Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Checking signature after emerge-webrsync - GPG question
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 3664

PostPosted: Tue Jan 19, 2016 5:17 pm    Post subject: Checking signature after emerge-webrsync - GPG question Reply with quote

I am trying emerge-webrsync with app-crypt/gentoo-keys according to this section from handbook.
Quote:
* Running $myvarcmd
>>> Syncing repository 'gentoo' into '/usr/portage'...
Fetching most recent snapshot ...
Trying to retrieve 20160118 snapshot from ftp://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.bz2.md5sum ...
Fetching file portage-20160118.tar.gz.md5sum ...
Trying to retrieve 20160118 snapshot from rsync://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.bz2.md5sum ...
Fetching file portage-20160118.tar.gz.md5sum ...
Trying to retrieve 20160118 snapshot from http://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.xz.gpgsig ...
Fetching file portage-20160118.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jan 19 01:58:13 2016 CET using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
     Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250

Getting snapshot timestamp ...
Syncing local tree ...
tar: portage/metadata/.checksum-test-marker: time stamp 2017-06-29 21:25:21 is 45543334.992000089 s in the future

Number of files: 207,384 (reg: 180,079, dir: 27,305)
Number of created files: 207,383 (reg: 180,079, dir: 27,304)
Number of deleted files: 0
Number of regular files transferred: 180,079
Total file size: 397.38M bytes
Total transferred file size: 397.38M bytes
Literal data: 397.38M bytes
Matched data: 0 bytes
File list size: 5.25M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 176.29M
Total bytes received: 3.55M

sent 176.29M bytes received 3.55M bytes 612.73K bytes/sec
total size is 397.38M speedup is 2.21
Cleaning up ...
=== Sync completed for gentoo

Now I am a little confused by that gpg: WARNING: This key is not certified with a trusted signature! message. What does it mean, what's missing? I'm not a GPG expert.
Back to top
View user's profile Send private message
Princess Nell
l33t
l33t


Joined: 15 Apr 2005
Posts: 914

PostPosted: Tue Jan 19, 2016 10:27 pm    Post subject: Reply with quote

Recommended reading: the GNU Privacy Handbook, https://www.gnupg.org/gph/en/manual.html, in particular the section about trust, https://www.gnupg.org/gph/en/manual/x334.html.
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 3664

PostPosted: Wed Jan 20, 2016 8:31 am    Post subject: Reply with quote

Princess Nell wrote:
in particular the section about trust, https://www.gnupg.org/gph/en/manual/x334.html.

Princess Nell
Thanks for the link. Exactly what I was looking for.
Back to top
View user's profile Send private message
bwakkie
n00b
n00b


Joined: 17 Aug 2006
Posts: 14

PostPosted: Thu Jan 21, 2016 12:14 pm    Post subject: back from the future? Reply with quote

I did a emerge-webrsync today with a tar with the same timestamp...

2017-06-29 21:25:21

is the source machine that is creating the tar ok as it seams it is not??


and by the way, i didn't have the gpg conflict

regards
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 3664

PostPosted: Thu Jan 21, 2016 1:00 pm    Post subject: .checksum-test-marker: time stamp is ..... s in the future Reply with quote

bwakkie wrote:
I did a emerge-webrsync today with a tar with the same timestamp...

2017-06-29 21:25:21

Same here:
Quote:
* Running $myvarcmd
>>> Syncing repository 'gentoo' into '/usr/portage'...
Fetching most recent snapshot ...
Trying to retrieve 20160120 snapshot from http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo ...
Fetching file portage-20160120.tar.xz.md5sum ...
Fetching file portage-20160120.tar.xz.gpgsig ...
Fetching file portage-20160120.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Thu Jan 21 01:58:05 2016 CET using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
     Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Getting snapshot timestamp ...
Syncing local tree ...
tar: portage/metadata/.checksum-test-marker: time stamp 2017-06-29 21:25:21 is 45386482.473168404 s in the future

/usr/portage/metadata/.checksum-test-marker wrote:
~ $ cat /usr/portage/metadata/.checksum-test-marker
1453337129 Thu Jan 21 00:45:29 UTC 2016
# Testcase for mirror network:
# Watch the value over a day, if unchanging then
# one or more mirrors is missing --checksum
# Please check bug #572168 for status (review for duplicates).


bwakkie wrote:
is the source machine that is creating the tar ok as it seams it is not??


and by the way, i didn't have the gpg conflict
How did you configure the webrsync-gpg?
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3919
Location: Hamburg

PostPosted: Sun May 22, 2016 8:44 am    Post subject: Reply with quote

Princess Nell wrote:
Recommended reading: the GNU Privacy Handbook, https://www.gnupg.org/gph/en/manual.html, in particular the section about trust, https://www.gnupg.org/gph/en/manual/x334.html.
"Unable to connect" :-(
Back to top
View user's profile Send private message
Massimo B.
Veteran
Veteran


Joined: 09 Feb 2005
Posts: 1753
Location: PB, Germany

PostPosted: Thu Aug 17, 2017 5:49 pm    Post subject: Reply with quote

Hi, some similar question we discussed recently here: Validated Gentoo repository snapshots
There it was said there is a bug envolved, but no activity yet.
_________________
HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum