From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] A problem with updating my key (again)
Date: Thu, 15 Jun 2023 02:09:45 +0000 [thread overview]
Message-ID: <robbat2-20230615T020214-257711547Z@orbis-terrarum.net> (raw)
In-Reply-To: <4d69ec37-1c28-15ab-f476-d73a2c649fed@woodpecker.gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 2339 bytes --]
On Tue, Jun 13, 2023 at 05:00:16PM +0000, Andrey Grozin wrote:
> Hi *,
>
> My key was going to expire soon. So, as usual, I have prolonged it for the
> next year (several days ago). I've sent it to the Gentoo keyserver. I've
> checked that the fingerpring of my key in LDAP coinsides with the
> fingerprint I see locally.
Hi Andrey,
As I wrote in the direct email to you, your new key is not present on
any of the three keyservers. You said you sent it to the keyserver, but
I don't see it there. Can you please confirm what you used to upload it?
It should be these steps:
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys#Submit_the_new_key_to_the_keyserver
I have just verified that the steps work because I had to update the
expiry on my own keys, and the new expiry can be verified:
https://keys.gentoo.org/pks/lookup?search=robbat2&fingerprint=on&hash=on&op=vindex
You can check that it's present shortly after uploading again:
https://keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
If the servers are out of sync, it can be seen as well (they are in sync
as I write this):
https://motmot.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
https://trogan.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
https://kookaburra.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
> It seems that the remote git has ignored the fact that my key has been
> prolonged about 3 days ago. One year ago I had the same situation. Is
> there any reliable way to inform this git hook about the prolongation of
> my key?
After uploading updates to an existing key, you should need to wait at
most 20 minutes: the keyservers are exported to a keyring, that's hosted
on the qa-reports site, and that keyring is fetched frequently by other
hosts that have a need to verify keys.
If you upload a *new* primary key, you need update ldap (yourself) and
then to alert infra to re-sync the gitolite listing of permitted keys
for your user.
--
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 1113 bytes --]
prev parent reply other threads:[~2023-06-15 2:09 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-13 17:00 [gentoo-dev] A problem with updating my key (again) Andrey Grozin
2023-06-13 17:21 ` Sam James
2023-06-15 2:09 ` Robin H. Johnson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=robbat2-20230615T020214-257711547Z@orbis-terrarum.net \
--to=robbat2@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox