From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 7060421913801129984
X-Received: by 2002:a05:6402:3492:: with SMTP id v18mr35564193edc.345.1643896250231;
        Thu, 03 Feb 2022 05:50:50 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a17:907:a42a:: with SMTP id sg42ls8016019ejc.0.gmail; Thu,
 03 Feb 2022 05:50:49 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwavxsgyAB4x8dZEP11wJpAJRyh+Ga5w+/27sB2byaEDr3uG3TpWBdB/st8QPBYx8TeEPPp
X-Received: by 2002:a17:907:234f:: with SMTP id we15mr24679776ejb.235.1643896249092;
        Thu, 03 Feb 2022 05:50:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1643896249; cv=none;
        d=google.com; s=arc-20160816;
        b=Mp6MrspTznMyg6oaBPE4Y1CRX9G7ABPRj43XnuDa8PLnCLitXlA1OUwWl/nVZQUfEE
         b4zmmtUTuQxbbI1xGU6JDKbVawxv7DaKGmJrAkzqxeA8+lxZ0LXN+x2j1F/ZbupS/wOV
         3m355tg0ICeve5d/AW1SqpbiIcL925eNHDuGjEr75OqXJJsehhSNq/bDhjzHSB/Ub8Qk
         485hnolEg0dgA5ZowdhZ41Hq27iTmX+j4A9sSQCm+G4BgXNNXNys8MZiVAb5/Uki6O/+
         obl9KMSze1fwS+aK8K86cTULarhkxbGVmA7FbDF6IWjYSpfnEfChv7yUzJmft+0mWvgy
         vPGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from;
        bh=/GnLRPa/EradE7Up9JcgJ2MxyMpV6kIHRx9kFF+GKGo=;
        b=r1MmcDuE29NOtCYXbOB4MtDT3w+rDASvIWnpHr8I5+bLSfMyL2Hvt4NlvGolRUlLU2
         mHUq7uBSUOfxnZUkD/dSONQ7rP2QoGRTLhcxkutjU5TToi490wsHY9t9WpkboTAoYI6z
         m6mlfyPpQoxlZ1yCK5NeX1CsSam8TzhDXEVoDDipx5TUzofoP92ythG/bK7S8oBq2r+f
         vqxekhy0+/2oH8V1Bmrd8HGjStRQtIs4llPnv4j24D7P97gxPc+wjY+K0vuOceRLGY/l
         rkir3srA4Rlmf3pak2rgnkVv60TcXI1qM9ahvu6iDrYxpIQMsz+5FQVBMYYJhIBfGTUw
         r+Ag==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Return-Path: <ubely@ilbers.de>
Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166])
        by gmr-mx.google.com with ESMTPS id r25si673198ejz.2.2022.02.03.05.50.48
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 03 Feb 2022 05:50:49 -0800 (PST)
Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de
Received: from home.localnet (44-208-124-178-static.mgts.by [178.124.208.44] (may be forged))
	(authenticated bits=0)
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 213Dol6g028830
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Thu, 3 Feb 2022 14:50:48 +0100
From: Uladzimir Bely <ubely@ilbers.de>
To: isar-users@googlegroups.com
Subject: Re: [PATCH] meta: Update expired debian ports signing key
Date: Thu, 03 Feb 2022 16:50:46 +0300
Message-ID: <2121626.hkbZ0PkbqX@home>
In-Reply-To: <20220203100256.30893-1-ubely@ilbers.de>
References: <20220203100256.30893-1-ubely@ilbers.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
	autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-TUID: knBea/v/a41z

In the email from Thursday, 3 February 2022 13:02:56 +03 user Uladzimir Bely 
wrote:
> Replace expired Debian Ports Archive Automatic Signing Key (2021)
> (ID:5A88D659DCB811BB) by new Debian Ports Archive Automatic Signing Key
> (2022) (ID: E852514F5DF312F6) to make debian-sid-ports targets work.
> 
> Signed-off-by: Uladzimir Bely <ubely@ilbers.de>
> ---
>  meta/conf/distro/debian-sid-ports.conf | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/conf/distro/debian-sid-ports.conf
> b/meta/conf/distro/debian-sid-ports.conf index 32bd32f3..c8d70750 100644
> --- a/meta/conf/distro/debian-sid-ports.conf
> +++ b/meta/conf/distro/debian-sid-ports.conf
> @@ -10,7 +10,7 @@ BASE_DISTRO_CODENAME = "sid"
> 
>  HOST_DISTRO ?= "debian-sid"
> 
> -DEBIAN_PORTS_KEY =
> "https://www.ports.debian.org/archive_2021.key;sha256sum=44a0c59cac5385cd0a
> 1506f695fbd2381fb71a04d8afc05248ad00a0ec6052aa" +DEBIAN_PORTS_KEY =
> "https://www.ports.debian.org/archive_2022.key;sha256sum=213531906f80d79a5d
> bc8573f57f2a2831b71383cc2d568feba97bb4db94adcc"
> 
>  DISTRO_APT_SOURCES =
> "conf/distro/debian-${BASE_DISTRO_CODENAME}-ports.list"
> DISTRO_BOOTSTRAP_KEYS += "${DEBIAN_PORTS_KEY}"

Some investigations:

It seems, they update keys every year. Currently, archive_2022.key is used for 
signing (valid from Feb 2022 till Jan 2023). But, at the same time, 
archive_2023.key (created about month ago) is available, and they start using 
it to sign releases on Feb. 2023.

So, we could keep 2 keys in conf file - one that works now, another that will 
work next year. So, next time we won't face the problem with debootstrapping 
again, of course providing we do these key updates once a year.

-- 
Uladzimir Bely