www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - GPG Public Key expired?

reply divi <a b5.re> writes:
$ curl -fsS https://dlang.org/install.sh | bash -s dmd
Downloading and unpacking 
http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 
0f, 1u
gpg: next trustdb check due at 2022-03-12
gpg: Signature made Mon 11 May 2020 16:54:29 BST
gpg:                using RSA key 
3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
gpg: Can't check signature: No public key
Invalid signature 
http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig
May 21
next sibling parent reply sebasg <bzwf3xxbmp b27bs.anonbox.net> writes:
On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
 $ curl -fsS https://dlang.org/install.sh | bash -s dmd
 Downloading and unpacking 
 http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz

 gpg: checking the trustdb
 gpg: marginals needed: 3  completes needed: 1  trust model: pgp
 gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 
 0f, 1u
 gpg: next trustdb check due at 2022-03-12
 gpg: Signature made Mon 11 May 2020 16:54:29 BST
 gpg:                using RSA key 
 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
 gpg: Can't check signature: No public key
 Invalid signature 
 http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig
 gpg:                using RSA key 
 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
 gpg: Can't check signature: No public key
Currently, that key is not part of the publicly known keys and is not in the provided keyring: https://dlang.org/gpg_keys.html Maybe it's a new release-signing key and the keyring hasn't been updated yet. Or maybe something worse.
May 22
parent sebasg <bvccj3ah2k b27bs.anonbox.net> writes:
On Friday, 22 May 2020 at 10:05:54 UTC, sebasg wrote:
 Currently, that key is not part of the publicly known keys and 
 is not in the provided
 keyring: https://dlang.org/gpg_keys.html

 Maybe it's a new release-signing key and the keyring hasn't 
 been updated yet.
 Or maybe something worse.
Wrong, it's actually there, a subkey: pub rsa4096 2020-03-12 [SC] [expires: 2022-03-12] F46A 10D0 AB44 C3D1 5DD6 5797 BCDD 73FF C3EB 6146 uid [ unknown] Martin Nowak <code dawg.eu> uid [ unknown] Martin Nowak <martin.nowak 7learnings.com> uid [ unknown] Martin Nowak <martin dlang.org> sub rsa4096 2020-03-12 [E] [expires: 2022-03-12] B926 14C2 1EC5 779D C678 468E 9A81 3AD3 C115 08BC sub rsa4096 2020-03-12 [S] [expires: 2022-03-12] 3AAF 1A18 E61F 6FAA 3B71 93E4 DB8C 5218 B932 9CF8
May 22
prev sibling parent reply Seb <seb wilzba.ch> writes:
On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
 $ curl -fsS https://dlang.org/install.sh | bash -s dmd
 Downloading and unpacking 
 http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz

 gpg: checking the trustdb
 gpg: marginals needed: 3  completes needed: 1  trust model: pgp
 gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 
 0f, 1u
 gpg: next trustdb check due at 2022-03-12
 gpg: Signature made Mon 11 May 2020 16:54:29 BST
 gpg:                using RSA key 
 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
 gpg: Can't check signature: No public key
 Invalid signature 
 http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig
I think what's happening is that your local keyring is outdated. The install script doesn't automatically update the keyring (nor warns you about the keyring being outdated). Unfortunately a well-known bug/problem/limitation. You probably ran the install script at some point in the past and it created ~/dlang/d-keyring.gpg. The fix should be to run this: $ ~/dlang/install.sh update This will result in the script updating itself and the keyring. (The install script from prior runs gets installed at ~/dlang/install.sh)
May 22
parent divi <a b5.re> writes:
On Friday, 22 May 2020 at 11:56:57 UTC, Seb wrote:
 On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
 [...]
I think what's happening is that your local keyring is outdated. The install script doesn't automatically update the keyring (nor warns you about the keyring being outdated). Unfortunately a well-known bug/problem/limitation. You probably ran the install script at some point in the past and it created ~/dlang/d-keyring.gpg. The fix should be to run this: $ ~/dlang/install.sh update This will result in the script updating itself and the keyring. (The install script from prior runs gets installed at ~/dlang/install.sh)
Excellent, that worked. Thanks!
May 22