On Sunday 07 June 2009 23:08:02 Linda Walsh wrote:
But this is a weird one (as it is inconsistent, but better than the others that it is inconsistent with): openSUSE 11.0 (i586) (noarch) : suse-build-key-1.0-855.1
It's a build key -- but is it only for signing i586 packages? Not sure what was meant, but among "keys", it's the only one with ANY sort of indication of what "Distribution" it was 'for', or was valid for signing.
The other 'gpg' keys, all have NO dist
"suse-build-key" is not a key, it is an rpm package, which contains a key. You're right that it's not architecture dependant
and, using the above mentioned rpm query, print out as: (none) ((none)) : gpg-pubkey-0dfb3188-41ed929b
This on the other hand is a key. It is done by doing rpm --import <gpg key>
So how do I tell what distro's the keys are good for signing? How do I tell which are for old 'distro's, that I no longer want to have enabled for "signed" installing?
There are only two suse keys in total. the suse "build" key (build@suse.de)
and the security key (security@suse.de)
They are used for all distributions, until they expire, at which time they get
an update. The current one will expire in May 2010, if I read correctly
The other keys you have could be various other repository keys. Each build
service repository has its own key, packman has its key and so on.
You can find out what each key is for with "rpm -qi". For example, here is the
output for the suse security key:
rpm -qi gpg-pubkey-3d25d3d9-36e12d04
Name : gpg-pubkey Relocations: (not relocatable)
Version : 3d25d3d9 Vendor: (none)
Release : 36e12d04 Build Date: Tue Dec 9 22:50:38
2008
Install Date: Tue Dec 9 22:50:38 2008 Build Host: localhost
Group : Public Keys Source RPM: (none)
Size : 0 License: pubkey
Signature : (none)
Summary : gpg(SuSE Security Team