[Dev] packager gpg key expired
Andreas Grapentin
andreas at grapentin.org
Fri Apr 28 08:12:05 GMT 2017
The PGP key of emulatorman has expired:
$ gpg --list-keys emulatorman
pub rsa4096 2012-06-23 [SC] [expired: 2017-04-28]
C92BAA713B8D53D3CAE63FC9E6974752F9704456
uid [ expired] André Silva <emulatorman at riseup.net>
uid [ expired] André Silva <emulatorman at parabola.nu>
uid [ expired] [jpeg image of size 24564]
this means that pacman will fail to install any packges signed by André,
which are many. Even `librechroot make` fails now:
$ sudo librechroot make
==> Creating 'root' copy for chroot [default]
==> Creating install root at /home/andi/parabola/build/default/root
==> Installing packages to /home/andi/parabola/build/default/root
[ snip ... ]
(104/104) checking package integrity [################################] 100%
error: filesystem: signature from "André Silva <emulatorman at riseup.net>" is unknown trust
:: File /var/cache/pacman/pkg/filesystem-2017.03-2.parabola1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
[ 5 more follow ... ]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
==> ERROR: Failed to install packages to new root
==> ERROR: Failed to install all packages
What can we do? Do we need to rebuild these packages, or can we just
resign them using a valid key? If we need to rebuild, can we do it
without resorting to `SigLevel = Never` in pacman.conf, since
librechroot fails to make a working chroot?
Best,
Andreas
--
------------------------------------------------------------------------------
my GPG Public Key: https://files.grapentin.org/.gpg/public.key
------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170428/15073143/attachment.sig>
More information about the Dev
mailing list