| bgstack15 | i got at least one invocation of gbp to work. It only worked with debian/master. Whenever I check out debian/1.26.0-7 it would get say I'm on a detached HEAD and gbp would refuse to operate. | 01:22 |
|---|---|---|
| bgstack15 | I also got pbuilder to work. Intriguing. Maybe I'll use it more for my on-prem builds. Nowadays most of my builds are up on the Open Build Service. | 01:23 |
| onefang | fsmithred: use the command "gpg --edit-key fsmithred@whatever.org" and then the list sub command to show the various keys. If there is no subkey with "usage: E" for encrypting, you'll have to add one. | 12:27 |
| onefang | In theory, I haven't tested things yet. | 12:28 |
| fsmithred | I want to know how to put the E there. | 12:43 |
| onefang | https://www.linux.com/news/protecting-code-integrity-pgp-part-3-generating-pgp-subkeys/ was useful to me. | 12:46 |
| onefang | Or use the addkey sub command. | 12:46 |
| onefang | Or even the help sub command. B-) | 12:46 |
| onefang | GnuPG really needs a lot more documentation. lol | 12:47 |
| onefang | OK, if I got all of this correct, then my new PGP key E0340D3A51DB0EB0 is now on hkps.pool.sks-keyservers.net. Any one wanna help me test that? | 13:54 |
| onefang | Plus I should have NeoMutt configured to do the right thing. | 13:55 |
| rrq | mmm http://hkps.pool.sks-keyservers.net/# doesn't agree | 14:38 |
| onefang | I didn't get an error message when I sent it. | 14:40 |
| onefang | You might have left off the 0x at the beginning of the key. http://hkps.pool.sks-keyservers.net/pks/lookup?search=0xE0340D3A51DB0EB0&fingerprint=on&op=index | 14:43 |
| onefang | That results page looks correct to me. | 14:45 |
| rrq | still get "No results found" ?? | 14:46 |
| onefang | "0xE0340D3A51DB0EB0" is what I searched for. | 14:47 |
| onefang | "E0340D3A51DB0EB0" didn't turn up a result, but then I saw the text to start the search term with 0x. | 14:47 |
| arachnopavel | gpg --dry-run --verbose --keyserver hkps.pool.sks-keyservers.net --recv-key E0340D3A51DB0EB0 | 14:48 |
| arachnopavel | Works for me. | 14:48 |
| rrq | gpg: keyserver receive failed: No data | 14:48 |
| arachnopavel | gpg: pub rsa4096/E0340D3A51DB0EB0 2020-04-26 David Walter Seikel <onefang@sledjhamr.org> | 14:49 |
| onefang | That's me. | 14:49 |
| onefang | You are holding it wrong rrq. B-) | 14:49 |
| rrq | gpg: data source: http://209.244.105.201:11371 | 14:49 |
| arachnopavel | I think hkps.pool.sks-keyservers.net takes too long to respond sometimes. | 14:49 |
| rrq | the DNS has two hosts | 14:50 |
| arachnopavel | 16 seconds here. | 14:50 |
| onefang | It's supposed to be a pool of servers, which is why it has "pool" and "keyservers" in the name. Might just be replicating the key to the other servers in the pool. | 14:51 |
| onefang | I got the right one, coz it cached the DNS from when I sent it. arachnopavel got lucky, rrq got unlucky. | 14:52 |
| rrq | and "gpg" does it's own DNS lookup; i.e., doesn't use /etc/hosts | 14:53 |
| rrq | or it caches DNS ? | 14:58 |
| rrq | how do I clear the DNS cache for gpg ??? | 15:03 |
| onefang | No idea. | 15:03 |
| rrq | reinstall? | 15:04 |
| arachnopavel | I guess my dirmngr instance cached the right dns record for the host and then just reused it. | 15:05 |
| rrq | whats' a dirmngr instance? | 15:05 |
| arachnopavel | man dirmngr :) | 15:06 |
| arachnopavel | So, 82.148.229.254 is the only one of three actually contains the key atm. The other two will probably receive it soon. | 15:07 |
| onefang | I wonder how long that takes? | 15:08 |
| arachnopavel | No idea. | 15:08 |
| onefang | So long as rrq isn't in a hurry to send me encrypted email... | 15:08 |
| rrq | I suppose I now need to wrap all g* programs with a "pkill dirmngr" :( | 15:11 |
| * rrq learnt something new today too | 15:34 | |
| onefang | I spent hours researching PGP, so I learnt lots of things today. Trying to figure out what best practises are, so I can follow them. | 15:35 |
| onefang | And in 16 years time, the next time someone asks me to use PGP, I'll learn it all over again. lol | 15:41 |
| fsmithred | looks like I already have subkeys for encryption. I guess I just need to select them in my mail client. So does that mean an encrypted and signed message requires two keys? | 15:48 |
| fsmithred | onefang, I just sent you an email that's supposed to be encrypted and signed, but I don't think it's either. | 16:00 |
| onefang | Got it, plain text, no signature. | 16:02 |
| onefang | Well, it has DKIM signatures. | 16:02 |
| onefang | Signed reply on it's way back to you. | 16:08 |
| fsmithred | thanks | 16:12 |
| fsmithred | I sent another. I think it worked this time. | 16:22 |
| rrq | onefang: at https://www.devuan.org/os/ at the bottom there is a sample commands for listing the Devuan keyring... and that command doesn't work for me; does it work for you? | 16:24 |
| fsmithred | works here | 16:26 |
| rrq | yeah I'm stupid; thought the command wrapped | 16:26 |
| fsmithred | don't need to be root, either | 16:26 |
| onefang | Encrypted PGP message, but I can't read it. | 16:28 |
| fsmithred | yeah, the public key is attached, but it might be in the encrypted part | 16:29 |
| fsmithred | I'll send the public key again. | 16:29 |
| rrq | interesting. the Devuan repository key has been registered without "user id" ? so I can't get it from the key server(s)? | 16:43 |
| fsmithred | apt install devuan-keyring? | 16:43 |
| rrq | I know, but can't get it from the key server(s) | 16:45 |
| rrq | means the instructions on https://beta.devuan.org/os/keyring are both outdated and can't even be followed with the current key | 16:46 |
| onefang | Encrypted reply on it's way. | 16:47 |
| fsmithred | it worked! | 16:48 |
| rrq | onefang: given your recently acquired knowledge, the quest of fixing up https://beta.devuan.org/os/keyring is perfect for you ... | 16:50 |
| onefang | Yay, and lol, respectively. | 16:51 |
| onefang | I'm still busy catching up on all the old stuff that got delayed by my sudden unexpected server migration. Where I was offered a better server for less money, then AU# tanked and it ended up costing me exactly the same. lol | 16:52 |
| onefang | So I'm not taking on any more projects. | 16:53 |
| rrq | fair enough. we might find one more person that knows some gpg... | 16:55 |
| onefang | That should have been "AU$ tanked" lol | 16:58 |
| onefang | Now try sending me encrypted email. | 17:20 |
| LeePen | bpmedley: The new build of choose-mirror is in beowulf. | 18:54 |
| bpmedley | LeePen : Thanks! I'll work with rrq on including that. | 18:56 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!