From 3f1fb134bcc42f028da7d2cc0dacdab89ec9b0ff10361dc2c5a42fe32ff7c1a6 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 11 Mar 2024 08:46:23 +0000 Subject: [PATCH] Accepting request 1156875 from home:msmeissn:branches:Base:System - switch the container key to the new 4096RSA key by default - obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled from migrated systems. OBS-URL: https://build.opensuse.org/request/show/1156875 OBS-URL: https://build.opensuse.org/package/show/Base:System/suse-build-key?expand=0&rev=43 --- gpg-pubkey-307e3d54-5aaa90a5.asc | 14 -------------- suse-build-key.changes | 7 +++++++ suse-build-key.spec | 21 ++++++++++++--------- 3 files changed, 19 insertions(+), 23 deletions(-) delete mode 100644 gpg-pubkey-307e3d54-5aaa90a5.asc diff --git a/gpg-pubkey-307e3d54-5aaa90a5.asc b/gpg-pubkey-307e3d54-5aaa90a5.asc deleted file mode 100644 index 2904f09..0000000 --- a/gpg-pubkey-307e3d54-5aaa90a5.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.15 (GNU/Linux) - -mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi -KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl -edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT -dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC -GwMECwcDAgMVAgMDFgIBAh4BAheABQJaqpClBQkeD0FIAAoJEOOlw2Awfj1UeSEE -AItAomled1lY+qcJXOKjNA6NKFBwbnRC6IZ8jMIBmq6MO9KK4lkbEiFdRB98klJ0 -kofFjO0DryFyfvHEBYPwko2HPpVHp3QKMjwhvayUIAaCZg8eRq/7nE2KNlkHBHmg -raADZbBA/ktXY3qt1yTePb8Sw29/mN3/hrfEdjCs6Cgy -=blUq ------END PGP PUBLIC KEY BLOCK----- - diff --git a/suse-build-key.changes b/suse-build-key.changes index f1fcba5..79e0bd8 100644 --- a/suse-build-key.changes +++ b/suse-build-key.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner + +- switch the container key to the new 4096RSA key by default +- obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled + from migrated systems. + ------------------------------------------------------------------- Mon Oct 16 08:55:24 UTC 2023 - Marcus Meissner diff --git a/suse-build-key.spec b/suse-build-key.spec index 63c2cc4..aa0fc0c 100644 --- a/suse-build-key.spec +++ b/suse-build-key.spec @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,9 @@ Source9: gpg-pubkey-25db7ae0-645bae34.asc # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key # SLES 10 key. -Source2: gpg-pubkey-307e3d54-5aaa90a5.asc +# Source2: gpg-pubkey-307e3d54-5aaa90a5.asc +# deinstall the old RSA 1024 bit key from SLES 11 . +Obsoletes: gpg-pubkey = 307e3d54 #pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] # Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 @@ -126,12 +128,12 @@ install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg %endif install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ -install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc -install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc +install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.asc +install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/ -install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem -install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem +install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-old.pem +install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem %files %defattr(644,root,root) @@ -144,7 +146,8 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container %endif %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-39db7c82-5f68629b.asc -%{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc +# SLES 11 key no longer added +#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc %{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc %{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc %{keydir}/gpg-pubkey-73f03759-626bd414.asc @@ -152,10 +155,10 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container %{keydir}/suse_ptf_4096_key.asc %{keydir}/suse_ptf_key.asc %{containerkeydir}/suse-container-key.asc -%{containerkeydir}/suse-container-key-4096.asc +%{containerkeydir}/suse-container-key-old.asc %dir /usr/share/pki/ %dir %{pemcontainerkeydir}/ %{pemcontainerkeydir}/suse-container-key.pem -%{pemcontainerkeydir}/suse-container-key-4096.pem +%{pemcontainerkeydir}/suse-container-key-old.pem %changelog