Merge bitcoin/bitcoin#22688: contrib: use keys.openpgp.org to retrieve builder keys

4c43b7d41d11072f382f938379d21cd2e0bcbb47 contrib: use hkps://keys.openpgp.org to retrieve builder keys (fanquake)

Pull request description:

  `hkps://hkps.pool.sks-keyservers.net` is essentially no-longer functional,
  and a number of distributions and GPG tools have since switched to using
  the `keys.openpgp.org` key server as their default.

  See this Debian patch for additional context:
  https://salsa.debian.org/debian/gnupg2/-/blob/debian/main/debian/patches/Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch

  Switch to using keys.openpgp.org in the CI as well.

ACKs for top commit:
  MarcoFalke:
    cr ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47
  Zero-1729:
    ACK 4c43b7d41d11072f382f938379d21cd2e0bcbb47

Tree-SHA512: e6c72b67778b76f81c659eee0e4195fea9e579587c64921affd35b9d46a077d4e8754b7fb85ca90a9a4bbc5cd5a47b0c6e4c9dbf9a335418a12f774d665e5a19
This commit is contained in:
fanquake 2021-08-17 16:05:02 +08:00 committed by Konstantin Akimov
parent 62b5358a9c
commit 40a8b925db
No known key found for this signature in database
GPG Key ID: 2176C4A5D01EA524
3 changed files with 3 additions and 3 deletions

View File

@ -25,7 +25,7 @@ test/lint/lint-all.sh
if [ "$CIRRUS_REPO_FULL_NAME" = "dashpay/dash" ] && [ -n "$CIRRUS_CRON" ]; then if [ "$CIRRUS_REPO_FULL_NAME" = "dashpay/dash" ] && [ -n "$CIRRUS_CRON" ]; then
git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit git log --merges --before="2 days ago" -1 --format='%H' > ./contrib/verify-commits/trusted-sha512-root-commit
${CI_RETRY_EXE} gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys $(<contrib/verify-commits/trusted-keys) && ${CI_RETRY_EXE} gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys) &&
./contrib/verify-commits/verify-commits.py --clean-merge=2; ./contrib/verify-commits/verify-commits.py --clean-merge=2;
fi fi

View File

@ -19,7 +19,7 @@ To fetch keys of builders and active developers, feed the list of fingerprints
of the primary keys into gpg: of the primary keys into gpg:
```sh ```sh
while read fingerprint keyholder_name; do gpg --keyserver hkp://subset.pool.sks-keyservers.net --recv-keys ${fingerprint}; done < ./keys.txt while read fingerprint keyholder_name; do gpg --keyserver hkps://keys.openpgp.org --recv-keys ${fingerprint}; done < ./keys.txt
``` ```
Add your key to the list if you provided Guix attestations for two major or Add your key to the list if you provided Guix attestations for two major or

View File

@ -40,7 +40,7 @@ Import trusted keys
In order to check the commit signatures, you must add the trusted PGP keys to your machine. [GnuPG](https://gnupg.org/) may be used to import the trusted keys by running the following command: In order to check the commit signatures, you must add the trusted PGP keys to your machine. [GnuPG](https://gnupg.org/) may be used to import the trusted keys by running the following command:
```sh ```sh
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys $(<contrib/verify-commits/trusted-keys) gpg --keyserver hkps://keys.openpgp.org --recv-keys $(<contrib/verify-commits/trusted-keys)
``` ```
Key expiry/revocation Key expiry/revocation