View previous topic :: View next topic |
Author |
Message |
bedtime n00b
Joined: 19 Dec 2012 Posts: 71
|
Posted: Sun Dec 30, 2012 4:24 am Post subject: [ SOLVED ] webrsync: not certified with a trusted signature |
|
|
I'm getting his message when I do a webrsync:
Code: | Tux user # emerge-webrsync
Fetching most recent snapshot ...
Trying to retrieve 20121229 snapshot from http://mirror.csclub.uwaterloo.ca/gentoo-distfiles ...
Fetching file portage-20121229.tar.xz.md5sum ...
Fetching file portage-20121229.tar.xz.gpgsig ...
Fetching file portage-20121229.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Sat Dec 29 19:53:34 2012 EST using RSA key ID C9189250
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Getting snapshot timestamp ...
Syncing local tree ...
Number of files: 160057
Number of files transferred: 28216
Total file size: 267.69M bytes
Total transferred file size: 38.30M bytes
Literal data: 38.30M bytes
Matched data: 0 bytes
File list size: 4.09M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 24.41M
Total bytes received: 577.68K
sent 24.41M bytes received 577.68K bytes 241.42K bytes/sec
total size is 267.69M speedup is 10.71
Cleaning up ...
* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
|
Is there a way I can somehow verify the signature?
Last edited by bedtime on Thu Jan 03, 2013 2:23 pm; edited 1 time in total |
|
Back to top |
|
|
dol-sen Retired Dev
Joined: 30 Jun 2002 Posts: 2805 Location: Richmond, BC, Canada
|
Posted: Sun Dec 30, 2012 5:54 am Post subject: |
|
|
I am working a a gentoo-keys app, for managing all gentoo release keys and developer keys for some internal gentoo specific verification.
But until then you need to import the keys manually using gnupg. There are lots of setup docs available, it's not difficult.
http://www.gentoo.org/proj/en/releng/ <== has the valid key listings and fingerprints.
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=3 <== official docs
http://en.gentoo-wiki.com/wiki/Secured_Portage_Sync <== good setup instructions.
[edit] Forgot to mention, that getting verisign and other key verification services is not easy for an organization like Gentoo, not to mention expensive.
So that is why it doesn't recognize gentoo's key as valid out of the box. _________________ Brian
Porthole, the Portage GUI frontend irc@freenode: #gentoo-guis, #porthole, Blog
layman, gentoolkit, CoreBuilder, esearch... |
|
Back to top |
|
|
bedtime n00b
Joined: 19 Dec 2012 Posts: 71
|
Posted: Sun Dec 30, 2012 1:38 pm Post subject: |
|
|
I had originally followed these instructions before this post and my above post was the results.
I followed these instructions with the same result:
Code: | tux user # emerge-webrsync
Fetching most recent snapshot ...
Trying to retrieve 20121229 snapshot from http://mirror.csclub.uwaterloo.ca/gentoo-distfiles ...
Fetching file portage-20121229.tar.xz.md5sum ...
Fetching file portage-20121229.tar.xz.gpgsig ...
Fetching file portage-20121229.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Sat Dec 29 19:53:34 2012 EST using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Getting snapshot timestamp ...
Syncing local tree ...
Number of files: 160057
Number of files transferred: 1
Total file size: 267.69M bytes
Total transferred file size: 40 bytes
Literal data: 40 bytes
Matched data: 0 bytes
File list size: 4.09M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 4.11M
Total bytes received: 23.92K
sent 4.11M bytes received 23.92K bytes 119.97K bytes/sec
total size is 267.69M speedup is 64.68
Cleaning up ...
* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
|
Maybe I am missing something?
Here is my /etc/portage/make.conf:
Code: | # These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="i686-pc-linux-gnu"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="-bluetooth -cdr -dvd -dvdr -gnome -gtk -ppds -pppd"
MAKEOPTS="-j2"
ACCEPT_LICENCE="*"
INPUT_DEVICES="evdev synaptics"
VIDEO_CARDS="intel"
# Cryptographically validated Portage tree snapshot information
FEATURES="collision-protect test webrsync-gpg"
PORTAGE_GPG_DIR="/etc/portage/gnupg"
SYNC=""
# 10 Fastest http mirrors
GENTOO_MIRRORS="http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/
http://chi-10g-1-mirror.fastsoft.net/pub/linux/gentoo/gentoo-distfiles/
http://mirror.datapipe.net/gentoo
http://mirror.the-best-hosting.net
http://mirrors.rit.edu/gentoo/
http://mirror.mcs.anl.gov/pub/gentoo/
http://mirror.lug.udel.edu/pub/gentoo/
http://gentoo.netnitco.net
http://gentoo.mirrors.tds.net/gentoo
http://gentoo.cites.uiuc.edu/pub/gentoo/"
|
|
|
Back to top |
|
|
salahx Guru
Joined: 12 Mar 2005 Posts: 530
|
Posted: Sun Dec 30, 2012 3:54 pm Post subject: |
|
|
Create a /etc/portage/gnupg/gpg.conf file and add the following line:
Code: | trusted-key DB6B8C1F96D8BF6D |
The trusted-key option requires the long keyid, to display it, use gpg --list-keys --keyid-format long. Use at your own peril, mske sure you have the right key! |
|
Back to top |
|
|
bedtime n00b
Joined: 19 Dec 2012 Posts: 71
|
Posted: Sun Dec 30, 2012 4:47 pm Post subject: |
|
|
salahx wrote: | Create a /etc/portage/gnupg/gpg.conf file and add the following line:
Code: | trusted-key DB6B8C1F96D8BF6D |
The trusted-key option requires the long keyid, to display it, use gpg --list-keys --keyid-format long. Use at your own peril, mske sure you have the right key! |
Thank you, this seems to work. Is this what it should say:
Code: | tux user # emerge-webrsync
Fetching most recent snapshot ...
Trying to retrieve 20121229 snapshot from http://mirror.datapipe.net/gentoo ...
Fetching file portage-20121229.tar.xz.md5sum ...
Fetching file portage-20121229.tar.xz.gpgsig ...
Fetching file portage-20121229.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Sat Dec 29 19:53:34 2012 EST using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)"
Getting snapshot timestamp ...
Syncing local tree ...
Number of files: 160057
Number of files transferred: 1
Total file size: 267.69M bytes
Total transferred file size: 40 bytes
Literal data: 40 bytes
Matched data: 0 bytes
File list size: 4.09M
File list generation time: 0.002 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 4.11M
Total bytes received: 23.92K
sent 4.11M bytes received 23.92K bytes 110.37K bytes/sec
total size is 267.69M speedup is 64.68
Cleaning up ...
* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
|
Btw, thank you both!
** EDIT **
This seems to work fine:
Add to /etc/portage/make.conf:
Code: | PORTAGE_GPG_DIR="/etc/portage/gpg"
FEATURES="webrsync-gpg parallel-fetch userfetch userpriv usersandbox"
SYNC=""
|
Code: | emerge app-arch/tarsync app-crypt/gnupg
killall gpg-agent
rm -r /etc/portage/gpg*
gpg-agent --daemon
mkdir -p /etc/portage/gpg
chmod 0700 /etc/portage/gpg
echo "trusted-key DB6B8C1F96D8BF6D" >> /etc/portage/gpg/gpg.conf
echo "trusted-key 9E6438C817072058" >> /etc/portage/gpg/gpg.conf
echo "trusted-key BB572E0E2D182910" >> /etc/portage/gpg/gpg.conf
gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net --recv-keys 0x96D8BF6D 0x17072058 0x2D182910
gpg --homedir /etc/portage/gpg --edit-key 0x96D8BF6D trust
5
y
enable
save
gpg --homedir /etc/portage/gpg --edit-key 0x17072058 trust
5
y
enable
save
gpg --homedir /etc/portage/gpg --edit-key 0x2D182910 trust
5
y
enable
save
emerge-webrsync
|
|
|
Back to top |
|
|
|