Bug 1220993 - GPG Keys expired in package openSUSE-build-key for alternative architectures
Summary: GPG Keys expired in package openSUSE-build-key for alternative architectures
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: S/390-64 Other
: P5 - None : Major (vote)
Target Milestone: ---
Assignee: Marcus Meissner
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-05 19:00 UTC by Sarah Kriesch
Modified: 2024-03-12 12:15 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
zypper message wrt metadata expired. (30.35 KB, image/png)
2024-03-07 19:54 UTC, Natasha Ament 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sarah Kriesch 2024-03-05 19:00:28 UTC 
This week, I have received an interesting question by Fedora regarding the GPG key for openSUSE Tumbleweed on s390x:
https://github.com/rpm-software-management/mock/issues/1334#issuecomment-1976327235

The question was, whether we are using different keys.
I found our package openSUSE-build-key.

The GPG keys for s390x, PPC and RISCV are expired since years...
Isn't that a security risk? Why are the systems not crying because of that?
Comment 1 Marcus Meissner 2024-03-06 08:24:27 UTC 
they are not compromised.

but i will see i updated them
Comment 2 Marcus Meissner 2024-03-06 09:57:53 UTC 
PowerOPC and RISCV use the openSUSE standard project key.

zSystem I fetched the updated key from the buildservice and added it to openSUSE-build-key.
Comment 3 OBSbugzilla Bot 2024-03-06 11:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1220993) was mentioned in
https://build.opensuse.org/request/show/1155499 Factory / openSUSE-build-key
Comment 4 Sarah Kriesch 2024-03-07 15:13:30 UTC 
Thank you for your support, Marcus!
Comment 5 Natasha Ament 2024-03-07 19:54:43 UTC 
Created attachment 873319 [details]
zypper message wrt metadata expired.

same on 15.6 beta x86_64. This might be mirror related though.
Comment 6 Marcus Meissner 2024-03-08 10:56:12 UTC 
(In reply to Natasha Ament from comment #5)
> Created attachment 873319 [details]
> zypper message wrt metadata expired.
> 
> same on 15.6 beta x86_64. This might be mirror related though.

this seems unrelated to this bug. can you show "zypper lr -d"
Comment 7 Natasha Ament 2024-03-12 09:19:38 UTC 
as requested the output of zypper lr -d:
natasha@localhost:~> sudo zypper lr -d
#  | Alias                       | Name                                                                                        | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                                     | Service
---+-----------------------------+---------------------------------------------------------------------------------------------+---------+-----------+---------+----------+--------+-------------------------------------------------------------------------+--------
 1 | openSUSE-Leap-15.6-1        | openSUSE-Leap-15.6-1                                                                        | No      | ----      | ----    |   99     | rpm-md | cd:/?devices=/dev/disk/by-id/ata-VBOX_CD-ROM_VB2-01700376               | 
 2 | repo-backports-debug-update | Update repository with updates for openSUSE Leap debuginfo packages from openSUSE Backports | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/update/leap/15.6/backports_debug/          | 
 3 | repo-backports-update       | Update repository of openSUSE Backports                                                     | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.6/backports/                | 
 4 | repo-debug                  | Debug Repository                                                                            | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/distribution/leap/15.6/repo/oss/     | 
 5 | repo-debug-non-oss          | Debug Repository (Non-OSS)                                                                  | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/distribution/leap/15.6/repo/non-oss/ | 
 6 | repo-debug-update           | Update Repository (Debug)                                                                   | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.6/oss/                | 
 7 | repo-debug-update-non-oss   | Update Repository (Debug, Non-OSS)                                                          | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.6/non-oss/            | 
 8 | repo-non-oss                | Non-OSS Repository                                                                          | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.6/repo/non-oss/       | 
 9 | repo-openh264               | Open H.264 Codec (openSUSE Leap)                                                            | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://codecs.opensuse.org/openh264/openSUSE_Leap/                      | 
10 | repo-oss                    | Main Repository                                                                             | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.6/repo/oss/           | 
11 | repo-sle-debug-update       | Update repository with debuginfo for updates from SUSE Linux Enterprise 15                  | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.6/sle/                | 
12 | repo-sle-update             | Update repository with updates from SUSE Linux Enterprise 15                                | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.6/sle/                      | 
13 | repo-source                 | Source Repository                                                                           | No      | ----      | ----    |   99     | N/A    | http://download.opensuse.org/source/distribution/leap/15.6/repo/oss/    | 
14 | repo-update                 | Main Update Repository                                                                      | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.6/oss                       | 
15 | repo-update-non-oss         | Update Repository (Non-Oss)                                                                 | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.6/non-oss/                  |
Comment 8 Natasha Ament 2024-03-12 12:15:17 UTC 
You can disregard my comments in this bug. It is indeed a different issue.