On Wed, Jan 18, 2023 at 07:03:24PM +0100, cagsm wrote:
On Wed, Jan 18, 2023 at 2:35 PM Marcus Meissner firstname.lastname@example.org wrote:
We will switch the openSUSE Tumbleweed signing key that signs the repositories and RPMs from 2048bit RSA key to a 4096bit RSA key early next week. rpm -ql openSUSE-build-key /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc
brand new 15.4 system some months old but apparently the system sees this key or package, and appropriate file
rpm -ql openSUSE-build-key /usr/lib/rpm/gnupg /usr/lib/rpm/gnupg/dumpsigs /usr/lib/rpm/gnupg/keys /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-307e3d54-5aaa90a5.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5847eb1f.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc /usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc /usr/share/container-keys /usr/share/container-keys/opensuse-container-key.asc /usr/share/doc/packages/openSUSE-build-key /usr/share/doc/packages/openSUSE-build-key/security_at_suse_de.asc
but rpm doesnt trust or show or use this key?
and should be in trusted RPM keyring already: rpm -qi gpg-pubkey-29b700a4-62b07e22 ... will show it ... Tracker bug: https://bugzilla.suse.com/show_bug.cgi?id=1199184
rpm -qi gpg-pubkey-29b700a4-62b07e22 package gpg-pubkey-29b700a4-62b07e22 is not installed
what did this system miss? bug? how does rpm gets fed with the proper stuff? ty.
The key was not auto imported into Leap 15.4 RPM database yet.
Currently the first product to transition is openSUSE Tumbleweed, Leap I have not yet scheduled.
You can already do
rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc
As I also plan to migrate Leap at some point.