Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inactive projects do not have prolonged GPG keys #2921

Open
xsuchy opened this issue Sep 19, 2023 · 3 comments
Open

Inactive projects do not have prolonged GPG keys #2921

xsuchy opened this issue Sep 19, 2023 · 3 comments
Assignees
@xsuchy
Labels
pulp

Comments

@xsuchy
Copy link
Member

xsuchy commented Sep 19, 2023

I found that lots of Copr projects has expired keys. E.g.:

Error: the key keys/copr/copr-caoli5288-grub2.gpg expired at 2021-11-08 16:50:19+00:00
Error: the key keys/copr/copr-caoli5288-infinality-ultimate.gpg expired at 2021-11-10 17:05:03+00:00
Error: the key keys/copr/copr-caoli5288-ppsspp.gpg expired at 2021-03-25 16:24:55+00:00
Error: the key keys/copr/copr-caravel-electrum.gpg expired at 2023-02-17 15:05:21+00:00
Error: the key keys/copr/copr-carchioli-mastertech-itau.gpg expired at 2023-05-15 18:37:31+00:00
Error: the key keys/copr/copr-carladalri-Mastertech-Itau.gpg expired at 2023-05-15 18:49:03+00:00
Error: the key keys/copr/copr-carlwgeorge-blueflood-graphite-finder.gpg expired at 2023-04-18 19:31:25+00:00
Error: the key keys/copr/copr-carlwgeorge-docker-compose.gpg expired at 2022-07-24 21:49:01+00:00
Error: the key keys/copr/copr-carlwgeorge-drone.gpg expired at 2022-11-21 21:22:33+00:00
Error: the key keys/copr/copr-carlwgeorge-libsmbios-cpp.gpg expired at 2023-05-21 21:57:08+00:00
Error: the key keys/copr/copr-carlwgeorge-python3-docker.gpg expired at 2023-01-03 16:18:13+00:00
Error: the key keys/copr/copr-carlwgeorge-sabnzbd.gpg expired at 2023-02-16 20:09:02+00:00
Error: the key keys/copr/copr-carlwgeorge-sonarr.gpg expired at 2023-03-03 03:27:46+00:00
Error: the key keys/copr/copr-carlwgeorge-umirr.gpg expired at 2022-08-04 22:14:25+00:00
Error: the key keys/copr/copr-carlwgeorge-vimpager.gpg expired at 2022-07-15 20:29:21+00:00
Error: the key keys/copr/copr-casjay-apr.gpg expired at 2023-09-15 16:39:14+00:00
Error: the key keys/copr/copr-casjay-awffull.gpg expired at 2023-02-25 17:50:48+00:00
Error: the key keys/copr/copr-casjay-awstats.gpg expired at 2023-02-25 17:52:50+00:00

I investigated one:
https://copr.fedorainfracloud.org/coprs/adelton/cryfs
This is project that have newest build 4 years old. But it seems to be still used even for recent Fedora. But the gpg key is:

check-gpg-key.py copr-adelton-cryfs.gpg 
Error: the key copr-adelton-cryfs.gpg expired at 2023-04-02 18:19:49+00:00

I used this script to check https://github.com/xsuchy/distribution-gpg-keys/blob/main/check-gpg-key.py
@praiskup
Copy link
Member

Right, we actually prolong keys... but the public key is only copied to backend from keygen with new builds. Plus note #2894

@praiskup praiskup changed the title Inactive projects does not have prolonged GPG keys Inactive projects do not have prolonged GPG keys Sep 21, 2023
@praiskup praiskup added the pulp label Sep 21, 2023
@praiskup
Copy link
Member

@xsuchy already copy-pastes all the pub keys into distribution-gpg-keys-copr.rpm. At this time, we could automatically update all the out-dated pub keys on the backend side?

@praiskup
Copy link
Member

FTR: We prolong "year before expiration" of the old key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xsuchy xsuchy

Labels
pulp
Projects
CPT Kanban
Status: In 2 years
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xsuchy @praiskup