Re: [gentoo-dev] A problem with updating my key (again)

Wed, 14 Jun 2023 19:09:49 -0700 

On Tue, Jun 13, 2023 at 05:00:16PM +0000, Andrey Grozin wrote:
> Hi *,
> 
> My key was going to expire soon. So, as usual, I have prolonged it for the 
> next year (several days ago). I've sent it to the Gentoo keyserver. I've 
> checked that the fingerpring of my key in LDAP coinsides with the 
> fingerprint I see locally.
Hi Andrey,

As I wrote in the direct email to you, your new key is not present on
any of the three keyservers. You said you sent it to the keyserver, but
I don't see it there. Can you please confirm what you used to upload it?

It should be these steps:
https://wiki.gentoo.org/wiki/Project:Infrastructure/Generating_GLEP_63_based_OpenPGP_keys#Submit_the_new_key_to_the_keyserver

I have just verified that the steps work because I had to update the
expiry on my own keys, and the new expiry can be verified:
https://keys.gentoo.org/pks/lookup?search=robbat2&fingerprint=on&hash=on&op=vindex

You can check that it's present shortly after uploading again:
https://keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex

If the servers are out of sync, it can be seen as well (they are in sync
as I write this):
https://motmot.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
https://trogan.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex
https://kookaburra.keys.gentoo.org/pks/lookup?search=grozin&fingerprint=on&hash=on&op=vindex

> It seems that the remote git has ignored the fact that my key has been 
> prolonged about 3 days ago. One year ago I had the same situation. Is 
> there any reliable way to inform this git hook about the prolongation of 
> my key?
After uploading updates to an existing key, you should need to wait at
most 20 minutes: the keyservers are exported to a keyring, that's hosted
on the qa-reports site, and that keyring is fetched frequently by other
hosts that have a need to verify keys.

If you upload a *new* primary key, you need update ldap (yourself) and
then to alert infra to re-sync the gitolite listing of permitted keys
for your user.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

Attachment: signature.asc
Description: PGP signature

Reply via email to