From be84b3b4d8c19c82849765b708d1438b81dc0d966ccaafd52e8ebb131d338965 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 24 Aug 2017 13:29:11 +0000
Subject: [PATCH] Accepting request 518537 from
 home:msmeissn:branches:Base:System

- extend the build@suse.de product key. (bsc#1014151)
  pub  2048R/39DB7C82 2013-01-31 [expires: 2020-12-06]
  uid                            SuSE Package Signing Key <build@suse.de>

- use dumpsigs script from openSUSE to merge code

- renamed security_at_suse_de.asc to security_at_suse_de_old.asc
- security_at_suse_de.asc: new 4096 bit RSA key.
  pub  4096R/317CD502 2014-10-02 SUSE Security Team <security@suse.de>
  bnc#899509

- create suse-build-key.gpg during build.
- Remove old keys from keyring. (fate#314767)
  Keys currently inside the RPM trusted keyring:
  - pub  2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
  - pub  2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
- Various keys are moved to the documentation area
  (/usr/share/doc/packages/suse-build-key)
  - build-at-suse-sle11.asc: the old SUSE Linux Enterprise 11 key.
    if SUSE Linux Enterprise 11 packages need to be verified on
    a SUSE Linux Enterprise 12 system.
  - suse_ptf_key.asc: The suse ptf key. For verification of provided PTFs.
  - security_at_suse_de.asc: Use only for email encryption and
    verification purposes when contacting our security contact address
    security@suse.de

OBS-URL: https://build.opensuse.org/request/show/518537
OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=26
---
 dumpsigs                         | 66 +++++++++++++++++++++++++++----
 gpg-pubkey-39db7c82-510a966b.asc | 21 ----------
 gpg-pubkey-39db7c82-5847eb1f.asc | 19 +++++++++
 security_at_suse_de.asc          | 67 +++++++++++++++++++++++---------
 suse-build-key.changes           | 39 +++++++++++++++++++
 suse-build-key.spec              | 16 +++++---
 6 files changed, 175 insertions(+), 53 deletions(-)
 delete mode 100644 gpg-pubkey-39db7c82-510a966b.asc
 create mode 100644 gpg-pubkey-39db7c82-5847eb1f.asc

diff --git a/dumpsigs b/dumpsigs
index 87ee3a6..80cf8e5 100644
--- a/dumpsigs
+++ b/dumpsigs
@@ -1,21 +1,50 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
+# dump all keys contained in the keyring specified as argument
 
-my $keyring='';
+use strict;
 
-$keyring="--no-default-keyring --keyring=$ARGV[0]" if $ARGV[0] ne '';
+my @keyring;
+
+die "must specify keyring\n" unless @ARGV;
+
+my $file =  shift @ARGV;
+unless ($file =~ /^\//) {
+	use Cwd qw/abs_path/;
+	$file = abs_path($file);
+}
+
+# XXX: workaround for colons in obs project names o_O
+if ($file =~ /:/) {
+	use File::Temp qw/tempdir/;
+	my $tmpdir = tempdir( CLEANUP => 1);
+	my $nn = $file;
+	$nn =~ s/.*\///;
+	$nn = $tmpdir.'/'.$nn;
+	symlink($file, $nn) or die "failed to symlink: $!\n";
+	$file = $nn;
+}
+
+@keyring = ('--no-default-keyring', '--keyring='.$file);
 
 my @line;
 my $ver;
 my $rel;
 my $name;
+my %names;
 
-open(GPG, "gpg $keyring --no-secmem-warning --list-sigs --list-options show-keyring --fixed-list-mode --with-colons |");
+my @cmd = qw/--no-secmem-warning --no-options --list-sigs --list-options show-keyring --fixed-list-mode --with-colons/;
+unshift @cmd, @keyring;
+unshift @cmd, 'gpg';
+#print join(' ', @cmd), "\n";
+
+open(GPG, '-|', @cmd);
 while (<GPG>) {
   chomp;
   next unless /^pub:/;
   @line = split(':', $_);
   my $id = $line[4];
   $_ = <GPG>;
+  $_ = <GPG> if /^fpr:/;
   chomp;
   next unless /^uid:/;
   @line = split(':', $_);
@@ -23,7 +52,7 @@ while (<GPG>) {
   while (1) {
     $_ = <GPG>;
     chomp;
-    die unless /^sig:/;
+    next unless /^sig:/;
     @line = split(':', $_);
     next if $line[4] ne $id;
     $ver = lc($id);
@@ -31,12 +60,33 @@ while (<GPG>) {
     $rel = sprintf("%08x", $line[5]);
     last;
   }
-  $names{"gpg-pubkey-$ver-$rel"} = $id;
+  $names{"gpg-pubkey-$ver-$rel"} = [ $id, $name ];
 }
 close GPG;
 my $n;
 
 for $n (sort keys %names) {
-  print "writing $n.asc\n";
-  system("gpg $keyring --no-secmem-warning --export -a '$names{$n}' >$n.asc");
+  @cmd = qw/--no-options --no-secmem-warning --export-options export-minimal --export -a/;
+  push  @cmd, $names{$n}[0];
+  unshift @cmd, @keyring;
+  unshift @cmd, 'gpg';
+  my $fn = $n.".asc";
+  unless (open(O, '>', $fn)) {
+	  warn "failed to open $fn: $!";
+	  next;
+  }
+  printf O "%s %s\n\n", $names{$n}[0], $names{$n}[1];
+  print "writing $fn\n";
+  #print join(' ', @cmd), "\n";
+  unless (open(GPG, '-|', @cmd)) {
+	  warn "failed to exec gpg: $!";
+	  close O;
+	  unlink $fn;
+	  next;
+  }
+  while(<GPG>) {
+	  print O;
+  }
+  close GPG;
+  close O;
 }
diff --git a/gpg-pubkey-39db7c82-510a966b.asc b/gpg-pubkey-39db7c82-510a966b.asc
deleted file mode 100644
index 4f30022..0000000
--- a/gpg-pubkey-39db7c82-510a966b.asc
+++ /dev/null
@@ -1,21 +0,0 @@
-70AF9E8139DB7C82 SuSE Package Signing Key <build@suse.de>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.19 (GNU/Linux)
-
-mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
-YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
-91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
-hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
-vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
-L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
-aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYFAlEKlmsCGwMFCQeE
-zgAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBwr56BOdt8gomGCAC13Pi60I6O
-8GJ03BQrmVyyJrDcwJxxqw0HmIENf3rDLMYTBuduM3mNm5Fy2Gl2IuWD9mHvckQs
-0xa+A7mAwHXhIXWFCrZWyRH16w93BzjjLGiMMKimE8mg4XcaRL1FJhxGqq7FpLga
-XpQofkw0yFcavuubETpDR3w4qiRVsNKq4RM00pMCpTpJDWamFJm/oOUmBE45Q071
-v9C4oQHPsBNK/yMtlRssel815Xx4lbJIpKAg4BRtyBHWCzH/gVRGhYA8xDs/DEvu
-Z9mswBdniP+K1XSkr+NtxFvtkAy/C2Q2qk3sqpCMOt3MDGTyBgqIoplE/4XRCis9
-d7b1v1zv4/hN
-=sQXd
------END PGP PUBLIC KEY BLOCK-----
diff --git a/gpg-pubkey-39db7c82-5847eb1f.asc b/gpg-pubkey-39db7c82-5847eb1f.asc
new file mode 100644
index 0000000..faff0fb
--- /dev/null
+++ b/gpg-pubkey-39db7c82-5847eb1f.asc
@@ -0,0 +1,19 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.15 (GNU/Linux)
+
+mQENBFEKlmsBCADbpZZbbSC5Zi+HxCR/ynYsVxU5JNNiSSZabN5GMgc9Z0hxeXxp
+YWvFoE/4n0+IXIsp83iKvxf06Eu8je/DXp0lMqDZu7WiT3XXAlkOPSNV4akHTDoY
+91SJaZCpgUJ7K1QXOPABNbREsAMN1a7rxBowjNjBUyiTJ2YuvQRLtGdK1kExsVma
+hieh/QxpoDyYd5w/aky3z23erCoEd+OPfAqEHd5tQIa6LOosa63BSCEl3milJ7J9
+vDmoGPAoS6ui7S2R5X4/+PLN8Mm2kOBrFjhmL93LX0mrGCMxsNsKgP6zabYKQEb8
+L028SXvl7EGoA+Vw5Vd3wIGbM73PfbgNrXjfABEBAAG0KFN1U0UgUGFja2FnZSBT
+aWduaW5nIEtleSA8YnVpbGRAc3VzZS5kZT6JATwEEwECACYCGwMGCwkIBwMCBBUC
+CAMEFgIDAQIeAQIXgAUCWEfrHwUJDsIitAAKCRBwr56BOdt8gpqUB/wPSSS5BcDu
+Oi4n02cj4Hdt7WITKBjjo0lG1fXG1ppx1wOST+s8FertMVFY53TW6FGjcYtwVOIq
+rsMYiV6kf1NxUV/jcAy7VmC5EZnO0R/D3sT4Oh5hsLtERauZolK5BZmd0S51Qa8e
+TxZ5mX9PL2i3s/ShETc30drf83ugc7B4yZPNQWXNDPgGcC+hEeC5qw48RzHYIpUt
+RzHmefR5Z3ioTUbDlzy+SGP2uA7mhR4Lfk/df5fYxWfCoKlyGjtrvA65cB+Pksyn
+xrAeBuB+vBM+KnDrxW2Sn4AbWkzH//dfz9OJDJu4UM91hb7qxM0OkrXHQV3iNqzg
+MDEhky/9NqMy
+=GdP5
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/security_at_suse_de.asc b/security_at_suse_de.asc
index 5dbc65d..0e574ac 100644
--- a/security_at_suse_de.asc
+++ b/security_at_suse_de.asc
@@ -1,5 +1,3 @@
-77B2E6003D25D3D9 SuSE Security Team <security@suse.de>
-
 The block below contains the public key of the SUSE Security team.
 It's used to sign security advisories and other imporant
 announcents concerning the distribution. To be able to verify
@@ -7,22 +5,55 @@ signatures made with that key you need to import this file into your
 keyring using the following command:
 
 gpg --import security_at_suse_de.asc
-
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.16 (GNU/Linux)
+Version: GnuPG v2
 
-mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
-BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
-JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
-1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
-P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
-cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
-VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
-WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
-hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
-BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
-AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
-RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
-zinsSx2OrWgvSiLEXXYK
-=m7kg
+mQINBFQtF/8BEAC682QMnBjVnGNGo8PcdoGgqQcfdtaBMFhpIfFp0dTdcW7vMwJV
+PDV1TzOvtAlMSsUo6I+sIYG0PAnc51xh/xOAXzKrz0Qd0MEGVsT98yHB6W3XGRuX
+f88FycgIzH03En92yZdBUTV1g3nBM3FFuwjT78quRCzpIMdHtEg4VFFam90TbrLU
+F5ApHNqQf3yqbb6ddG5pdwB1pMoG7Zz4XaK/v0D20U8OxjrWTsbDRgWarIWwoGD4
+VhYqC891fHeoVKmYRYsrTJXqdCoArp/eofGHG/zhVA+MEHsNvPBhW+YxxpNO7MI1
+VjwIKFfO9jl3H3m4yOJ3BOaSpxCDb3LwKdSGCYvrCmGhsJpOyG33t/nwzhsN3R3D
+OBg3YQQ17rZqcF9H89UauFaRDS1VxD/3GSCpmCAt39NW2EHaTOllcxwGkd61spoB
+Q+g10kmiUa1DxWiN0lQnFDdpu8E8SaOnaRKjQy9KDFLxc9GCZXzOceP8wUjWBeKi
+yAVesw562vRS+anpqbxeF1qzYJ78OVzjfFbdkxRecy4HbyaMt31YIPflSeEHrUa3
+Zrl8cXmJvcNZRbGeva++gCmzjYPpFSs9bAVWuFqY0UT3PbLYruYhyYyGv1x5Kwvb
+TYWqLsQmHQxGp61zI97YbAz/XzLeAFrvzW2BnsEeLNXJG0lBShjalHLzqwARAQAB
+tCVTVVNFIFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QHN1c2UuZGU+iQI5BBMBAgAj
+BQJULRf/AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQWPxYsTF81QL5
+WA//cU8pptQ5ZwfI4edi2faNgU4qBF1mJQcchXVyQFcbdHpwNsHkqYFqVK98LwBJ
+3sQUUVwUFdt7uauLtPMYONDeroy95DXhwvjsD891adOzehhAn3DTFUYYTPgs/x1b
+UoXe5LShjinGi95HRjs5LpKyHn67pr91zbMDA0dhHku9mkD2kg8erTjtLlutCgRd
+l25/AUsWi5qG2IZ1GK/GmmpnerD5R5jVc+MLJPW37pSUfS/BdmbK4XmZylpHF53a
+hsUlG6wQM7H1OTyCYWA71jJ5ydeBSlrW6Jt4skM0Lipcr2rmLz/CVI/R0CTADyeI
+41mOSmKOXQnlM0A3BGhLPb4JZFSOu9r+LvRq8u9sMICFqL7OEhjSHQqQ3Oe4sQWG
+vJY1IcP3UW1byG/8MhBTp/16Wxd0Nv44JE4WS2VFVopaso7jmrnv/0JS7b4WwgE8
+OLi3Et4OpeXZEOY9LAYOQc1fdl+leh5qk7TkgNwAn69wdZYXXB3rS1Q6VxMFLyin
+xaepwIlx0jsoG608dT03kv9EUx/hwvZrwnDyeoPtB1+HRXw1o6p/zU8B3r5fqes8
+Ah28Q1sD9c0ojH1gWcodQrhfkqLubgRJHUTTzO4KBwtTqBstcIR1kamOyA4oDbwK
+tT0KsnU9DtJgqGkw0/nlOOgVXvsKWFXgZj4BcHct+tIO4ce5Ag0EVC0X/wEQAMjU
+PGzcmaH8TZ3JExvUiK8zXW5pwnYVyxyMkdn8lWMmPdLI7ljj2OIqzXoYuT4nNmRZ
++zq4ucpd8DwAwim/cfi3bs/xqMNKkC1AybZW/KiEDTHll9Gc0cSa4DBQjdKjm839
+86kz0nzXxWXvBCqEyVVI1YoDAHTcAvMHkOZKc33kv6PS73Gymm78Em1ychx2u6UF
+cQ248QFWXOPXsRaLVmNicuD/rEPcaKr8FomYYtqiGr88sv06FF0EdIa1aXqPVQU1
+IxqH3pAn6oQ2aZUe5jzydhMzhiYGfZtO+ePxE7mi2Vr/m3iurVfhusqc69Cxfd4Z
+fCReSAQFbJ7Vf58c+rRbIp3NkZaID8Fo9jINC9ogNPDxVLbCSmxTnDpR9IdGi9oZ
+VwgcWdQ9rbspOClntbE6GonA++OTEkMOTOFEgGfd7CEuEAAxYc3uchhlSN+LfQja
+B24UgGKHP5QEvjclBOKjDWMfsOwyqdDBkGb0rHCE3ohUnA6QQpz+zSmF0oXmGwAQ
+Jj3YhT/4Z/VapIjlMu9ZaPoT8dGUaDCUeJa4Kbg2krzMolKDNoZeWL5uOJk64+XU
+5JsYBofMrQt3Esv+YGyhD2krYcs/7jaj+BLaJu4+asvXe9pAQTdGCNMoO/qiPsJ6
+gZLnHUjuxMF2eNvFqrYHXCILFFRDYCSiW1RfhPVJABEBAAGJAh8EGAECAAkFAlQt
+F/8CGwwACgkQWPxYsTF81QJVJBAAnuE49ccyVXA3uWquzleHx1ioyVPuYKeE1Lzw
+ibzdnrOPEYVMyNJbr3AcRofH4++KE5AdV9CUYYsP7pbix5hUcG0UdtT10QxAks/Z
+e2k7gTXS3Fgu8q5+q4diDhh1GtiUKX+lsyN4MA6HhzPzACIy7Iy2LlRLV1oqYEMs
+UPF2yEA+04r/UJAhKLshE0evA6Kkkq4MXvPcPxbyhZx+1S6/++dS81I+6+EEGyzM
++8GFn50Op84ULS/eSjVusnha/HVz5mulatWw1yV8hdVyKVqDT/GPOcJ3+MnWHIva
+7NU3RvySgie7ouxM3M5U1GO/bfL7wmAJvJ2mPhoGoSJ6ir5uhMV1CRvMxDVEqomm
+ozxxDGJZ4O8dfpfs9vKIhqeEi9Pk4ZtFIHBEbHiRf1TCpeV13kh9eGpbnSCjTZvD
+HcjR78kQM76XH1JPCH72AhPbePOrI/OmHvvrVyQRN24cXvAzK8L4a2c0FqbrivwX
+7bFHjZcfsjujYQb1QCF9zomtDXQAkWhts0I+tQcegUfQrrUlGFAMuwO/Lts6KL7G
+vyd7dmv07xkbnlwJih4CIKvbImi93fRFMu763QzDhiAQcUohTROoQjZKoJRsRTn8
+czy7l6bFqw5kBgGh0XxyWzdIDIZfyfmb2q6cdEeeajP8g92Hknarmy7UXX7a8eMa
+WzjAfBA=
+=zsa2
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/suse-build-key.changes b/suse-build-key.changes
index 2bb2b43..a27b9b9 100644
--- a/suse-build-key.changes
+++ b/suse-build-key.changes
@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Wed Dec  7 16:35:05 UTC 2016 - meissner@suse.com
+
+- extend the build@suse.de product key. (bsc#1014151)
+
+  pub  2048R/39DB7C82 2013-01-31 [expires: 2020-12-06]
+  uid                            SuSE Package Signing Key <build@suse.de>
+
+-------------------------------------------------------------------
+Tue Nov 29 12:54:46 CET 2016 - ro@suse.de
+
+- use dumpsigs script from openSUSE to merge code 
+
+-------------------------------------------------------------------
+Thu Oct  2 12:45:05 UTC 2014 - meissner@suse.com
+
+- renamed security_at_suse_de.asc to security_at_suse_de_old.asc
+- security_at_suse_de.asc: new 4096 bit RSA key.
+  pub  4096R/317CD502 2014-10-02 SUSE Security Team <security@suse.de>
+  bnc#899509
+
 -------------------------------------------------------------------
 Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com
 
@@ -5,6 +26,24 @@ Fri Aug 29 08:28:03 UTC 2014 - meissner@suse.com
   - suse-build-key.gpg blob dropped
   - ship seperate files
 
+-------------------------------------------------------------------
+Mon Feb 10 09:57:50 UTC 2014 - meissner@suse.com
+
+- create suse-build-key.gpg during build.
+- Remove old keys from keyring. (fate#314767)
+  Keys currently inside the RPM trusted keyring:
+  - pub  2048R/39DB7C82 SuSE Package Signing Key <build@suse.de>
+  - pub  2048R/50A3DD1C SuSE Package Signing Key (reserve key) <build@suse.de>
+- Various keys are moved to the documentation area
+  (/usr/share/doc/packages/suse-build-key)
+  - build-at-suse-sle11.asc: the old SUSE Linux Enterprise 11 key.
+    if SUSE Linux Enterprise 11 packages need to be verified on
+    a SUSE Linux Enterprise 12 system.
+  - suse_ptf_key.asc: The suse ptf key. For verification of provided PTFs.
+  - security_at_suse_de.asc: Use only for email encryption and
+    verification purposes when contacting our security contact address
+    security@suse.de
+
 -------------------------------------------------------------------
 Mon Jan 13 15:01:24 UTC 2014 - meissner@suse.com
 
diff --git a/suse-build-key.spec b/suse-build-key.spec
index 5f9f282..dd76082 100644
--- a/suse-build-key.spec
+++ b/suse-build-key.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package suse-build-key
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,9 +26,11 @@ License:        GPL-2.0+
 Group:          System/Packages
 Version:        12.0
 Release:        0
+
 # pub  2048R/39DB7C82 2013-01-31 SuSE Package Signing Key <build@suse.de>
 # The main package signing key.
-Source0:        gpg-pubkey-39db7c82-510a966b.asc
+Source0:        gpg-pubkey-39db7c82-5847eb1f.asc
+
 # pub  2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) <build@suse.de>
 # Fallback key if main key gets lost.
 Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
@@ -36,17 +38,19 @@ Source1:        gpg-pubkey-50a3dd1c-50f35137.asc
 # pub  1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
 # SLES 10 key.
 Source2:        gpg-pubkey-307e3d54-4be01a65.asc
+
 # pub  1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key <support@suse.com>
 # SUSE supplied PTF (program temporary fixes) are signed by this key.
 # supplied to be not imported by default
 Source98:       suse_ptf_key.asc
 
-# pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
-# security@suse.de communication key.
-# Only used for E-Mail encryption and signing to/from security@suse.de.
+# pub  4096R/317CD502 2014-10-02 SUSE Security Team <security@suse.de>
+# sub  4096R/0DE80E03 2014-10-02
+# Only used for email communication
 Source99:       security_at_suse_de.asc
 
 Source100:      dumpsigs
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 %define keydir  %{_prefix}/lib/rpm/gnupg/keys
@@ -85,7 +89,7 @@ install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
 %attr(755,root,root) %dir %{keydir}
 %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
 %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
-%{keydir}/gpg-pubkey-39db7c82-510a966b.asc
+%{keydir}/gpg-pubkey-39db7c82-5847eb1f.asc
 %{keydir}/gpg-pubkey-307e3d54-4be01a65.asc
 
 %changelog