gpg fingerprint command updated yet again. The info on the wiki is no longer accurate. This should work:
gpg -n --import --import-options import-show i2p-pubkey.asc
https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058597.html
A search and replace should make updating the wiki easier if confirmed to be safe.
? That is for mass search and replace.
Has to be used with great care since it can mess up a lot which can perhaps only be fixed with a database restoration from an unbroken revision (which then loses all other changes since last backup). Has a preview though before it actually changes things.
I doubt we are using the i2p gpg fingerprint on any other pages than on the i2p page?
A normal search shows the old fingerprint only on the i2p page. If we were to reuse the fingerprin (or verification instructions)t on multiple pages, we’d create a wiki template so still only one place has to be updated.
Yes unfortunately its used in many places and not made into a template. Off the top of my head - Tox, YaCy, Freenet use this too. Can you please ask TorJunkie to templatize the generic part of these commands so it doesn’t become a time consuming task in the future?
We now have a nice command that at least works on stretch.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
No conversion from asc to keybox to gpg file or anything needed. Solid fingerprint check. No need add to user’s personal gpg folder first. Goes right into /etc/apt/trusted.gpg.d/ drop-in folder, therefore easily disabled later if desired so.
Doesn’t work in Qubes-Whonix TemplateVMs though. ( gpg fails in debian-9 based TemplateVM through Qubes UpdatesProxy - gpg: keyserver receive failed: No keyserver available · Issue #4291 · QubesOS/qubes-issues · GitHub )
Used here:
Template created:
Usage example:
{{apt-key
|filename=/etc/apt/trusted.gpg.d/whonix.gpg
|fingerprint=916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
}}
https://www.whonix.org/wiki/Template:Whonix-APT-Repository-Add
Wohoo! Nice find. Trying to think of all the pages that used the older instructions. Any idea what a good seach term they all share is?
Not sure but even a search for gpg doesn’t show unmanageably many? I guess gpg would catch them all. I don’t think there are that many of those.
I created a second template that’s supposed to use the default onion keyserver so it omits the clearnet server argument.
Here’s the example revamp for I2P repo but it does’t work for some reason. Any pointers?
sudo apt-key --keyring /etc/apt/trusted.gpg.d/i2p.gpg --recv-keys 7840E7610F28B904753549D767ECE5605BCF1346
--keyserver hkp://ipv4.pool.sks-keyservers.net:80 is not optional. Required. Alternative unknown. Some obscure gpg bug.
Template:Apt-key-onion - Whonix just now fixed. Working at the moment.
Repeat, at the moment. gpg having more and more strange connectivity issues.
no dirmngr.log created after previous command ‘KS_GET’ failed: Operation not permitted
https://dev.gnupg.org/T4153
command ‘KS_GET’ failed: Operation not permitted
https://dev.gnupg.org/T4152
They said this is not a bug.
Firewall issue? (according to the ticket)
Is the thread original issue gpg fingerprint command obsolete still an open issue?
According to this yes, If no then that footnote should be fixed.
Footnote removed.
This issue in this forum thread is superseded by this:
gpg --recv-keys fails / no longer use keyservers for anything - #8 by Patrick