Giter Site home page Giter Site logo

Comments (16)

temp avatar temp commented on June 15, 2024 1

Any news on this one? New release with valid key would be awesome...

from dephpend.

theseer avatar theseer commented on June 15, 2024 1

@mihaeu ping ;-)

from dephpend.

theseer avatar theseer commented on June 15, 2024 1

Please try again with Phive 0.13.0 as this should fix the issue at hand.

from dephpend.

mihaeu avatar mihaeu commented on June 15, 2024

Thanks for reporting this @kitingChris

Must have used the ssh key instead of the pgp for signing 😓

I'll get around to fixing it until then feel free to trust 😝

from dephpend.

kitingChris avatar kitingChris commented on June 15, 2024

@mihaeu on which PGP servers did you publish your PGP key?
It seems none of the following keyserver knows your keyid nor your email.
[hkps://keys.openpgp.org, keys.gnupg.net, keyserver.ubuntu.com, hkp://keyserver.ubuntu.com:80, pgp.mit.edu]
Did you forgot to publish your PGP public key?

from dephpend.

theseer avatar theseer commented on June 15, 2024

@mihaeu ping ;-)

from dephpend.

mihaeu avatar mihaeu commented on June 15, 2024

Sorry everyone, GitHub didn't like my email reply this time. Weird I published the key to keys.openpgp.org and pgp.mit.edu

from dephpend.

theseer avatar theseer commented on June 15, 2024 
theseer@nyda /tmp/xx $ phive update dephpend
Phive 0.12.4-7-g663acfb-dirty - Copyright (C) 2015-2019 by Arne Blankerts, Sebastian Heuer and Contributors
Fetching repository list
Downloading https://api.github.com/repos/mihaeu/dephpend/releases
Downloading https://github.com/mihaeu/dephpend/releases/download/0.6.1/dephpend-0.6.1.phar
Downloading https://github.com/mihaeu/dephpend/releases/download/0.6.1/dephpend-0.6.1.phar.asc
Downloading key 76835C9464877BDD
Trying to connect to keys.openpgp.org (37.218.245.50)
Trying to connect to keys.openpgp.org (2a00:c6c0::154:1:0:0:1)
[ERROR]   Request failed:  (while requesting https://keys.openpgp.org/pks/lookup?search=0x76835C9464877BDD&op=index&options=mr)
[WARNING] Failed with error code 0: No mirror yielded any result. Giving up.
Trying to connect to keys.fedoraproject.org (140.211.169.207)
Downloading https://keys.fedoraproject.org/pks/lookup?search=0x76835C9464877BDD&op=index&options=mr
Trying to connect to keys.fedoraproject.org (140.211.169.207)
Trying to connect to keys.fedoraproject.org (2605:bc80:3010:600:dead:beef:cafe:fedc)
[ERROR]   Request failed:  (while requesting https://keys.fedoraproject.org/pks/lookup?search=0x76835C9464877BDD&op=get&options=mr)
[WARNING] Failed with error code 502: Server reported an error
Trying to connect to keyserver.ubuntu.com (162.213.33.9)
Trying to connect to keyserver.ubuntu.com (162.213.33.8)
[WARNING] Failed with error code 0: No mirror yielded any result. Giving up.
[WARNING] Failed with error code 6: DNS Problem: Did not find any IP for hostname "hkps.pool.sks-keyservers.net"
[ERROR]   PublicKey 76835C9464877BDD not found on key servers

Not sure what's causing this though ;)

from dephpend.

theseer avatar theseer commented on June 15, 2024

The openpgp server though seems to know the key. Just the query doesn't work.
Maybe that's a bug in phive...

from dephpend.

kitingChris avatar kitingChris commented on June 15, 2024

@mihaeu searching on https://keys.openpgp.org/ for either your public key id nor your mail "[email protected]" just tells Error: No key found

from dephpend.

mihaeu avatar mihaeu commented on June 15, 2024

dephpend-0.6.1.phar was signed using [email protected] which is on that server: https://keys.openpgp.org/search?q=michael.haeuslmann%40gmail.com

from dephpend.

theseer avatar theseer commented on June 15, 2024

Given that a signature only contains a key id and not the email address, phive only searches for the id.

PHPStan seems to have issues as well currently: phive #206.

Not sure yet what's broken here, maybe our parsing logic for the data is to optimistic or maybe the output of the keyservers changed.

from dephpend.

theseer avatar theseer commented on June 15, 2024

It looks like that hagrid, the software running at keys.openpgp.org turned picky on the order of parameters in the get request. While I think that might qualify as a bug (and possibly a violation of http specs), I'll update phive to deal with this better.

While at it, I'll might directly implement their alternative API.

from dephpend.

mihaeu avatar mihaeu commented on June 15, 2024

Awesome, thanks @theseer

from dephpend.

mihaeu avatar mihaeu commented on June 15, 2024

Works like a charm

from dephpend.

kitingChris avatar kitingChris commented on June 15, 2024

jep can confirm now the key check works!
Thanks a lot

/ # GPG_KEY=$(gpg --verify dephpend-0.6.1.phar.asc 2>&1 | grep -Eo 'using RSA key \w+' | grep -oE '[^ ]+$')
/ # for KEY_SERVER in hkps://keys.openpgp.org \
>                 keys.gnupg.net \
>                 keyserver.ubuntu.com \
>                 hkp://keyserver.ubuntu.com:80 \
>                 pgp.mit.edu \
>                 keyserver.pgp.com \
>                 pool.sks-keyservers.net; do
> 
>     gpg -v --keyserver "${KEY_SERVER}" --recv-keys "${GPG_KEY}" && break || echo "Trying new gpg server..."
> done
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: connection to dirmngr established
gpg: keyserver receive failed: General error
Trying new gpg server...
gpg: data source: http://37.191.231.105:11371
gpg: armor header: Version: SKS 1.1.6
gpg: armor header: Comment: Hostname: keys2.kfwebs.net
gpg: pub  rsa4096/76835C9464877BDD 2019-07-14  Michael Haeuslmann <[email protected]>
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: key 76835C9464877BDD: public key "Michael Haeuslmann <[email protected]>" imported
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: Total number processed: 1
gpg:               imported: 1
/ # gpg --verify dephpend-0.6.1.phar.asc 
gpg: assuming signed data in 'dephpend-0.6.1.phar'
gpg: Signature made Sun Jul 14 14:51:31 2019 UTC
gpg:                using RSA key 44CC65DC01D2FC05AD6F3DBD76835C9464877BDD
gpg:                issuer "[email protected]"
gpg: Good signature from "Michael Haeuslmann <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 44CC 65DC 01D2 FC05 AD6F  3DBD 7683 5C94 6487 7BDD

from dephpend.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.