#1255 Issue closed: DEBIAN specific package 'Release.key' expired¶
Labels: external tool, not ReaR / invalid
kasimon opened issue at 2017-03-21 10:57:¶
The package repository key http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/Debian_8.0/Release.key has expired last month:
pub 1024D/725A0C43 2008-01-22 [expired: 2017-02-26]
uid Archiving OBS Project <Archiving@build.opensuse.org>
gdha commented at 2017-03-30 08:08:¶
@jsmeix Do you know what needs to be done at OSB side to get this resolved?
jsmeix commented at 2017-03-30 08:27:¶
@gdha this OBS annoyance pops up every now and then
and when it pops up I always do not know what to do
but I can find out ... be patient ...
jsmeix commented at 2017-05-08 13:49:¶
I am neither a Debian user nor a Debian packager.
I do not know what exactly
http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/Debian_8.0/Release.key
is.
I assume it is some special Debian specific key
because there are no files like that in e.g.
http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/openSUSE_Leap_42.1/
From my point of view the openSUSE build service key
that belongs to the Rear projects "expires: 2019-05-07"
and that key is acually the one from the Archiving project:
# osc signkey Archiving:Backup:Rear Archiving:Backup:Rear has no key, trying Archiving:Backup Archiving:Backup has no key, trying Archiving -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQGiBEeWVfMRBACEyg2ELKZ6+gRmEiO... ... -----END PGP PUBLIC KEY BLOCK----- # osc signkey Archiving:Backup:Rear:Snapshot Archiving:Backup:Rear:Snapshot has no key, trying Archiving:Backup:Rear Archiving:Backup:Rear has no key, trying Archiving:Backup Archiving:Backup has no key, trying Archiving -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.5 (GNU/Linux) mQGiBEeWVfMRBACEyg2ELKZ6+gRmEiO... ... -----END PGP PUBLIC KEY BLOCK----- # osc signkey Archiving:Backup:Rear | gpg pub 1024D/725A0C43 2008-01-22 [expires: 2019-05-07] uid Archiving OBS Project <Archiving@build.opensuse.org> # osc signkey Archiving:Backup:Rear:Snapshot | gpg pub 1024D/725A0C43 2008-01-22 [expires: 2019-05-07] uid Archiving OBS Project <Archiving@build.opensuse.org>
I cannot do anything for Debian specific package keys.
gdha commented at 2017-10-27 13:35:¶
Came across an article "http://www.linux-magazin.de/Ausgaben/2011/06/plus/Signierte-RPMs-und-der-Open-Suse-Build-Service" which gave me a hint:
$ osc signkey --extend Archiving:Backup:Rear:Snapshot
Server returned an error: HTTP Error 400: Bad Request
project does not have a key
$ osc signkey --help
signkey: Manage Project Signing Key
osc signkey [--create|--delete|--extend] <PROJECT>
osc signkey [--notraverse] <PROJECT>
This command is for managing gpg keys. It shows the public key
by default. There is no way to download or upload the private
part of a key by design.
However you can create a new own key. You may want to consider
to sign the public key with your own existing key.
If a project has no key, the key from upper level project will
be used (eg. when dropping "KDE:KDE4:Community" key, the one from
"KDE:KDE4" will be used).
WARNING: THE OLD KEY WILL NOT BE RESTORABLE WHEN USING DELETE OR CREATE
Usage:
osc signkey [ARGS...]
Options:
-h, --help show this help message and exit
--notraverse don' traverse projects upwards to find key
--delete delete the gpg signing key in this project
--extend extend expiration date of the gpg public key for this
project
--create create new gpg signing key for this project
$ osc signkey --create Archiving:Backup:Rear:Snapshot
<status code="ok" />
$ osc signkey --create Archiving:Backup:Rear
<status code="ok" />
$ osc signkey Archiving:Backup:Rear:Snapshot
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)
mQENBFnzNksBCADLo9eQe0bfA7rVCu43/pMv1iUhTW29c2YQ2/FBk0AANzglVqxS
...
-----END PGP PUBLIC KEY BLOCK-----
[Export of Github issue for rear/rear.]