#2309 Issue `closed`: OBS signing key has expired¶

Labels: fixed / solved / done, ReaR Project

dhoffend opened issue at 2020-01-14 14:59:¶

Sorry to say, but your gpg key to sign your obs packages has expired couple days ago.

pub   2048R/A4AB7D54 2017-10-27 [expired: 2020-01-05]
uid                  Archiving:Backup:Rear OBS Project <Archiving:Backup:Rear@build.opensuse.org>

It would be nice if OBS could be updated.

jsmeix commented at 2020-01-17 10:21:¶

It seems https://github.com/rear/rear/issues/1255 is back
or something like that...

jsmeix commented at 2020-01-17 10:29:¶

As always with that OBS key stuff things do not make sense for me.

From what I can see

the Archiving:Backup:Rear key expires: 2022-03-06
the Archiving:Backup:Rear:Snapshot key expires: 2022-03-22

according to

# osc signkey Archiving:Backup:Rear | gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2017-10-27 [SC] [expires: 2022-03-06]
      C4384DBB49B89764ED9D8D8BA39566C0A4AB7D54
uid           Archiving:Backup:Rear OBS Project <Archiving:Backup:Rear@build.opensuse.org>

# osc signkey Archiving:Backup:Rear:Snapshot | gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2017-10-27 [SC] [expires: 2022-03-22]
      F0D0455553CEB1997BDFBD7A8B6FF753FCFCE889
uid           Archiving:Backup:Rear:Snapshot OBS Project <Archiving:Backup:Rear:Snapshot@build.opensuse.org>

gdha commented at 2020-01-17 11:24:¶

@dhoffend @jsmeix On OBS itself I see the same key output as from the command-line:

$ osc signkey Archiving:Backup:Rear
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)

mQENBF4hmNUBCADR6nV7tVfr+qWxLCI7UVAv1eFEm7x0XPHjMw50DGmrDw84iDh4
qviOTglPg990Muzx9YX/UqWeFECcA78QSc+uKdbiquoRQFNvYl5zS3y1r4ZEyvXi
b63M40s4KYCNEe11OBDieGes4+u+DR4fn7K+hu/cJ4bZ4AOd/+JfFz2oW+92ilQP
102i8ce5pyJkzlu0ByQdmtiJXG3jBRAyVdkSf4CtTGnWO1CWc/sN4jAI+6U0flKi
EkuTs65+N9t8OUe/JgHnfoTCPUA9QySTEreN8/2An/B0kVuJu6Ukk1HhdmNuUQi/
jC8mVNNGlyeDVUg/vRSeHNhfq6JM4eWyPQsfABEBAAG0TEFyY2hpdmluZzpCYWNr
dXA6UmVhciBPQlMgUHJvamVjdCA8QXJjaGl2aW5nOkJhY2t1cDpSZWFyQGJ1aWxk
Lm9wZW5zdXNlLm9yZz6JAT4EEwEIACgFAl4hmNUCGwMFCQQesAAGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEBtN0eL/yN1f+wsH/3SY5pD8A7NBfVDTrQFhb5u1
P9ecMRFajHl/9E4QKy4+LI7eu2F8TtfYBXbV79vyO5q/3PR2Hc7ax75maGTXCRTC
7H52HdntfP6Cl2WGJ+B+f/MOKRaZaJJBTTjxN9k0MtmiFCoqGLd3rbq+NsMXVd1+
KKsyuQ+lidDuXkbZ3zK/MowTUFt4q9nkvCQw6nb0QcToeO7ZFgx/IZMsbNksV8fl
7ZsxKAilf4Lap1w67N4J765CwvE0yKIfMoTD0NAYc9yTvSYfHhbwCvpRsk56d9nv
hHkCj2bS3Qaw6xZu95LGsJjYw1Egle+9Utui2Z34xrorMBfhpdhcwRymiSGZkLSI
RgQTEQIABgUCXiGY1QAKCRA7MBG3a51lI0eqAJ9oopHe9y2Ryxp+bZ2GYZfFURhc
AgCePhE+xPzoLJ/uwIONjBkQgepY6og=
=0npN
-----END PGP PUBLIC KEY BLOCK-----

It think we renewed them with the command:

$ osc signkey --create Archiving:Backup:Rear
<status code="ok" />

dhoffend commented at 2020-01-17 11:30:¶

Thanks for checking this out. It seems that the internal key from OBS might be updated, but the published key is not

$ curl http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/Debian_9.0/Release.key  | gpg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0gpg: WARNING: no command supplied.  Trying to guess what you mean ...
100  1122  100  1122    0     0  11118      0 --:--:-- --:--:-- --:--:-- 11220
pub   rsa2048 2017-10-27 [SC] [expired: 2020-01-05]
      C4384DBB49B89764ED9D8D8BA39566C0A4AB7D54
uid           Archiving:Backup:Rear OBS Project <Archiving:Backup:Rear@build.opensuse.org>

gdha commented at 2020-01-17 13:47:¶

@dhoffend I wouldn't be surprised that these Release.key's will be updated via a kind of batch job by OBS. Check on next Monday again.
Update: it still shows the key as expired (22/Jan/2020).

jsmeix commented at 2020-01-22 14:13:¶

Cf. the recent "Comments for rear-2.5" on
https://build.opensuse.org/package/show/Archiving:Backup:Rear/rear-2.5

dhoffend commented at 2020-01-30 10:57:¶

Any updates? Key is still expired!

dhoffend commented at 2020-02-07 11:00:¶

Can you please unpublish and publish the repo again? I guess as long as nothing gets pushed to the build service, the repo won't get any updates.

gdha commented at 2020-02-10 15:18:¶

@dhoffend I just forced a rebuild of all stable packages + (un)-publish action. Hope this helps?

dhoffend commented at 2020-02-10 15:20:¶

This looks a lot better. Thanks

# curl -s http://download.opensuse.org/repositories/Archiving:/Backup:/Rear/Debian_9.0/Release.key  | gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2020-01-17 [SC] [expires: 2022-03-27]
      985D26DB176472E45FFE5FF51B4DD1E2FFC8DD5F
uid           Archiving:Backup:Rear OBS Project <Archiving:Backup:Rear@build.opensuse.org>

[Export of Github issue for rear/rear.]

#2309 Issue closed: OBS signing key has expired¶