoo Linux Release Engineering (Automated Weekly Release Key) # emerge-webrsync Fetching most recent snapshot ... Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo ... Fetching file portage-20180702.tar.xz.md5sum ... Fetching file portage-20180702.tar.xz.gpgsig ... Fetching file portage-20180702.tar.xz ... Checking digest ... Checking signature ... gpg: Signature made Tue Jul 3 03:51:21 2018 EEST gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [expired] gpg: Note: This key has expired! Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 Fetching file portage-20180702.tar.bz2.md5sum ...
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
2018-07-03 11:10 GMT+03:00 Mick :
> On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:
>> Just today I have tried emerge-webrsync and got
>> to the following endless circle:
>>
>> Fetching most recent snapshot ...
>> Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo
>> ... Fetching file portage-20180702.tar.xz.md5sum ...
>> Fetching file portage-20180702.tar.xz.gpgsig ...
>> Fetching file portage-20180702.tar.xz ...
>> Checking digest ...
>> Checking signature ...
>> gpg: Signature made Tue Jul 3 03:51:21 2018 EEST
>> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
>> (Automated Signing Key)" [expired]
>> gpg: Note: This key has expired!
>> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
>> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
>> Fetching file portage-20180702.tar.bz2.md5sum ...
>> Fetching file portage-20180702.tar.bz2.gpgsig ...
>> Fetching file portage-20180702.tar.bz2 ...
>> Checking digest ...
>> Checking signature ...
>> gpg: Signature made Tue Jul 3 03:51:20 2018 EEST
>> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
>> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
>> (Automated Signing Key)" [expired]
>> gpg: Note: This key has expired!
>> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
>> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
>> Fetching file portage-20180702.tar.gz.md5sum ...
>>
>> The following command showed that all Gentoo signing keys in my system
>> expired:
>>
>> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
>> --with-fingerprint --list-keys
>> /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
>> -
>> pub rsa4096 2014-10-03 [C] [expired: 2017-09-17]
>> D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
>> uid [ expired] Gentoo-keys Team
>>
>> pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
>> D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
>> uid [ expired] Gentoo Linux Release Engineering (Gentoo
>> Linux Release Signing Key)
>>
>> pub rsa4096 2011-11-25 [C] [expired: 2018-07-01]
>> DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
>> uid [ expired] Gentoo Portage Snapshot Signing Key
>> (Automated Signing Key)
>>
>> pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
>> 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
>> uid [ expired] Gentoo Linux Release Engineering (Automated
>> Weekly Release Key)
>>
>>
>> Trying to renew them manually with the following commands does not help:
>>
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0x825533CBF6CD6C97 gpg: key 825533CBF6CD6C97: 2 signatures not checked due
>> to missing keys gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
>> " imported
>> gpg: no ultimately trusted keys found
>> gpg: Total number processed: 1
>> gpg: imported: 1
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0xDB6B8C1F96D8BF6D gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due
>> to missing keys gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage
>> Snapshot Signing Key (Automated Signing Key)" imported
>> gpg: no ultimately trusted keys found
>> gpg: Total number processed: 1
>> gpg: imported: 1
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0x9E6438C817072058 gpg: key 9E6438C817072058: 83 signatures not checked due
>> to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release
>> Engineering (Gentoo Linux Release Signing Key) "
>> imported
>> gpg: no ultimately trusted keys found
>> gpg: Total number processed: 1
>> gpg: imported: 1
>> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
>> 0xBB572E0E2D182910 gpg: key BB572E0E2D182910: 10 signatures not checked due
>> to missing keys gpg: key BB572E0E2D182910: 1 bad signature
>> gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
>> Engineering (Automated Weekly Release Key) "
>> imported
>> gpg: no ultimately trusted keys found
>> gpg: Total number processed: 1
>> gpg: imported: 1
>>
>> Here
>> https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
>> has been said the following:
>>
>> If any of the keys installed from app-crypt/gentoo-keys should expire,
>> run gkeys from app-crypt/gkeys to refresh them from the key server:
>> root #emerge --ask app-crypt/gkeys
>> root #gkeys refresh-key -C gentoo
>>
>> but gkeys are not stable in my architeture as it follows from the following:
>>
>> $ eix gkeys
>> * app-crypt/gkeys
>> Available versions: ~0.2 ** {PYTHON_TARGETS="python2_7
>> python3_4 python3_5 python3_6"}
>> Homepage:https://wiki.gentoo.org/wiki/Project:Gentoo-keys
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tue, 03 Jul 2018 09:55:38 +0100 Mick wrote: > On Tuesday, 3 July 2018 09:53:27 BST Arve Barsnes wrote: > > On 3 July 2018 at 09:48, gevisz wrote: > > > Trying to renew them manually with the following commands does not help: > > > > > > # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys > > > 0x825533CBF6CD6C97 > > It solved itself for me after running > > gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys > > > > Cheers, > > Arve > > Hmm ... > > # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys > > gpg: keyblock resource '/var/lib/gentoo/gkeys/keyrings/gentoo/release/ > pubring.kbx': No such file or directory > > :-/ > > -- > Regards, > Mick Are you, by any chance, running this command through something like lxc-attach or ssh? I had the exact same problem two days ago and it turned out to be something about the environment being passed to the remote system. Sourcing /etc/profile did the trick. Regards, Virgil pgpJ8i8VwD4Bj.pgp Description: PGP signature
Re: [gentoo-user] Any utility to forcibly freeze or swap out a specific pid?
Hello,
On Tue, 03 Jul 2018, Walter Dnes wrote:
> Thanks; this could be interesting. Run "ps x", grep for specific
>commands in the output, read the pid at the start of the line, and
>autofreeze those processes..
Use 'pgrep [-u UID/USERNAME] pattern' or adjust ps output to only
display what interests you, e.g.:
$ ps -eo pid,cmd
$ ps -eo pid,cmd | awk '$2 ~ /pattern/ { print $1; }'
$ ps -eo pid,cmd | awk '$2 == "string" { print $1; }'
etc.
Or try 'pidof' (which needs the exact command-name and might return
mismatches).
HTH,
-dnh
--
printk (KERN_DEBUG "Somebody wants the port\n");
linux-2.6.6/drivers/parport/parport_pc.c
[gentoo-user] how best to encrypt a file
I have a couple of small files which need to be encrypted : one is simple text ( .txt ), the other a spreadsheet ( .ods ). I haven't used encryption like this before : what do others use ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On 3 July 2018 at 10:55, Mick wrote: > # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys > gpg: keyblock resource '/var/lib/gentoo/gkeys/keyrings/gentoo/release/ > pubring.kbx': No such file or directory > > :-/ Hmm... I don't have this file either, but had no problems.
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tuesday, 3 July 2018 09:53:27 BST Arve Barsnes wrote: > On 3 July 2018 at 09:48, gevisz wrote: > > Trying to renew them manually with the following commands does not help: > > > > # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys > > 0x825533CBF6CD6C97 > It solved itself for me after running > gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys > > Cheers, > Arve Hmm ... # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys gpg: keyblock resource '/var/lib/gentoo/gkeys/keyrings/gentoo/release/ pubring.kbx': No such file or directory :-/ -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On 3 July 2018 at 09:48, gevisz wrote: > Trying to renew them manually with the following commands does not help: > > # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x825533CBF6CD6C97 It solved itself for me after running gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release --refresh-keys Cheers, Arve
Re: [gentoo-user] All Gentoo signing key expired and no way to fix it
On Tuesday, 3 July 2018 08:48:02 BST gevisz wrote:
> Just today I have tried emerge-webrsync and got
> to the following endless circle:
>
> Fetching most recent snapshot ...
> Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo
> ... Fetching file portage-20180702.tar.xz.md5sum ...
> Fetching file portage-20180702.tar.xz.gpgsig ...
> Fetching file portage-20180702.tar.xz ...
> Checking digest ...
> Checking signature ...
> gpg: Signature made Tue Jul 3 03:51:21 2018 EEST
> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
> Fetching file portage-20180702.tar.bz2.md5sum ...
> Fetching file portage-20180702.tar.bz2.gpgsig ...
> Fetching file portage-20180702.tar.bz2 ...
> Checking digest ...
> Checking signature ...
> gpg: Signature made Tue Jul 3 03:51:20 2018 EEST
> gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
> gpg: Good signature from "Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)" [expired]
> gpg: Note: This key has expired!
> Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
> Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
> Fetching file portage-20180702.tar.gz.md5sum ...
>
> The following command showed that all Gentoo signing keys in my system
> expired:
>
> # gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
> --with-fingerprint --list-keys
> /var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
> -
> pub rsa4096 2014-10-03 [C] [expired: 2017-09-17]
> D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
> uid [ expired] Gentoo-keys Team
>
> pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
> D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
> uid [ expired] Gentoo Linux Release Engineering (Gentoo
> Linux Release Signing Key)
>
> pub rsa4096 2011-11-25 [C] [expired: 2018-07-01]
> DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
> uid [ expired] Gentoo Portage Snapshot Signing Key
> (Automated Signing Key)
>
> pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
> 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
> uid [ expired] Gentoo Linux Release Engineering (Automated
> Weekly Release Key)
>
>
> Trying to renew them manually with the following commands does not help:
>
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0x825533CBF6CD6C97 gpg: key 825533CBF6CD6C97: 2 signatures not checked due
> to missing keys gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
> " imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0xDB6B8C1F96D8BF6D gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due
> to missing keys gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage
> Snapshot Signing Key (Automated Signing Key)" imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0x9E6438C817072058 gpg: key 9E6438C817072058: 83 signatures not checked due
> to missing keys gpg: key 9E6438C817072058: public key "Gentoo Linux Release
> Engineering (Gentoo Linux Release Signing Key) "
> imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
> # gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys
> 0xBB572E0E2D182910 gpg: key BB572E0E2D182910: 10 signatures not checked due
> to missing keys gpg: key BB572E0E2D182910: 1 bad signature
> gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
> Engineering (Automated Weekly Release Key) "
> imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
>
> Here
> https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
> has been said the following:
>
> If any of the keys installed from app-crypt/gentoo-keys should expire,
> run gkeys from app-crypt/gkeys to refresh them from the key server:
> root #emerge --ask app-crypt/gkeys
> root #gkeys refresh-key -C gentoo
>
> but gkeys are not stable in my architeture as it follows from the following:
>
> $ eix gkeys
> * app-crypt/gkeys
> Available versions: ~0.2 ** {PYTHON_TARGETS="python2_7
> python3_4 python3_5 python3_6"}
> Homepage:https://wiki.gentoo.org/wiki/Project:Gentoo-keys
> Description: An OpenPGP/GPG key management tool and python libs
>
> * app-crypt/gkeys-gen
> Available
[gentoo-user] All Gentoo signing key expired and no way to fix it
Just today I have tried emerge-webrsync and got
to the following endless circle:
Fetching most recent snapshot ...
Trying to retrieve 20180702 snapshot from http://mirror.netcologne.de/gentoo ...
Fetching file portage-20180702.tar.xz.md5sum ...
Fetching file portage-20180702.tar.xz.gpgsig ...
Fetching file portage-20180702.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jul 3 03:51:21 2018 EEST
gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key
(Automated Signing Key)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Fetching file portage-20180702.tar.bz2.md5sum ...
Fetching file portage-20180702.tar.bz2.gpgsig ...
Fetching file portage-20180702.tar.bz2 ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jul 3 03:51:20 2018 EEST
gpg:using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key
(Automated Signing Key)" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Fetching file portage-20180702.tar.gz.md5sum ...
The following command showed that all Gentoo signing keys in my system expired:
# gpg --homedir /var/lib/gentoo/gkeys/keyrings/gentoo/release
--with-fingerprint --list-keys
/var/lib/gentoo/gkeys/keyrings/gentoo/release/pubring.gpg
-
pub rsa4096 2014-10-03 [C] [expired: 2017-09-17]
D2DE 1DBB A0F4 3EBA 341B 97D8 8255 33CB F6CD 6C97
uid [ expired] Gentoo-keys Team
pub dsa1024 2004-07-20 [SC] [expired: 2018-07-01]
D99E AC73 79A8 50BC E47D A5F2 9E64 38C8 1707 2058
uid [ expired] Gentoo Linux Release Engineering (Gentoo
Linux Release Signing Key)
pub rsa4096 2011-11-25 [C] [expired: 2018-07-01]
DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
uid [ expired] Gentoo Portage Snapshot Signing Key
(Automated Signing Key)
pub rsa4096 2009-08-25 [SC] [expired: 2017-08-25]
13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910
uid [ expired] Gentoo Linux Release Engineering (Automated
Weekly Release Key)
Trying to renew them manually with the following commands does not help:
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x825533CBF6CD6C97
gpg: key 825533CBF6CD6C97: 2 signatures not checked due to missing keys
gpg: key 825533CBF6CD6C97: public key "Gentoo-keys Team
" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xDB6B8C1F96D8BF6D
gpg: key DB6B8C1F96D8BF6D: 14 signatures not checked due to missing keys
gpg: key DB6B8C1F96D8BF6D: public key "Gentoo Portage Snapshot Signing
Key (Automated Signing Key)" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x9E6438C817072058
gpg: key 9E6438C817072058: 83 signatures not checked due to missing keys
gpg: key 9E6438C817072058: public key "Gentoo Linux Release
Engineering (Gentoo Linux Release Signing Key) "
imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
# gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xBB572E0E2D182910
gpg: key BB572E0E2D182910: 10 signatures not checked due to missing keys
gpg: key BB572E0E2D182910: 1 bad signature
gpg: key BB572E0E2D182910: public key "Gentoo Linux Release
Engineering (Automated Weekly Release Key) "
imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
Here https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Fetching_files
has been said the following:
If any of the keys installed from app-crypt/gentoo-keys should expire,
run gkeys from app-crypt/gkeys to refresh them from the key server:
root #emerge --ask app-crypt/gkeys
root #gkeys refresh-key -C gentoo
but gkeys are not stable in my architeture as it follows from the following:
$ eix gkeys
* app-crypt/gkeys
Available versions: ~0.2 ** {PYTHON_TARGETS="python2_7
python3_4 python3_5 python3_6"}
Homepage:https://wiki.gentoo.org/wiki/Project:Gentoo-keys
Description: An OpenPGP/GPG key management tool and python libs
* app-crypt/gkeys-gen
Available versions: ~0.2 ** {PYTHON_TARGETS="python2_7
python3_4 python3_5 python3_6"}
Homepage:https://wiki.gentoo.org/wiki/Project:Gentoo-keys
Description: Tool for generating OpenPGP/GPG keys using a
specifications file
