Re: [GIT PULL] asm-generic: kill <asm/segment.h> and improve nommu generic uaccess helpers

From: James Bottomley
Date: Thu May 16 2019 - 17:55:49 EST


On Thu, 2019-05-16 at 13:59 -0700, Linus Torvalds wrote:
> On Thu, May 16, 2019 at 1:34 PM Arnd Bergmann <arnd@xxxxxxxx> wrote:
> >
> >
> > I have reconfigured it locally now and pushed an identical tag with
> > a
> > new signature. Can you see if that gives you the same warning if
> > you
> > try to pull that?
>
> No, same issue:

The problem seems to be this:

jejb@jarvis:~> gpg --list-keys 60AB47FFC9095227
pub rsa4096 2011-10-27 [C]
88AFCD206B1611957187F16B60AB47FFC9095227
sub rsa4096 2011-10-27 [E]

Your key is a "Certification key" and you have an encryption subkey but
no signing key at all. Usually you either have a signing subkey or
your master key is both certification and signing ([CS] flags).
Certification keys can only be used to certify other keys, they can't
be used for signing, but I bet gpg is assuming that it can sign with
the master key even if it doesn't possess the signing flag.

You can make your master key a signing key by doing

gpg --expert --edit-key 60AB47FFC9095227

Then doing

gpg> change-usage

and selecting "toggle sign"

Or you could just add a signing subkey.

In either case you'll need to save and sign the changes and then push
to a keyserver for the rest of us to see it.

James