From nobody Thu Nov 4 19:01:50 2021 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0150A1835D71 for ; Thu, 4 Nov 2021 19:02:11 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Received: from mail-40131.protonmail.ch (mail-40131.protonmail.ch [185.70.40.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlY0d680zz3mjD for ; Thu, 4 Nov 2021 19:02:09 +0000 (UTC) (envelope-from cli_junkie@protonmail.com) Date: Thu, 04 Nov 2021 19:01:50 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1636052517; bh=fKlExf4tMhKZA2dCQ+c/70PHyCRr+5aDdYDupLLTkRE=; h=Date:To:From:Reply-To:Subject:From; b=tRZ1QCtHbTXu74PqQyil+Lu1TkjrdUtbfFtTTVuwNk3nrcfTH95dP6tr7RzAfatKt oHxJISTIolXAMzKa2c2yPXC+r0/fP1RZqkavpYPqUVthPuUe7Do+37r+EpdglBosnx cWUxNmOiV8tIlLIOQsuMubxiKhFqBguhoc7Bm6Js= To: "freebsd-security@freebsd.org" Reply-To: Pat Subject: Expired key for signed checksums Message-ID: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_f2M8HvutArOzn5isrMmZjW19nzBLHldvkSxGjtB70o" X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Rspamd-Queue-Id: 4HlY0d680zz3mjD X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=pass header.d=protonmail.com header.s=protonmail header.b=tRZ1QCtH; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (mx1.freebsd.org: domain of cli_junkie@protonmail.com designates 185.70.40.131 as permitted sender) smtp.mailfrom=cli_junkie@protonmail.com X-Spamd-Result: default: False [1.13 / 15.00]; HAS_REPLYTO(0.00)[cli_junkie@protonmail.com]; FREEMAIL_FROM(0.00)[protonmail.com]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24]; MIME_BASE64_TEXT_BOGUS(1.00)[]; DKIM_TRACE(0.00)[protonmail.com:+]; MIME_BASE64_TEXT(0.10)[]; DMARC_POLICY_ALLOW(-0.50)[protonmail.com,quarantine]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[protonmail.com]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.97)[-0.970]; R_DKIM_ALLOW(-0.20)[protonmail.com:s=protonmail]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; FREEMAIL_REPLYTO(0.00)[protonmail.com]; HAS_PHPMAILER_SIG(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_SPAM_LONG(1.00)[0.999]; TO_DN_EQ_ADDR_ALL(0.00)[]; RWL_MAILSPIKE_VERYGOOD(0.00)[185.70.40.131:from] Reply-To: cli_junkie@protonmail.com From: Pat via freebsd-security X-Original-From: Pat X-ThisMailContainsUnwantedMimeParts: N This is a multi-part message in MIME format. --b1_f2M8HvutArOzn5isrMmZjW19nzBLHldvkSxGjtB70o Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 SGVsbG8sCgpJIGFtIHRyeWluZyB0byB2ZXJpZnkgdGhlIHNpZ25lZCBjaGVja3N1bSBmaWxlIGZv ciBGcmVlQlNEIDEzLCBidXQgdGhlIGtleSB0aGF0CmdldHMgY2hlY2tlZCBpcyBzaG93aW5nIHRv IGJlIGV4cGlyZWQ6CiQgZ3BnIC0ta2V5c2VydmVyLW9wdGlvbnMgYXV0by1rZXktcmV0cmlldmUg XAotLWtleXNlcnZlciBoa3BzOi8va2V5c2VydmVyLnVidW50dS5jb206NDQzIFwKLS12ZXJpZnkg Q0hFQ0tTVU0uU0hBMjU2LUZyZWVCU0QtMTMuMC1SRUxFQVNFLWFtZDY0LmFzYwpncGc6IFNpZ25h dHVyZSBtYWRlIFR1ZSBBcHIgMTMgMTA6NDU6NDQgMjAyMSBDRFQKZ3BnOiB1c2luZyBSU0Ega2V5 IDhEMTI0MDNDMkU2Q0FCMDg2Q0Y2NERBMzAzMTQ1OEE1NDc4RkUyOTMKZ3BnOiByZXF1ZXN0aW5n IGtleSAwMzE0NThBNTQ3OEZFMjkzIGZyb20gaGtwcyBzZXJ2ZXIga2V5c2VydmVyLnVidW50dS5j b20KZ3BnOiBrZXkgNTI0RjBDMzdBMEI5NDZBMzogNzYgc2lnbmF0dXJlcyBub3QgY2hlY2tlZCBk dWUgdG8gbWlzc2luZyBrZXlzCmdwZzoga2V5IDUyNEYwQzM3QTBCOTQ2QTM6IHB1YmxpYyBrZXkg IkdsZW4gQmFyYmVyIDxnamJARnJlZUJTRC5vcmc+IiBpbXBvcnRlZApncGc6IG5vIHVsdGltYXRl bHkgdHJ1c3RlZCBrZXlzIGZvdW5kCmdwZzogVG90YWwgbnVtYmVyIHByb2Nlc3NlZDogMQpncGc6 IGltcG9ydGVkOiAxCmdwZzogR29vZCBzaWduYXR1cmUgZnJvbSAiR2xlbiBCYXJiZXIgPGdqYkBG cmVlQlNELm9yZz4iIFtleHBpcmVkXQpncGc6IGFrYSAiR2xlbiBCYXJiZXIgPGdsZW4uai5iYXJi ZXJAZ21haWwuY29tPiIgW2V4cGlyZWRdCmdwZzogYWthICJHbGVuIEJhcmJlciA8Z2piQGtleWJh c2UuaW8+IiBbZXhwaXJlZF0KZ3BnOiBha2EgIkdsZW4gQmFyYmVyIDxnamJAZ2xlbmJhcmJlci51 cz4iIFtleHBpcmVkXQpncGc6IE5vdGU6IFRoaXMga2V5IGhhcyBleHBpcmVkIQpQcmltYXJ5IGtl eSBmaW5nZXJwcmludDogNzhCMyA0MkJBIDI2QzcgQjJBQyA2ODFFIEE3QkUgNTI0RiAwQzM3IEEw QjkgNDZBMwpTdWJrZXkgZmluZ2VycHJpbnQ6IDhEMTIgNDAzQyAyRTZDIEFCMDggNkNGNiA0REEz IDAzMTQgNThBNSA0NzhGIEUyOTMKCkl0IGRvZXMgbm90IG1hdHRlciB3aGF0IGtleXNlcnZlciBJ IHRyeSwgSSBnZXQgdGhlIHNhbWUgZXhwaXJhdGlvbiBtZXNzYWdlLiBZZXQKSSBzZWUgdGhlIGtl eSBleHBpcmF0aW9uIHdhcyBidW1wZWRbMF0uIEhvdyB3b3VsZCBJIGdvIGFib3V0IGdldHRpbmcg dGhlIHVwZGF0ZWQKa2V5PyBPciBhbSBJIGp1c3QgZ29pbmcgYWJvdXQgdGhpcyBhbGwgd3Jvbmc/ CgpUaGFua3MKUGF0CgpbMF1odHRwczovL2NnaXQuZnJlZWJzZC5vcmcvZG9jL2NvbW1pdC8/aWQ9 MDI5MTBhYTVhZTc1ZTdhZGY1MmU2YmFkNjYyMzYzZTY4OGZjN2I5Yg== --b1_f2M8HvutArOzn5isrMmZjW19nzBLHldvkSxGjtB70o-- From nobody Thu Nov 4 19:17:42 2021 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 7F4DC183FF30 for ; Thu, 4 Nov 2021 19:17:45 +0000 (UTC) (envelope-from gjb@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HlYLd3Dkdz3trX; Thu, 4 Nov 2021 19:17:45 +0000 (UTC) (envelope-from gjb@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636053465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QEgd5EVyS/WV6r4fLBZod7jcD5DQ8gZdPzTOxR+6oA8=; b=ine2Me5xHOyeU5zzHU/ciFEKNWPkMODUJ0qDpr73jtrA/fTHDc0W3w/MormIEJ64NT3p+e p+PUUa0SJiRTERKfsEufIs/nvt06YsaEz4sifohofTvsS/lYRigUyyyfVefQ6uwWDIcQL7 I1QY6cEqA7kbwuhBeALsvzm4Na1f3Hp0e+ZB1Td0qa4Bzf5/Q19pY/8F31cHruXu42uILi h8yBlEPKVLX9Xvo+y5Qe4ezCbgLavW3VG+lNO35fuSb7N5MCcmtveuV5lnn2yROs66FyGe dxA1KNOHBqOMbT73EYecphCMzxRg1T974bJ4x+KBpXK5FXpdWIYNqDuY+PBTLw== Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id E72EE1DCB0; Thu, 4 Nov 2021 19:17:44 +0000 (UTC) (envelope-from gjb@freebsd.org) Date: Thu, 4 Nov 2021 19:17:42 +0000 From: Glen Barber To: Pat Cc: "freebsd-security@freebsd.org" Subject: Re: Expired key for signed checksums Message-ID: <20211104191742.GK69504@FreeBSD.org> References: List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jcZk2Ix8j3PVOBnV" Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1636053465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QEgd5EVyS/WV6r4fLBZod7jcD5DQ8gZdPzTOxR+6oA8=; b=CUwJECWsUaOfqLgev1tiwKUTUTH9NmuvzEMg61RHM6P3U6nAJmpyMag9lnsA1kRJ+M8yAm +Mzi/oabeeO1goMSAuJqQEhTSEDO6nFgqw4f1YKtPS0OTnNMqITZN6rqoCTBJC6jzLRYmj k+PGry7ARqQO8t3RjBdxxzEE4SVKEF97RYVo3Bn2e/htj7+h53NAQIpkD6oET20Nu404s0 DdEgVIMfPS1rwQI+Xs8tyagd1T+qOz88QTWRLdo3zCYiLh6bw5hlBi4pFyuORcWleeFxXn Hg5s/PrqMI0Lrke/eUbGbVBhYqkGcAgZuU6zcYMUgtdso+JzPEy3rpakWKTNfw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1636053465; a=rsa-sha256; cv=none; b=FXDKMsQ1oiFWz0SiD5JeWjlgUlQZZTpyV6XkrDqwGHyqOwnmBylUgiv/4gS65Fv2TWowjs Cwzts+9xwfxKpi7c/IOyifZ+X1XvMrKa2SGy/cHP7ycJ8EAa9DM670kclsserwgElYiNQ8 JhCw7/1GWqAgqsLn2AIvluLHwiEsQfGJsYFJO8vyqr9Nx21SOUvWI6mx/gD161lWV7GXUt hSvsDfkmuiJwGRhm+ZYkRb52JU28qvE+MGri2ZqTKWC6iNc5Jhdamm/n/JRdRkI6eioSpi PaUMCpmHYXMvZwRVVaAkkAnqHm31UbF3N0fvw8UOoc346XxxzPZtV3Du+9UWvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N --jcZk2Ix8j3PVOBnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 04, 2021 at 07:01:50PM +0000, Pat via freebsd-security wrote: > Hello, >=20 > I am trying to verify the signed checksum file for FreeBSD 13, but the ke= y that > gets checked is showing to be expired: > $ gpg --keyserver-options auto-key-retrieve \ > --keyserver hkps://keyserver.ubuntu.com:443 \ > --verify CHECKSUM.SHA256-FreeBSD-13.0-RELEASE-amd64.asc > gpg: Signature made Tue Apr 13 10:45:44 2021 CDT > gpg: using RSA key 8D12403C2E6CAB086CF64DA3031458A5478FE293 > gpg: requesting key 031458A5478FE293 from hkps server keyserver.ubuntu.com > gpg: key 524F0C37A0B946A3: 76 signatures not checked due to missing keys > gpg: key 524F0C37A0B946A3: public key "Glen Barber " imp= orted > gpg: no ultimately trusted keys found > gpg: Total number processed: 1 > gpg: imported: 1 > gpg: Good signature from "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: aka "Glen Barber " [expired] > gpg: Note: This key has expired! > Primary key fingerprint: 78B3 42BA 26C7 B2AC 681E A7BE 524F 0C37 A0B9 46A3 > Subkey fingerprint: 8D12 403C 2E6C AB08 6CF6 4DA3 0314 58A5 478F E293 >=20 > It does not matter what keyserver I try, I get the same expiration messag= e. Yet > I see the key expiration was bumped[0]. How would I go about getting the = updated > key? Or am I just going about this all wrong? >=20 https://docs.freebsd.org/en/articles/pgpkeys/#_glen_barber_gjbfreebsd_org Glen --jcZk2Ix8j3PVOBnV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAmGEMdYACgkQAxRYpUeP 4pOb4Q//Wc9ccrIWoYvZHokDPWnSqQp8nJxfMsyiNgom35gNjSPdfBUsBs8pm67E QG65LKIquu6V5IKP01AiVUkDzFjoB6zlNTEUfYQv0kSRbjMhvV2yElNikPvTQyBU 8NlBFzHhOsC9rOf6Lm26a+lAwPTWKZ2l6o9wDa/wBMY822RMWXUzmHQpB3LcjDdU m4XAMkSNGcbuGMQrDbXBqfatihLeUgEnnoGgZWbUwvfJrkH6wFF4BI0BGbwzY7ld 9qCqI2u2lNVSSWyNaStgstwm5VpWY8JuH4fdCQqaA4WrtdfSovfNfzAmvyhzw7jz B3nKAWsMyt97Xy7RnOI5u8HsaLqgPmpSNKk8Y0rZcBEokY+lJ7ZK5rMfMG5oYKUE Zi+DoFwBnXx7bD3KbgAoZ2XzqiIe21F+/3nSv/GhuuGKQz0NuaEQFbGUum1YPFkr q3G2qVajhUxQQh336O4s6+89KcSmFvrIv9mD6kkYo5XhpIZfGY4SFqBAuUfSEUgA i6LGrooMMBZATFIvHZNjllUOHhDDU+kLyvUloLWDQE9HjexZtNeiVTpBpLFQOJyW f3iuwOsPo8C64MME6ksulU9ecXoA89WkruZgAabg8R0ZQdHALEUfYCLzAUV8dsHi Kn1irNTlmBNbfE5Vs7obQSJtFF6pzoyldk1H/DnS1QPeH0gStUo= =Bujy -----END PGP SIGNATURE----- --jcZk2Ix8j3PVOBnV--