https://bugzilla.suse.com/show_bug.cgi?id=1235148 Bug ID: 1235148 Summary: Fedora 40 packages are being signed with expired keys Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: BuildService Assignee: screening-team-bugs@suse.de Reporter: pstivanin@suse.com QA Contact: adrian.schroeter@suse.com Target Milestone: --- Found By: --- Blocker: --- Hello, it seems that since a month or so, Fedora 40 pkgs are being signed with an expired key: Running transaction test RPM: error: Verifying a signature using certificate B2437D2BAFEBA93384F8F25FFB161AA97C614E92 (home:polslinux OBS Project <home:polslinux@build.opensuse.org>): RPM: 1. Certificate FB161AA97C614E92 invalid: certificate is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: 2. Key FB161AA97C614E92 invalid: key is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: error: Verifying a signature using certificate B2437D2BAFEBA93384F8F25FFB161AA97C614E92 (home:polslinux OBS Project <home:polslinux@build.opensuse.org>): RPM: 1. Certificate FB161AA97C614E92 invalid: certificate is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: 2. Key FB161AA97C614E92 invalid: key is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: error: Verifying a signature using certificate B2437D2BAFEBA93384F8F25FFB161AA97C614E92 (home:polslinux OBS Project <home:polslinux@build.opensuse.org>): RPM: 1. Certificate FB161AA97C614E92 invalid: certificate is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: 2. Key FB161AA97C614E92 invalid: key is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: error: Verifying a signature using certificate B2437D2BAFEBA93384F8F25FFB161AA97C614E92 (home:polslinux OBS Project <home:polslinux@build.opensuse.org>): RPM: 1. Certificate FB161AA97C614E92 invalid: certificate is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z RPM: 2. Key FB161AA97C614E92 invalid: key is not alive RPM: because: The primary key is not live RPM: because: Expired on 2024-11-18T03:25:17Z The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: Transaction test error: package libcotp3-3.1.0-1.44.x86_64 does not verify: Header V3 RSA/SHA256 Signature, key ID 7c614e92: NOTTRUSTED package otpclient-4.0.2-1.74.x86_64 does not verify: Header V3 RSA/SHA256 Signature, key ID 7c614e92: NOTTRUSTED This is happening to multiple users. Is there something I need to do on my side? Thanks -- You are receiving this mail because: You are on the CC list for the bug.