Hi OBS community,
today when running "zypper ref" on one of my raspberry pies, I saw the
following:
------8<-----snip----8<------
Retrieving: repomd.xml ..........................................[done]
Repository: openSUSE-Tumbleweed-Oss
Key Fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
Key Name: openSUSE Project Signing Key
Key Algorithm: RSA 2048
Key Created: Mon May 5 08:37:40 2014
Key Expires: Thu May 2 08:37:40 2024
Rpm Name: gpg-pubkey-3dbdc284-53674dd4
Note: Received 1 new package signing key from repository
"openSUSE-Tumbleweed-Oss":
Those additional keys are usually used to sign packages shipped by
the repository. In order to
validate those packages upon download and installation the new keys
will be imported into the rpm
database.
New:
Key Fingerprint: AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4
Key Name: openSUSE Project Signing Key
Key Algorithm: RSA 4096
Key Created: Mon Jun 20 14:03:14 2022
Key Expires: Fri Jun 19 14:03:14 2026
Rpm Name: gpg-pubkey-29b700a4-62b07e22
The repository metadata introducing the new keys have been signed and
validated by the trusted
key:
Repository: openSUSE-Tumbleweed-Oss
Key Fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
Key Name: openSUSE Project Signing Key
Key Algorithm: RSA 2048
Key Created: Mon May 5 08:37:40 2014
Key Expires: Thu May 2 08:37:40 2024
Rpm Name: gpg-pubkey-3dbdc284-53674dd4
------8<-----snip----8<------
I would be *very* interested in doing something like that on my private
OBS installation (replacing an old RSA1024 key with a current one
without having all installations manually accept that key).
Is there documentation available on how to achieve this?
Best regards,
seife
--
Stefan Seyfried
"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman