View previous topic :: View next topic |
Author |
Message |
charles17 Advocate
Joined: 02 Mar 2008 Posts: 3664
|
Posted: Tue Jan 19, 2016 5:17 pm Post subject: Checking signature after emerge-webrsync - GPG question |
|
|
I am trying emerge-webrsync with app-crypt/gentoo-keys according to this section from handbook.
Quote: | * Running $myvarcmd
>>> Syncing repository 'gentoo' into '/usr/portage'...
Fetching most recent snapshot ...
Trying to retrieve 20160118 snapshot from ftp://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.bz2.md5sum ...
Fetching file portage-20160118.tar.gz.md5sum ...
Trying to retrieve 20160118 snapshot from rsync://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.bz2.md5sum ...
Fetching file portage-20160118.tar.gz.md5sum ...
Trying to retrieve 20160118 snapshot from http://de-mirror.org/gentoo ...
Fetching file portage-20160118.tar.xz.md5sum ...
Fetching file portage-20160118.tar.xz.gpgsig ...
Fetching file portage-20160118.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Tue Jan 19 01:58:13 2016 CET using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Getting snapshot timestamp ...
Syncing local tree ...
tar: portage/metadata/.checksum-test-marker: time stamp 2017-06-29 21:25:21 is 45543334.992000089 s in the future
Number of files: 207,384 (reg: 180,079, dir: 27,305)
Number of created files: 207,383 (reg: 180,079, dir: 27,304)
Number of deleted files: 0
Number of regular files transferred: 180,079
Total file size: 397.38M bytes
Total transferred file size: 397.38M bytes
Literal data: 397.38M bytes
Matched data: 0 bytes
File list size: 5.25M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 176.29M
Total bytes received: 3.55M
sent 176.29M bytes received 3.55M bytes 612.73K bytes/sec
total size is 397.38M speedup is 2.21
Cleaning up ...
=== Sync completed for gentoo |
Now I am a little confused by that gpg: WARNING: This key is not certified with a trusted signature! message. What does it mean, what's missing? I'm not a GPG expert. |
|
Back to top |
|
|
Princess Nell l33t
Joined: 15 Apr 2005 Posts: 914
|
|
Back to top |
|
|
charles17 Advocate
Joined: 02 Mar 2008 Posts: 3664
|
Posted: Wed Jan 20, 2016 8:31 am Post subject: |
|
|
Princess Nell
Thanks for the link. Exactly what I was looking for. |
|
Back to top |
|
|
bwakkie n00b
Joined: 17 Aug 2006 Posts: 14
|
Posted: Thu Jan 21, 2016 12:14 pm Post subject: back from the future? |
|
|
I did a emerge-webrsync today with a tar with the same timestamp...
2017-06-29 21:25:21
is the source machine that is creating the tar ok as it seams it is not??
and by the way, i didn't have the gpg conflict
regards |
|
Back to top |
|
|
charles17 Advocate
Joined: 02 Mar 2008 Posts: 3664
|
Posted: Thu Jan 21, 2016 1:00 pm Post subject: .checksum-test-marker: time stamp is ..... s in the future |
|
|
bwakkie wrote: | I did a emerge-webrsync today with a tar with the same timestamp...
2017-06-29 21:25:21 |
Same here: Quote: | * Running $myvarcmd
>>> Syncing repository 'gentoo' into '/usr/portage'...
Fetching most recent snapshot ...
Trying to retrieve 20160120 snapshot from http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo ...
Fetching file portage-20160120.tar.xz.md5sum ...
Fetching file portage-20160120.tar.xz.gpgsig ...
Fetching file portage-20160120.tar.xz ...
Checking digest ...
Checking signature ...
gpg: Signature made Thu Jan 21 01:58:05 2016 CET using RSA key ID C9189250
gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D
Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250
Getting snapshot timestamp ...
Syncing local tree ...
tar: portage/metadata/.checksum-test-marker: time stamp 2017-06-29 21:25:21 is 45386482.473168404 s in the future
|
/usr/portage/metadata/.checksum-test-marker wrote: | ~ $ cat /usr/portage/metadata/.checksum-test-marker
1453337129 Thu Jan 21 00:45:29 UTC 2016
# Testcase for mirror network:
# Watch the value over a day, if unchanging then
# one or more mirrors is missing --checksum
# Please check bug #572168 for status (review for duplicates).
|
bwakkie wrote: | is the source machine that is creating the tar ok as it seams it is not??
and by the way, i didn't have the gpg conflict | How did you configure the webrsync-gpg? |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3919 Location: Hamburg
|
Posted: Sun May 22, 2016 8:44 am Post subject: |
|
|
"Unable to connect" |
|
Back to top |
|
|
Massimo B. Veteran
Joined: 09 Feb 2005 Posts: 1753 Location: PB, Germany
|
Posted: Thu Aug 17, 2017 5:49 pm Post subject: |
|
|
Hi, some similar question we discussed recently here: Validated Gentoo repository snapshots
There it was said there is a bug envolved, but no activity yet. _________________ HP ZBook Power 15.6" G8 i7-11800H|HP EliteDesk 800G1 i7-4790|HP Compaq Pro 6300 i7-3770 |
|
Back to top |
|
|
|