Re: Signature key id b5952cabdd765a20 not found

To: Roland Illig <roland.illig%gmx.de@localhost>
Subject: Re: Signature key id b5952cabdd765a20 not found
From: Jonathan Perkin <jperkin%mnx.io@localhost>
Date: Sat, 1 Oct 2022 22:08:38 +0100

* On 2022-10-01 at 21:46 BST, Roland Illig wrote:

Am 01.10.2022 um 22:18 schrieb Jonathan Perkin:

* On 2022-10-01 at 21:07 BST, Roland Illig wrote:

My next step was to run 'man pkg_install.conf', as indicated by the 'SEE
ALSO' section in 'man pkg_info'. There, I found that I could disable the
verification. What was missing was the information about how to properly
set up package verification.


You need to set GPG_KEYRING_VERIFY to point to a keyring file that
contains the public key used to sign the packages.


I solved the problem by starting from scratch, following the
instructions on https://pkgsrc.joyent.com/install-on-netbsd/.


Oh you're using my package kits.  In that case you missed this email:

  https://mail-index.netbsd.org/pkgsrc-users/2022/07/18/msg035942.html

The PGP key changed as part of the infrastructure migration, hencerequiring a new keyring.

I don't know where the key ID comes from. I tried this:

$ netpgpkeys --list-keys --keyring=/usr/pkg.old/etc/gnupg/pkgsrc.gpg
1 key found
"pub" 4096/"RSA (Encrypt or Sign)" "60115c645d402cc3" 2020-07-21
Key fingerprint: "c100 ee37 7b92 1a0d 477e 5dde 6011 5c64 5d40 2cc3 "
uid              "Joyent Package Signing (NetBSD) <pkgsrc%joyent.com@localhost>" ""
encryption 4096/"RSA (Encrypt or Sign)" "96c4af7fb9d919f5" 2020-07-21

This doesn't look like the b5952cabdd765a20 from the subject.

Yeh, netpgp has a weird way of displaying the key, and I also don'tunderstand how to map it to a GPG key id.

The newly downloaded bootstrap kit contains the correct key though. I
wonder where the old key came from or how I could find out more about
that old key, given only its key ID.


Explained above.

There's still a lot of work to be done until signed binary packages are
user-friendly. Having the packages signed is something I really like
though. I regard it as a basic requirement rather than a feature.

There are some rough edges, but on the whole they work brilliantly andI've been shipping them for around 8 years now with very few complaintsover many millions of installs. The key migration is something I've nothad to do up until recently, and it's hopefully a one-time thing.


--
Jonathan Perkin   -   mnx.io   -   pkgsrc.smartos.org
Open Source Complete Cloud   www.tritondatacenter.com

Follow-Ups:
- Re: Signature key id b5952cabdd765a20 not found
  - From: Rhialto
- Re: Signature key id b5952cabdd765a20 not found
  - From: Roland Illig

References:
- Signature key id b5952cabdd765a20 not found
  - From: Roland Illig
- Re: Signature key id b5952cabdd765a20 not found
  - From: Jonathan Perkin
- Re: Signature key id b5952cabdd765a20 not found
  - From: Roland Illig

Prev by Date: Re: Signature key id b5952cabdd765a20 not found
Next by Date: Re: Signature key id b5952cabdd765a20 not found
Previous by Thread: Re: Signature key id b5952cabdd765a20 not found
Next by Thread: Re: Signature key id b5952cabdd765a20 not found
Indexes:

Home | Main Index | Thread Index | Old Index