Thread overview
GPG Public Key expired?
May 21
divi
May 22
sebasg
May 22
sebasg
May 22
Seb
May 22
divi
May 21
$ curl -fsS https://dlang.org/install.sh | bash -s dmd
Downloading and unpacking http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz
######################################################################## 100.0%
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-03-12
gpg: Signature made Mon 11 May 2020 16:54:29 BST
gpg:                using RSA key 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
gpg: Can't check signature: No public key
Invalid signature http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig
May 22
On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
> $ curl -fsS https://dlang.org/install.sh | bash -s dmd
> Downloading and unpacking http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz
> ######################################################################## 100.0%
> gpg: checking the trustdb
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2022-03-12
> gpg: Signature made Mon 11 May 2020 16:54:29 BST
> gpg:                using RSA key 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
> gpg: Can't check signature: No public key
> Invalid signature http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig

> gpg:                using RSA key 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
> gpg: Can't check signature: No public key
Currently, that key is not part of the publicly known keys and is not in the provided
keyring: https://dlang.org/gpg_keys.html

Maybe it's a new release-signing key and the keyring hasn't been updated yet.
Or maybe something worse.
May 22
On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
> $ curl -fsS https://dlang.org/install.sh | bash -s dmd
> Downloading and unpacking http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz
> ######################################################################## 100.0%
> gpg: checking the trustdb
> gpg: marginals needed: 3  completes needed: 1  trust model: pgp
> gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2022-03-12
> gpg: Signature made Mon 11 May 2020 16:54:29 BST
> gpg:                using RSA key 3AAF1A18E61F6FAA3B7193E4DB8C5218B9329CF8
> gpg: Can't check signature: No public key
> Invalid signature http://downloads.dlang.org/releases/2.x/2.092.0/dmd.2.092.0.linux.tar.xz.sig

I think what's happening is that your local keyring is outdated. The install script doesn't automatically update the keyring (nor warns you about the keyring being outdated). Unfortunately a well-known bug/problem/limitation.

You probably ran the install script at some point in the past and it created ~/dlang/d-keyring.gpg.
The fix should be to run this:

$ ~/dlang/install.sh update

This will result in the script updating itself and the keyring.

(The install script from prior runs gets installed at ~/dlang/install.sh)
May 22
On Friday, 22 May 2020 at 11:56:57 UTC, Seb wrote:
> On Thursday, 21 May 2020 at 18:14:19 UTC, divi wrote:
>> [...]
>
> I think what's happening is that your local keyring is outdated. The install script doesn't automatically update the keyring (nor warns you about the keyring being outdated). Unfortunately a well-known bug/problem/limitation.
>
> You probably ran the install script at some point in the past and it created ~/dlang/d-keyring.gpg.
> The fix should be to run this:
>
> $ ~/dlang/install.sh update
>
> This will result in the script updating itself and the keyring.
>
> (The install script from prior runs gets installed at ~/dlang/install.sh)

Excellent, that worked. Thanks!
May 22
On Friday, 22 May 2020 at 10:05:54 UTC, sebasg wrote:
> Currently, that key is not part of the publicly known keys and is not in the provided
> keyring: https://dlang.org/gpg_keys.html
>
> Maybe it's a new release-signing key and the keyring hasn't been updated yet.
> Or maybe something worse.

Wrong, it's actually there, a subkey:

pub   rsa4096 2020-03-12 [SC] [expires: 2022-03-12]
      F46A 10D0 AB44 C3D1 5DD6  5797 BCDD 73FF C3EB 6146
uid           [ unknown] Martin Nowak <code@dawg.eu>
uid           [ unknown] Martin Nowak <martin.nowak@7learnings.com>
uid           [ unknown] Martin Nowak <martin@dlang.org>
sub   rsa4096 2020-03-12 [E] [expires: 2022-03-12]
      B926 14C2 1EC5 779D C678  468E 9A81 3AD3 C115 08BC
sub   rsa4096 2020-03-12 [S] [expires: 2022-03-12]
      3AAF 1A18 E61F 6FAA 3B71  93E4 DB8C 5218 B932 9CF8