FS#69896 - [openssh] Wrong GPG key ID

Attached to Project: Arch Linux
Opened by tqre (tqre) - Saturday, 06 March 2021, 09:42 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 06 March 2021, 12:43 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Giancarlo Razzolini (grazzolini)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

The latest PKGBUILD seems to have a non-existing GPG-key. The latest packager: https://keyserver.ubuntu.com/pks/lookup?op=vindex&fingerprint=on&exact=on&search=0xF22FB1D78A77AEAB

And the correct entry in the PKGBUILD should be:
validpgpkeys=('ECCAC84C1BA08A6CC8E63FBBF22FB1D78A77AEAB')


Steps to reproduce:
run make on the latest PKGBUILD
This task depends upon

Closed by  Doug Newgard (Scimmia)
Saturday, 06 March 2021, 12:43 GMT
Reason for closing:  Not a bug
Comment by tqre (tqre) - Saturday, 06 March 2021, 09:55 GMT
Disregard the correction, it could also be that the new key is not uploaded to public keyservers.
Comment by loqs (loqs) - Saturday, 06 March 2021, 10:44 GMT
From [1] the current signing key is [2] which I believe is signed by the old key 59C2118ED206D927E667EBE3D3E5F56B6D920D30 however I may be misinterpreting the output of gpg.

[1] https://www.openssh.com/portable.html
[2] https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
Comment by tqre (tqre) - Saturday, 06 March 2021, 11:08 GMT
This the release key output, the last entry (starting pub rsa4096/2A) is valid, and the 59C2 -beginning has expired. Looks like the key is correct, it just can't be found from public keyservers.
```
$ gpg --keyid-format long RELEASE_KEY.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub dsa1024/CE8ECB0386FF9C48 2001-02-26 [SCA] [revoked: 2013-12-10]
3981992A1523ABA079DBFC66CE8ECB0386FF9C48
uid Damien Miller (Personal Key) <djm@mindrot.org>
sub elg2048/6994F355AA2B1C41 2001-02-26 [E] [revoked: 2013-12-10]
pub dsa1024/A2B989F511B5748F 1999-05-23 [SCA] [revoked: 2001-02-26]
D7B021BBE13CAAD97E07EE86A2B989F511B5748F
uid Damien Miller <dmiller@ilogic.com.au>
uid Damien Miller <djm@mindrot.org>
uid Damien Miller <dmiller@vitnet.com.sg>
sub elg1024/CA5C090B054B8791 1999-05-23 [E] [revoked: 2001-02-26]
sub xxx1024/DD7778C217439AA1 2000-11-29 [] [revoked: 2001-02-26]
pub dsa1024/A819A2D8691EF8DA 2001-02-26 [SCA]
5D7AE3047AB6D4C340EBD3D4A819A2D8691EF8DA
uid Damien Miller (Personal Key) <djm@mindrot.org>
sub elg1024/3459E92DAC69ED0C 2001-02-26 [E]
pub rsa3200/D3E5F56B6D920D30 2013-12-10 [SC] [expired: 2021-01-01]
59C2118ED206D927E667EBE3D3E5F56B6D920D30
uid Damien Miller <djm@mindrot.org>
sub rsa3200/FD67DAC6672A1105 2013-12-10 [E] [expired: 2021-01-01]
pub rsa4096/2A3F414E736060BA 2021-01-01 [SC]
7168B983815A5EEF59A4ADFD2A3F414E736060BA
uid Damien Miller <djm@mindrot.org>
sub rsa4096/3ED480EC74B39C46 2021-01-01 [E]
```

edit: code tags anyone? why aren't all fonts monospace? :D

Loading...