Bug 1216831 - error: Verifying a signature using certificate E96C496E4E77C159C2FCA053062F9FD4D6D11CE4
Summary: error: Verifying a signature using certificate E96C496E4E77C159C2FCA053062F9F...
Status: NEW
Alias: None
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Luca Weiss
QA Contact: E-mail List
URL: https://download.opensuse.org/reposit...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-02 15:34 UTC by Alex F
Modified: 2023-11-03 07:45 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex F 2023-11-02 15:34:27 UTC 
Attempting to download packages results in the following errors:

GPG key at https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key (0xD6D11CE4) is already installed
error: Verifying a signature using certificate E96C496E4E77C159C2FCA053062F9FD4D6D11CE4 (hardware OBS Project <hardware@build.opensuse.org>):
  1. Certificiate 062F9FD4D6D11CE4 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2023-05-23T13:32:57Z
  2. Key 062F9FD4D6D11CE4 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2023-05-23T13:32:57Z
...
The GPG keys listed for the "hardware:razer (Fedora_38)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: openrazer-daemon-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for openrazer-kernel-modules-dkms-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: openrazer-kernel-modules-dkms-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for openrazer-meta-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: openrazer-meta-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Public key for python3-openrazer-3.7.0-1.1.noarch.rpm is not trusted. Failing package is: python3-openrazer-3.7.0-1.1.noarch
 GPG Keys are configured as: https://download.opensuse.org/repositories/hardware:/razer/Fedora_38/repodata/repomd.xml.key
Comment 1 Andreas Stieger 2023-11-02 21:33:03 UTC 
Well the key expired.
Comment 2 Luca Weiss 2023-11-03 07:45:02 UTC 
The signing keys are managed by OBS and so far no-one could tell me how someone is supposed to extend the validity of those keys. Some command "osc extendkey" (or something) did work a couple of years ago but last I ran it, it just returned an error.

There's also a thread on GitHub with various comments around this issue: https://github.com/openrazer/openrazer/issues/2061

But in theory as written in https://github.com/openrazer/openrazer/issues/2061#issuecomment-1563113037 the signing key hosted on OBS should be valid until 2025 now.