lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 16 May 2019 14:53:43 -0700
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Arnd Bergmann <arnd@...db.de>
Cc:     Christoph Hellwig <hch@....de>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-arch <linux-arch@...r.kernel.org>,
        linux-riscv@...ts.infradead.org
Subject: Re: [GIT PULL] asm-generic: kill <asm/segment.h> and improve nommu
 generic uaccess helpers

On Thu, 2019-05-16 at 13:59 -0700, Linus Torvalds wrote:
> On Thu, May 16, 2019 at 1:34 PM Arnd Bergmann <arnd@...db.de> wrote:
> > 
> > 
> > I have reconfigured it locally now and pushed an identical tag with
> > a
> > new signature. Can you see if that gives you the same warning if
> > you
> > try to pull that?
> 
> No, same issue:

The problem seems to be this:

jejb@...vis:~> gpg --list-keys 60AB47FFC9095227
pub   rsa4096 2011-10-27 [C]
      88AFCD206B1611957187F16B60AB47FFC9095227
sub   rsa4096 2011-10-27 [E]

Your key is a "Certification key" and you have an encryption subkey but
no signing key at all.  Usually you either have a signing subkey or
your master key is both certification and signing ([CS] flags). 
Certification keys can only be used to certify other keys, they can't
be used for signing, but I bet gpg is assuming that it can sign with
the master key even if it doesn't possess the signing flag.

You can make your master key a signing key by doing

gpg --expert --edit-key 60AB47FFC9095227

Then doing

gpg> change-usage

and selecting "toggle sign"

Or you could just add a signing subkey.

In either case you'll need to save and sign the changes and then push
to a keyserver for the rest of us to see it.

James

Powered by blists - more mailing lists