Bug 1216831

Summary: error: Verifying a signature using certificate E96C496E4E77C159C2FCA053062F9FD4D6D11CE4
Product: [openSUSE] openSUSE.org Reporter: Alex F <opensuse>
Component: 3rd party softwareAssignee: Luca Weiss <luca>
Status: NEW --- QA Contact: E-mail List <screening-team-bugs>
Severity: Normal    
Priority: P5 - None CC: luca
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alex F 2023-11-02 15:34:27 UTC 
Attempting to download packages results in the following errors:

GPG key at https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key (0xD6D11CE4) is already installed
error: Verifying a signature using certificate E96C496E4E77C159C2FCA053062F9FD4D6D11CE4 (hardware OBS Project <hardware@build.opensuse.org>):
  1. Certificiate 062F9FD4D6D11CE4 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2023-05-23T13:32:57Z
  2. Key 062F9FD4D6D11CE4 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2023-05-23T13:32:57Z
...
The GPG keys listed for the "hardware:razer (Fedora_38)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: openrazer-daemon-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for openrazer-kernel-modules-dkms-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: openrazer-kernel-modules-dkms-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for openrazer-meta-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: openrazer-meta-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for python3-openrazer-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: python3-openrazer-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Comment 1 Andreas Stieger 2023-11-02 21:33:03 UTC 
Well the key expired.
Comment 2 Luca Weiss 2023-11-03 07:45:02 UTC 
The signing keys are managed by OBS and so far no-one could tell me how someone is supposed to extend the validity of those keys. Some command "osc extendkey" (or something) did work a couple of years ago but last I ran it, it just returned an error.

There's also a thread on GitHub with various comments around this issue: https://github.com/openrazer/openrazer/issues/2061

But in theory as written in https://github.com/openrazer/openrazer/issues/2061#issuecomment-1563113037 the signing key hosted on OBS should be valid until 2025 now.