[Dev] GPG keys not recognized by Winstone

Andreas Grapentin andreas at grapentin.org
Mon May 1 06:48:31 GMT 2017


I did some more digging, and it seems that pacman-key on winston needs a
trustdb update. pacman-key is unable to verify on its own:

  [repo at winston ~]$ GNUPGHOME=/etc/pacman.d/gnupg/ gpg --verify staging/andi/staging/libre/cups-filters-1.13.4-1.parabola3-x86_64.pkg.tar.xz.sig
  gpg: WARNING: unsafe ownership on homedir '/etc/pacman.d/gnupg/'
  gpg: assuming signed data in 'staging/andi/staging/libre/cups-filters-1.13.4-1.parabola3-x86_64.pkg.tar.xz'
  gpg: Signature made Mon 01 May 2017 06:33:03 AM GMT
  gpg:                using RSA key BFA8008A8265677063B11BF47171986E4B745536
  gpg: Note: trustdb not writable
  gpg: checking the trustdb
  gpg: trustdb rec 30: write failed (n=-1): Bad file descriptor
  gpg: trustdb: sync failed: Bad file descriptor

once you add --no-auto-check-trustdb, it seems to work:

  [repo at winston ~]$ GNUPGHOME=/etc/pacman.d/gnupg/ gpg --no-auto-check-trustdb --verify staging/andi/staging/libre/cups-filters-1.13.4-1.parabola3-x86_64.pkg.tar.xz.sig
  gpg: WARNING: unsafe ownership on homedir '/etc/pacman.d/gnupg/'
  gpg: assuming signed data in 'staging/andi/staging/libre/cups-filters-1.13.4-1.parabola3-x86_64.pkg.tar.xz'
  gpg: Signature made Mon 01 May 2017 06:33:03 AM GMT
  gpg:                using RSA key BFA8008A8265677063B11BF47171986E4B745536
  gpg: Note: trustdb not writable
  gpg: please do a --check-trustdb
  gpg: Good signature from "Andreas Grapentin <andreas.grapentin at hpi.uni-potsdam.de>" [unknown]
  gpg:                 aka "Andreas Grapentin <andreas at grapentin.org>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: BFA8 008A 8265 6770 63B1  1BF4 7171 986E 4B74 5536

trustdb updates need root powers though, so someone with the required
permissions needs to do it :)

-A

On Sun, Apr 30, 2017 at 05:46:14PM -0300, Megver83 wrote:
> Hi everyone. Some days ago ovruni told us he had problems with his GPG
> key and he couldn't upload anything to the repositories. Recently I
> noted that I was having the same issue, and oaken-source also (he said
> it on IRC). Looks like our keys are untrusted (or not recognized?) -->
> https://dpaste.de/Rkue/raw
> this is the output of 'librerelase' --> https://dpaste.de/vOD1/raw
> 
> I hope this fixes soon, right now there are some urgent packages to
> upload. Thanks in advance.
> 
> Cheers.
> 
> -- 
> SIP: megver83 at sip.linphone.org
> XMPP: megver83 at diasp.org
> Tox: megver83 at toxme.io
> GPG: 0x227CA7C556B2BA78
> GNUSocial: @megver83 at quitter.cl
> Diaspora*: David P. (same XMPP ID)
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev

-- 

------------------------------------------------------------------------------
my GPG Public Key:                 https://files.grapentin.org/.gpg/public.key
------------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170501/7bccc3a3/attachment.sig>


More information about the Dev mailing list