pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Signature key id b5952cabdd765a20 not found



Am 01.10.2022 um 22:18 schrieb Jonathan Perkin:
* On 2022-10-01 at 21:07 BST, Roland Illig wrote:

My next step was to run 'man pkg_install.conf', as indicated by the 'SEE
ALSO' section in 'man pkg_info'. There, I found that I could disable the
verification. What was missing was the information about how to properly
set up package verification.

You need to set GPG_KEYRING_VERIFY to point to a keyring file that
contains the public key used to sign the packages.

I solved the problem by starting from scratch, following the
instructions on https://pkgsrc.joyent.com/install-on-netbsd/.

I don't know where the key ID comes from. I tried this:

$ netpgpkeys --list-keys --keyring=/usr/pkg.old/etc/gnupg/pkgsrc.gpg
1 key found
"pub" 4096/"RSA (Encrypt or Sign)" "60115c645d402cc3" 2020-07-21
Key fingerprint: "c100 ee37 7b92 1a0d 477e 5dde 6011 5c64 5d40 2cc3 "
uid              "Joyent Package Signing (NetBSD) <pkgsrc%joyent.com@localhost>" ""
encryption 4096/"RSA (Encrypt or Sign)" "96c4af7fb9d919f5" 2020-07-21

This doesn't look like the b5952cabdd765a20 from the subject.

$ netpgpkeys --list-keys --keyring=/usr/pkg/etc/gnupg/pkgsrc.gpg
1 key found
"pub" 4096/"RSA (Encrypt or Sign)" "b5952cabdd765a20" 2022-06-30
Key fingerprint: "01b6 9b67 8d9c 79df a3a2 71af b595 2cab dd76 5a20 "
uid              "MNX Cloud Package Signing (NetBSD)
<pkgsrc+netbsd%smartos.org@localhost>" ""
encryption 4096/"RSA (Encrypt or Sign)" "58ae85f6c72658c9" 2022-06-30

The newly downloaded bootstrap kit contains the correct key though. I
wonder where the old key came from or how I could find out more about
that old key, given only its key ID.

There's still a lot of work to be done until signed binary packages are
user-friendly. Having the packages signed is something I really like
though. I regard it as a basic requirement rather than a feature.

Roland



Home | Main Index | Thread Index | Old Index