diff options
author | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-21 04:43:11 +0100 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2021-11-21 04:43:11 +0100 |
commit | 48992f9bd4b321688ee3dd99cd2c29776a63f41e (patch) | |
tree | 6050f8af81e3fffcf4a09eaea73718cee3d1d32d /libre | |
parent | d544044d45ebb3a3f0c688cd640c6c354c9f3e1c (diff) | |
download | abslibre-48992f9bd4b321688ee3dd99cd2c29776a63f41e.tar.gz abslibre-48992f9bd4b321688ee3dd99cd2c29776a63f41e.tar.bz2 abslibre-48992f9bd4b321688ee3dd99cd2c29776a63f41e.zip |
libre: mkinitcpio: bump package revision to workaround expired key
Without that fix, we have the following error while
installing or upgrading mkinitcpio:
error: mkinitcpio: signature from "bill-auger <bill-auger@peers.community>" is unknown trust
:: File /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
This is because the corresponding gpg key is expired:
# gpg --recv-keys FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: key 25DB7D9B5A8D4B40: public key "bill-auger <bill-auger@peers.community>" imported
gpg: Total number processed: 1
gpg: imported: 1
# gpg --verify /var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst.sig
gpg: assuming signed data in '/var/cache/pacman/pkg/mkinitcpio-30-2.parabola2-any.pkg.tar.zst'
gpg: Signature made sam. 06 nov. 2021 03:41:54 CET
gpg: using RSA key FBCC5AD7421197B7ABA72853908710913E8C7778
gpg: Good signature from "bill-auger <bill-auger@peers.community>" [expired]
gpg: aka "bill-auger <mr.j.spam.me@gmail.com>" [expired]
gpg: aka "bill-auger <bill-auger@programmer.net>" [expired]
gpg: aka "[jpeg image of size 6017]" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 3954 A7AB 837D 0EA9 CFA9 7989 25DB 7D9B 5A8D 4B40
Subkey fingerprint: FBCC 5AD7 4211 97B7 ABA7 2853 9087 1091 3E8C 7778
Key expirations often happen when because there are
conflicting best security practices with key expiration
dates: for long term software releases, it's better if
the key don't have too short expiration dates, especially if
users can't easily update the key, but short key expirations
help a lot for security and for uses cases like mail, if you
loose your key, having a short expiration date will ensure
that people will (shortly) stop sending you mail that you
can't decrypt.
In addition keeping a key always up to date can in some case
be very complex.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Diffstat (limited to 'libre')
-rw-r--r-- | libre/mkinitcpio/PKGBUILD | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libre/mkinitcpio/PKGBUILD b/libre/mkinitcpio/PKGBUILD index d8d12a586..1a77552d3 100644 --- a/libre/mkinitcpio/PKGBUILD +++ b/libre/mkinitcpio/PKGBUILD @@ -14,7 +14,7 @@ _IS_NONSYSTEMD=false pkgname=mkinitcpio pkgver=30 -pkgrel=2 +pkgrel=3 pkgrel+=$(${_IS_NONSYSTEMD} && echo '.nonsystemd1' || echo '.parabola2') pkgdesc="Modular initramfs image creation utility" arch=('any') |