New Torproject.org RPM signing key

[andrewdavidwong]

donoban@riseup.net:

Hi,

I get this GPG error doing upgrade to fedora 22:

Transaction Summary
=======================================
Install       8 Packages (+84 Dependent packages)
Upgrade    1361 Packages (+ 1 Dependent package)
Downgrade     1 Package

Total size: 1.3 G
Is this ok [y/d/N]: y
Downloading packages:
warning:
/var/cache/yum/x86_64/22/tor/packages/tor-0.2.7.5-tor.1.rh22.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID f4b85e0f: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-torproject.org.asc


The GPG keys listed for the "Tor experimental repo" repository are
already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.


 Failing package is: tor-0.2.7.5-tor.1.rh22.x86_64
 GPG Keys are configured as:
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-torproject.org.asc

After removing tor and qubes-tor packages it's updating fine.

@axon-qubes:

This is happening because the Torproject.org RPM signing key expired,
so the RPM maintainer decided to create a new key. (I'm not sure why
he didn't just extend the expiration date of the existing key and
continue using it. Maybe he didn't realize that was an option, or
maybe he had some reason for not doing that.)

The new key is at the same location as the old key:

https://deb.torproject.org/torproject.org/rpm/
RPM-GPG-KEY-torproject.org.asc

You can also get the new key as follows:

gpg --keyserver pool.sks-keyservers.net --recv-keys F4B85E0F
gpg -a --export E27344C4BD24BEDFE4F4C741803FEFB7F4B85E0F > tpo.asc
rpm --import tpo.asc

Make sure the fingerprint matches:

E273 44C4 BD24 BEDF E4F4  C741 803F EFB7 F4B8 5E0F

Can/Should the new key be obtained/included automatically for the user, or should I just add these instructions to the documentation?

[mfc]

at minimum I think these instructions should be included in:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/

FYI I had to run the rpm --import tpo.asc as sudo

[mfc]

at minimum I think these instructions should be included in:
https://www.qubes-os.org/doc/fedora-template-upgrade-21/

FYI I had to run the rpm --import tpo.asc as sudo

[marmarek]

Do we still need to use Tor experimental repo? qubes-tor package depends
on tor>=0.2.3, but Fedora 21 contains already 0.2.6.10. So maybe we can
simply drop that requirement?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

Do we still need to use Tor experimental repo? qubes-tor package depends
on tor>=0.2.3, but Fedora 21 contains already 0.2.6.10. So maybe we can
simply drop that requirement?

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[andrewdavidwong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Marek Marczykowski-Górecki:

Do we still need to use Tor experimental repo? qubes-tor package
depends on tor>=0.2.3, but Fedora 21 contains already 0.2.6.10. So
maybe we can simply drop that requirement?

The Tor Project recommends against using Fedora's repos, FWIW.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWZammAAoJEJh4Btx1RPV8T0QP/0+4UE7cjnDPv2HGJLZnrHOU
fIXGKHT9MWTcM0DeKOi009ZJKBvQdUcjIjQTQxfztBsfHSyKNIIZEwMt/Hckzut6
fDHrLq1t3rznt1+5LCs8ZkE6LdZvn5DYnJDuv0oLg8+YMswlfQJw/aLtsyGSh0G4
4RSolnNhlyVPJt4it5QHvjc2IN4mF9ZilOHbzYzqdzAZ3oOMghomnUCFiwmLQUuV
nOvJt95Jcn59tnu/M0s/9TEwt9Ot8qf9p8UMLdLu18q+Z3wVgO+Q72zCWWKyILlu
w2AjwDxgMDY4a7E7k5N04BKKOn78iwDbcHinRABQ1f/d1sVYaqSbWZGnFCjbFsI+
vFwFS0ViQE5HkMLDWRJiSD9J1P/miX4Or4Ol3mHQl5x0VM3TS9DWZdgja3L7Q1El
z+GI3pEHQnt7WaKKiW6+mr0qWCyS2hWNxSPhp9W3hVV2wsnE47IicVoqzUlMfNXi
o0mZLAIgudjWLfO0EiXS2aiFgqUgngMpr2bsdZijaJQpu0u7Qx2TMNzUf5WNuVzA
hrQVXYGlWiRxTZGqsnqMmAbUbXjHNGmc1gwmVoG0CgjlTP6dd2GHXN4t6hCAlTcl
TQB7wIBYt3gb9ZcLQAbmrAH2r939ooWH58/iOReM9itkeZswKro43rXXkiLM8RS6
z2xZOh8cR7/D+5MHdZd8
=orwd
-----END PGP SIGNATURE-----

[andrewdavidwong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Marek Marczykowski-Górecki:

Do we still need to use Tor experimental repo? qubes-tor package
depends on tor>=0.2.3, but Fedora 21 contains already 0.2.6.10. So
maybe we can simply drop that requirement?

The Tor Project recommends against using Fedora's repos, FWIW.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWZammAAoJEJh4Btx1RPV8T0QP/0+4UE7cjnDPv2HGJLZnrHOU
fIXGKHT9MWTcM0DeKOi009ZJKBvQdUcjIjQTQxfztBsfHSyKNIIZEwMt/Hckzut6
fDHrLq1t3rznt1+5LCs8ZkE6LdZvn5DYnJDuv0oLg8+YMswlfQJw/aLtsyGSh0G4
4RSolnNhlyVPJt4it5QHvjc2IN4mF9ZilOHbzYzqdzAZ3oOMghomnUCFiwmLQUuV
nOvJt95Jcn59tnu/M0s/9TEwt9Ot8qf9p8UMLdLu18q+Z3wVgO+Q72zCWWKyILlu
w2AjwDxgMDY4a7E7k5N04BKKOn78iwDbcHinRABQ1f/d1sVYaqSbWZGnFCjbFsI+
vFwFS0ViQE5HkMLDWRJiSD9J1P/miX4Or4Ol3mHQl5x0VM3TS9DWZdgja3L7Q1El
z+GI3pEHQnt7WaKKiW6+mr0qWCyS2hWNxSPhp9W3hVV2wsnE47IicVoqzUlMfNXi
o0mZLAIgudjWLfO0EiXS2aiFgqUgngMpr2bsdZijaJQpu0u7Qx2TMNzUf5WNuVzA
hrQVXYGlWiRxTZGqsnqMmAbUbXjHNGmc1gwmVoG0CgjlTP6dd2GHXN4t6hCAlTcl
TQB7wIBYt3gb9ZcLQAbmrAH2r939ooWH58/iOReM9itkeZswKro43rXXkiLM8RS6
z2xZOh8cR7/D+5MHdZd8
=orwd
-----END PGP SIGNATURE-----

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc20 has been pushed to the r3.0 testing repository for the Fedora fc20 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc21 has been pushed to the r3.0 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc22 has been pushed to the r3.0 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc22 has been pushed to the r3.0 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc23 has been pushed to the r3.0 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc23 has been pushed to the r3.0 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.1 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.1 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.0 testing repository for the Debian wheezy template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing wheezy-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.1 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.1 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc20 has been pushed to the r3.0 stable repository for the Fedora fc20 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc20 has been pushed to the r3.0 stable repository for the Fedora fc20 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc21 has been pushed to the r3.0 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc21 has been pushed to the r3.0 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc22 has been pushed to the r3.0 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc22 has been pushed to the r3.0 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc23 has been pushed to the r3.0 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor-0.1.14-1.fc23 has been pushed to the r3.0 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.1 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.1 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.1 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.1 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.0 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb8u1 has been pushed to the r3.0 stable repository for the Debian jessie template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.0 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-tor_0.1.14-1+deb7u1 has been pushed to the r3.0 stable repository for the Debian wheezy template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update