Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not working release-key import #39114

Closed
starfish719 opened this issue Jun 22, 2021 · 6 comments
Closed

Not working release-key import #39114

starfish719 opened this issue Jun 22, 2021 · 6 comments
Labels
release-agenda Issues and PRs to discuss during the meetings of the Release team.

Comments

@starfish719
Copy link

starfish719 commented Jun 22, 2021
edited
Loading

  • Version:
  • Platform:
  • Subsystem:

What steps will reproduce the bug?

Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all.
  • Update import command on readme, please. 🙏

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

#9 sha256:9ae7e26adcdcc8596511b4338d2b7776f52d974d2ee5944807abf234a7a83a9f
#9 0.350 + gpg --keyserver hkp://pool.sks-keyservers.net--recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C
#9 0.355 gpg: directory '/root/.gnupg' created
#9 0.355 gpg: keybox '/root/.gnupg/pubring.kbx' created
#9 1.175 gpg: keyserver receive failed: No name
@targos
Copy link
Member

targos commented Jun 22, 2021

Also reported at nodejs/docker-node#1500

@richardlau richardlau added the release-agenda Issues and PRs to discuss during the meetings of the Release team. label Jun 22, 2021
@richardlau richardlau mentioned this issue Jun 22, 2021
Closed
@Ayase-252 Ayase-252 mentioned this issue Jul 7, 2021
Closed
@janvorli janvorli mentioned this issue Jul 9, 2021
Merged
@mmarchini
Copy link
Contributor

Should we update our README with instructions to pool from ubuntu or openpgp as suggested here?

@Mesteery
Copy link
Contributor

#39227

@duxsco
Copy link

duxsco commented Aug 26, 2021
edited
Loading

Nowadays, https://keys.openpgp.org is the best keyserver to use (IMHO).

As long as the Node.js release engineers don't verify their e-mail addresses I can think of only two suitable ways to fetch the public keys from https://keys.openpgp.org:

This means that unpatched versions of GnuPG cannot receive updates from keys.openpgp.org for keys that don't have any verified email address.

source: https://keys.openpgp.org/about/faq#older-gnupg

  1. Approach "go via a roundabout way":
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 74F12602B6F1C4E913FAA37AD3A89613643B6201
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B9E2F5981AA6E0CD28160D9FF13993A75599653C
gpg --keyserver hkps://keys.openpgp.org --refresh-keys

I am doing a gpg --refresh-keys, because some public keys used to be expired at hkps://keyserver.ubuntu.com.

  1. Approach "go via API":
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/4ED778F539E3634C779C87C6D7062848A1AB005C | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/74F12602B6F1C4E913FAA37AD3A89613643B6201 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/DD8F2338BAE7501E3DD5AC78C273792F7D83545D | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/A48C2BEE680E841632CD4E44F07496B3EB3C1762 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/108F52B48DB57BB0CC439B2997B01419BD92F80A | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/B9E2F5981AA6E0CD28160D9FF13993A75599653C | gpg --import

🤔 Four public keys are causing problems:

curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/94AE36675C464D64BAFA68DD7434390BDBE9B9C5 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/A48C2BEE680E841632CD4E44F07496B3EB3C1762 | gpg --import
curl -fsSL --tlsv1.3 --proto '=https' https://keys.openpgp.org/vks/v1/by-fingerprint/B9E2F5981AA6E0CD28160D9FF13993A75599653C | gpg --import

... results in:

gpg: key 0xC97EC7A07EDE3FC1: no user ID
gpg: Total number processed: 1
gpg: key 0x7434390BDBE9B9C5: no user ID
gpg: Total number processed: 1
gpg: key 0xF07496B3EB3C1762: no user ID
gpg: Total number processed: 1
gpg: key 0xF13993A75599653C: no user ID
gpg: Total number processed: 1

@duxsco
Copy link

duxsco commented Aug 26, 2021

I think the release engineers should push their public keys to https://keys.openpgp.org/ and verify their e-mail addresses. Alternatively, the Node.js project could host their own keyserver like the people from the Gentoo Linux project:
https://www.gentoo.org/downloads/signatures/

@maco maco mentioned this issue Oct 5, 2021
Closed
@Mesteery Mesteery mentioned this issue Oct 14, 2021
Closed
@targos
Copy link
Member

targos commented Feb 18, 2022

Fixed in #39227

@targos targos closed this as completed Feb 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
release-agenda Issues and PRs to discuss during the meetings of the Release team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@duxsco @targos @mmarchini @richardlau @starfish719 @Mesteery