LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 12-21-2012, 08:43 AM   #16
ChrisAbela
Member
 
Registered: Mar 2008
Location: Malta
Distribution: Slackware 14.1
Posts: 467

Rep: Reputation: 87

Quote:
Slackware 14 will have an easter egg which only becomes visible if you install Slackware 14 on 21 december, 2012
I installed Slackware 14 today but I did not notice the Easter Egg.
OK what am I missing?
 
Old 12-21-2012, 01:48 PM   #17
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,195

Rep: Reputation: Disabled
The Easter egg is that the Mayan LILO bootsplash will be installed...
Code:
 # Mayan calendar easter egg
 if [ "$(date "+%Y%m%d")" = "20121221" ]; then
  if [ -r $LILODOCDIR/sample/slack14.0.2012.bmp ]; then
   cp -a $LILODOCDIR/sample/slack14.0.2012.bmp /boot/slack.bmp
  fi
 fi
Eric
 
1 members found this post helpful.
Old 12-21-2012, 11:53 PM   #18
jaycee4
Member
 
Registered: Aug 2009
Posts: 42

Rep: Reputation: 7
Quote:
Originally Posted by zerouno View Post
mmm..

May be...
But may NOT


tomorrow change date to your computer and reinstall
Of course, I was right. As if I could ever be wrong... although my dreams seem prone to error...
Unfortunately I tried changing the date and installing, but to no avail. Looking at the code for liloconfig, I get the impression it's because I use Slackware64. Or maybe Bob got annoyed at me for trying to cheat. Anyway, I decided to track down the picture on the Slackware64 DVD and force the issue. 'Tis a pretty Lilo splash!
 
Old 01-04-2013, 09:37 AM   #19
zerouno
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 256

Rep: Reputation: 69
Quote:
Originally Posted by Alien Bob View Post
If a GPG key's expiry date is updated, then files which were signed with the old version of the GPG key will still validate OK.
I'll let you in on a secret:
Code:
$ gpg --refresh-keys
$ gpg --list-keys "Slackware Linux Project"
pub   1024D/40102233 2003-02-26 [expires: 2038-01-19]
uid                  Slackware Linux Project <security@slackware.com>
sub   1024g/4E523569 2003-02-26 [expires: 2038-01-19]
$ gpg --verify ~ftp/pub/Linux/Slackware/slackware-13.37/CHECKSUMS.md5.asc 
gpg: Signature made Mon 25 Apr 2011 04:56:55 PM CEST using DSA key ID 40102233
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
Eric
But slackpkg automatically does not refresh the key:

Code:
# slackpkg update gpg

                        Downloading http://ftp.osuosl.org/.2/slackware/slackware64-13.37/GPG-KEY...
--2013-01-04 16:27:26--  http://ftp.osuosl.org/.2/slackware/slackware64-13.37/GPG-KEY
Resolving ftp.osuosl.org (ftp.osuosl.org)... 140.211.166.134
Connecting to ftp.osuosl.org (ftp.osuosl.org)|140.211.166.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1565 (1.5K) [text/plain]
Saving to: '/tmp/slackpkg.mi3WC6/gpgkey'

100%[========================================>] 1,565       --.-K/s   in 0s     

2013-01-04 16:27:27 (105 MB/s) - '/tmp/slackpkg.mi3WC6/gpgkey' saved [1565/1565]

                        Slackware Linux Project's GPG key added

root@matteo:~# gpg --list-keys "Slackware Linux Project"
pub   1024D/40102233 2003-02-26 [expired: 2012-12-21]
uid                  Slackware Linux Project <security@slackware.com>
 
Old 01-04-2013, 01:57 PM   #20
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,195

Rep: Reputation: Disabled
Quote:
Originally Posted by zerouno View Post
But slackpkg automatically does not refresh the key:

Code:
# slackpkg update gpg

                        Downloading http://ftp.osuosl.org/.2/slackware/slackware64-13.37/GPG-KEY...
--2013-01-04 16:27:26--  http://ftp.osuosl.org/.2/slackware/slackware64-13.37/GPG-KEY
Resolving ftp.osuosl.org (ftp.osuosl.org)... 140.211.166.134
Connecting to ftp.osuosl.org (ftp.osuosl.org)|140.211.166.134|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1565 (1.5K) [text/plain]
Saving to: '/tmp/slackpkg.mi3WC6/gpgkey'

100%[========================================>] 1,565       --.-K/s   in 0s     

2013-01-04 16:27:27 (105 MB/s) - '/tmp/slackpkg.mi3WC6/gpgkey' saved [1565/1565]

                        Slackware Linux Project's GPG key added

root@matteo:~# gpg --list-keys "Slackware Linux Project"
pub   1024D/40102233 2003-02-26 [expired: 2012-12-21]
uid                  Slackware Linux Project <security@slackware.com>
Oh, but it does!
However, the Slackware GPG key has only been updated in the Slackware 14.0 tree. You pointed slackpkg to a Slackware 13.37 mirror which still has the old key.

Eric
 
Old 01-07-2013, 06:14 AM   #21
zerouno
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 256

Rep: Reputation: 69
Quote:
You pointed slackpkg to a Slackware 13.37 mirror which still has the old key.
who have a slackware 13.37 server point to old key to install patches.


Quote:
Originally Posted by Alien Bob View Post
Oh, but it does!
No, slackpkg does not update the key.

slackpkg verify succesfully the package integrity, it's true.
Seeing the code:
Code:
function checkgpg() {
        gpg --verify ${1}.asc ${1} 2>/dev/null && echo "1" || echo "0"
}
slackpkg does not show any warning becouse '2>/dev/null' is present.
Removing it slackpkg show the warning.
Code:
2013-01-08 12:09:48 (38.4 MB/s) - `/var/cache/packages/./patches/packages/file-5.09-x86_64-1_slack13.37.txz.asc' saved [198/198]

gpg: Signature made Tue Oct 11 11:33:35 2011 CEST using DSA key ID 40102233
gpg: Good signature from "Slackware Linux Project <security@slackware.com>"
gpg: Note: This key has expired!
Primary key fingerprint: EC56 49DA 401E 22AB FA67  36EF 6A44 63C0 4010 2233
        Upgrading file-5.09-x86_64-1_slack13.37...
It's not a fatal, but demonstrates that slackpkg does not refresh the key!


Also,

Some unofficial tool as slapt-get refuse to accept the expired key:
Code:
Verifying checksum signature [http://ftp.heanet.ie/mirrors/ftp.slackware.com/pub/slackware/slackware64-13.37/]...Not Verified
Yes, is *unofficial* tool, so it's not real problem.
 
Old 01-07-2013, 07:37 AM   #22
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,195

Rep: Reputation: Disabled
zerouno, let me explain again what I meant to say.

The command "slackpkg update gpg" will regresh the Slackware GPG key. It will download the GPG-KEY file from the mirror you have configured, for the Slackware release which you have configured. If that GPG-KEY file contains an expired key (which is the case with all Slackware releases before 14.0) then slackpkg will happily "refresh" the GPG key with that same expired key. Slackpkg does not check for expiration of the key!

Your (and mine) idea of "refreshing" is refreshing a key using a keyserver. This is not what "slackpkg update gpg" does.

I have asked Pat Volkerding to update the GPG-KEY file on all Slackware mirror releases for 13.37 and earlier, let's wait and see if he does that.

Code:
Seeing the code:
Code:

function checkgpg() {
        gpg --verify ${1}.asc ${1} 2>/dev/null && echo "1" || echo "0"
}

slackpkg does not show any warning becouse '2>/dev/null' is present.
Removing it slackpkg show the warning.
The need to remove that "2>/dev/null" is arguable. If the key verification fails, this function will return a "0" to the calling routine. This return code is checked and you will get a GPG verification error on your screen. I agree that you will not see the reason for the failure because the key expiration message is filtered out by that "2>/dev/null" redirection.

Eric
 
1 members found this post helpful.
Old 01-08-2013, 05:11 AM   #23
fgcl2k
Member
 
Registered: Jan 2011
Distribution: Slackware 14.0
Posts: 102

Rep: Reputation: 25
Quote:
Originally Posted by Alien Bob View Post
Somewhat related to that end-of-the-world thing... Slackware 14 will have an easter egg which only becomes visible if you install Slackware 14 on 21 december, 2012...
Eric
Has anyone installed on 21 december 2012? What was the easter egg?
 
Old 01-08-2013, 05:47 AM   #24
zerouno
Member
 
Registered: Oct 2009
Distribution: Slackware
Posts: 256

Rep: Reputation: 69
Quote:
Originally Posted by fgcl2k View Post
Has anyone installed on 21 december 2012? What was the easter egg?
see post #17
 
Old 01-08-2013, 08:08 AM   #25
fgcl2k
Member
 
Registered: Jan 2011
Distribution: Slackware 14.0
Posts: 102

Rep: Reputation: 25
Thanks, I missed that post.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Have my GPG key in another PC? hakermania Linux - Security 6 12-06-2010 03:37 PM
GPG: Bad session key gpg between gpg on linux and gpg gui on windows XP konqi Linux - Software 1 07-21-2009 09:37 AM
Revoking GPG key with only passphrase and public key djib Linux - Security 2 03-13-2007 03:20 AM
can see gpg key in apt-key, still can't update Dan63043 Ubuntu 2 09-25-2006 11:35 AM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 06:00 PM


All times are GMT -5. The time now is 11:57 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration