/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qubes-builder - QubesOS git: qubes-linux-dom0-updates.git signed with an expired key #1345

Closed
tlaurion opened this Issue Oct 18, 2015 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@tlaurion @marmarek
@tlaurion
Contributor

tlaurion commented Oct 18, 2015

When trying to use linux-dom0-updates in the builder to add specific deprecated Xorg drivers required to support kfsn4-dre libreboot board, I get an error since it was signed with an expired gpg key.

To reproduce:

diff example-configs/qubes-os-r3.0.conf builder.conf

4a5
> NO_SIGN=1
11,12c12,13
< DIST_DOM0 ?= fc20
< DISTS_VM ?= fc21 wheezy jessie

---
> DIST_DOM0 ?= fc21
> DISTS_VM ?= fc21
15c16,17
<     vmm-xen \

---
>     linux-dom0-updates \
>   vmm-xen \
40c42
<     vmm-xen-windows-pvdrivers \

---
>     #vmm-xen-windows-pvdrivers \
46a49
> BRANCH_linux-dom0-updates = master

error while doing make get-sources:

[...]
-> Updating sources for linux-dom0-updates...
--> Fetching from https://github.com/QubesOS/qubes-linux-dom0-updates.git release3.0...
--> Verifying tags...
No valid signed tag found!
---> One of invalid tag:
object c316a9742e707905a1d303e0ab6e80373b6adc34
type commit
tag R2-Beta2
tagger Joanna Rutkowska <joanna@invisiblethingslab.com> 1362219535 +0000

R2-Beta2
gpg: Signature made Sat 02 Mar 2013 05:18:55 AM EST using RSA key ID 65EF29CA
gpg: Good signature from "Joanna Rutkowska (Qubes OS Signing Key) <joanna@invisiblethingslab.com>"
gpg: Note: This key has expired!
Primary key fingerprint: 4CF3 016F E429 00CA B871  78B2 FB5D AEE1 65EF 29CA
error: could not verify the tag 'R2-Beta2'
Makefile:172: recipe for target 'get-sources' failed
make: *** [get-sources] Error 1

Thierry
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 18, 2015

Member

BRANCH_linux-dom0-updates = master

Replace '-' with '_':
BRANCH_linux_dom0_updates = master

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Oct 18, 2015

BRANCH_linux-dom0-updates = master

Replace '-' with '_':
BRANCH_linux_dom0_updates = master

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 18, 2015

Member

And 'linux-dom0-updates' component isn't included in builder.conf for
R3.0 (the repository on that branch is basically empty). Anyway added
R3.0 tag with non-expired key.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Member

marmarek commented Oct 18, 2015

And 'linux-dom0-updates' component isn't included in builder.conf for
R3.0 (the repository on that branch is basically empty). Anyway added
R3.0 tag with non-expired key.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

@marmarek marmarek closed this Nov 2, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment