search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
44.35k stars 5.43k forks source link

GPG key expired 21 Jun 2024 #31455

Closed bwcorey closed 2 months ago

bwcorey commented 3 months ago

Description

Using the directions at https://docs.gitea.com/installation/install-from-binary the build verifies but warns about the key expiry.

# gpg --verify gitea-1.21.11-linux-amd64.asc gitea-1.21.11-linux-amd64
gpg: Signature made Mon 15 Apr 2024 11:43:42 PM EDT
gpg:                using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: Good signature from "Teabot <teabot@gitea.io>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 7C9E 6815 2594 6888 62D6  2AF6 2D9A E806 EC15 92E2
     Subkey fingerprint: CC64 B1DB 67AB BEEC AB24  B645 5FC3 4632 9753 F4B0
# gpg --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub   rsa4096 2018-06-24 [SC] [expired: 2024-06-21]
      7C9E68152594688862D62AF62D9AE806EC1592E2
uid           [ expired] Teabot <teabot@gitea.io>

Gitea Version

1.21.11-linux-amd64

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Installing Gitea from binary v1.21.11

Database

None

a1012112796 commented 3 months ago

https://github.com/go-gitea/gitea/blob/24f4ebb8a957e4593e7f8472cf29f0a40b9dc161/SECURITY.md?plain=1#L19-L27

lunny commented 3 months ago

Please verify it again after upgrading the key from a public key server.

lunny commented 3 months ago

https://github.com/go-gitea/gitea/blob/24f4ebb8a957e4593e7f8472cf29f0a40b9dc161/SECURITY.md?plain=1#L19-L27

The security documentation looks like needs to be updated.

a1012112796 commented 3 months ago

Please verify it again after upgrading the key from a public key server.

@lunny which server?

bwcorey commented 3 months ago

No change.

# gpg --refresh-keys
gpg: refreshing 1 key from hkps://keys.openpgp.org
gpg: key 2D9AE806EC1592E2: "Teabot <teabot@gitea.io>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
# gpg --verify gitea-1.21.11-linux-amd64.asc gitea-1.21.11-linux-amd64
gpg: Signature made Mon 15 Apr 2024 11:43:42 PM EDT
gpg:                using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: Good signature from "Teabot <teabot@gitea.io>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 7C9E 6815 2594 6888 62D6  2AF6 2D9A E806 EC15 92E2
     Subkey fingerprint: CC64 B1DB 67AB BEEC AB24  B645 5FC3 4632 9753 F4B0
lunny commented 2 months ago

No change.

# gpg --refresh-keys
gpg: refreshing 1 key from hkps://keys.openpgp.org
gpg: key 2D9AE806EC1592E2: "Teabot <teabot@gitea.io>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
# gpg --verify gitea-1.21.11-linux-amd64.asc gitea-1.21.11-linux-amd64
gpg: Signature made Mon 15 Apr 2024 11:43:42 PM EDT
gpg:                using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: Good signature from "Teabot <teabot@gitea.io>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 7C9E 6815 2594 6888 62D6  2AF6 2D9A E806 EC15 92E2
     Subkey fingerprint: CC64 B1DB 67AB BEEC AB24  B645 5FC3 4632 9753 F4B0

Please try again. Now the keys will be sent to