Thanks for the report! Yes, the tarsnap archive keys recently changed -- we
update them every year in January. I think that I updated all relevant parts
of the website, but I'm always willing to believe that I screwed something up.
Alternate source, if you want more confirmation than a mere email:
https://mobile.twitter.com/cperciva/status/1484314545199796225
When I do:
$ wget https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
$ gpg tarsnap-deb-packaging-key.asc
I see:
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa4096 2021-10-26 [SC] [expires: 2023-02-01]
C8AC97032A76382306D2A315B364F774EAC3C4DF
uid Tarsnap .deb packages signing key (Tarsnap Backup Inc.) <pkg-deb@tarsnap.com>
Could you please try the same commands?
WARNING: this morning, I re-discovered that if you already have a
tarsnap-deb-packaging-key.asc file in your directory, then wget will save the
new file to tarsnap-deb-packaging-key.asc.1 instead of overwriting the
existing file. So if you already have the 2021 version of the key, that can
spark a lot of confusion.
I'm wondering if we should stick the year in the filename. That means that
the copy&paste instructions would have to change each year (which is why we
didn't do this before), but the annual key rotation bites a few people every
year.
Cheers,
- Graham
On Fri, Jan 21, 2022 at 10:00:47PM +0000, Brian Foley wrote:
Hi All,
I am following these instructions to install tarsnap on ubuntu:
https://www.tarsnap.com/pkg-deb.html
The instructions say:
gpg --list-packets tarsnap-deb-packaging-key.asc | grep signature
:signature packet: algo 1, keyid B364F774EAC3C4DF
:signature packet: algo 17, keyid 38CECA690C6A6A6E
The first keyid is the Tarsnap deb packaging key, while the second is
Colin Percival's key (|0x38CECA690C6A6A6E|). These keyid values should
match those on a public key server search for 0xB364F774EAC3C4DF
<https://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0xB364F774EAC3C4DF>.
However, when I perform the same steps I get:
gpg --list-packets tarsnap-deb-packaging-key.asc | grep signature
:signature packet: algo 1, keyid BF75EEAB040E447C
:signature packet: algo 17, keyid 38CECA690C6A6A6E
Has the tarsnap GPG key changed? If so, can the docs on the website be
updated for clarity?
Thanks,
Brian