1
0

Accepting request 1156876 from Base:System

- switch the container key to the new 4096RSA key by default
- obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled
  from migrated systems. (forwarded request 1156875 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1156876
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/suse-build-key?expand=0&rev=43
This commit is contained in:
Ana Guerrero 2024-03-11 14:34:43 +00:00 committed by Git OBS Bridge
commit f63a30c4cb
3 changed files with 19 additions and 23 deletions

View File

@ -1,14 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.15 (GNU/Linux)
mIsERCAdXQEEAL7MrBTz+3SBWpCm2ae2yaDqV3ezQcs2JlvqidJVhsZqQe9/jkxi
KTEQW5+TXF/+BlQSiebunRI7oo3+9U8GyRCgs1sf+yRQWMLzZqRaarzRhw9w+Ihl
edtqYl6/U2JZCb8Adp6d7RzlRliJdJ/VtsfXj2ef7Dwu7elOVSsmaBdtAAYptChT
dVNFIFBhY2thZ2UgU2lnbmluZyBLZXkgPGJ1aWxkQHN1c2UuZGU+iLgEEwECACIC
GwMECwcDAgMVAgMDFgIBAh4BAheABQJaqpClBQkeD0FIAAoJEOOlw2Awfj1UeSEE
AItAomled1lY+qcJXOKjNA6NKFBwbnRC6IZ8jMIBmq6MO9KK4lkbEiFdRB98klJ0
kofFjO0DryFyfvHEBYPwko2HPpVHp3QKMjwhvayUIAaCZg8eRq/7nE2KNlkHBHmg
raADZbBA/ktXY3qt1yTePb8Sw29/mN3/hrfEdjCs6Cgy
=blUq
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner <meissner@suse.com>
- switch the container key to the new 4096RSA key by default
- obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled
from migrated systems.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 16 08:55:24 UTC 2023 - Marcus Meissner <meissner@suse.com> Mon Oct 16 08:55:24 UTC 2023 - Marcus Meissner <meissner@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package suse-build-key # spec file for package suse-build-key
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -44,7 +44,9 @@ Source9: gpg-pubkey-25db7ae0-645bae34.asc
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de> # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key <build@suse.de>
# SLES 10 key. # SLES 10 key.
Source2: gpg-pubkey-307e3d54-5aaa90a5.asc # Source2: gpg-pubkey-307e3d54-5aaa90a5.asc
# deinstall the old RSA 1024 bit key from SLES 11 .
Obsoletes: gpg-pubkey = 307e3d54
#pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] #pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09]
# Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 # Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3
@ -126,12 +128,12 @@ install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
%endif %endif
install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/
install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.asc
install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/ install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/
install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-old.pem
install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
%files %files
%defattr(644,root,root) %defattr(644,root,root)
@ -144,7 +146,8 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container
%endif %endif
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc %{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
%{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc # SLES 11 key no longer added
#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
%{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc %{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc
%{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc %{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc
%{keydir}/gpg-pubkey-73f03759-626bd414.asc %{keydir}/gpg-pubkey-73f03759-626bd414.asc
@ -152,10 +155,10 @@ install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container
%{keydir}/suse_ptf_4096_key.asc %{keydir}/suse_ptf_4096_key.asc
%{keydir}/suse_ptf_key.asc %{keydir}/suse_ptf_key.asc
%{containerkeydir}/suse-container-key.asc %{containerkeydir}/suse-container-key.asc
%{containerkeydir}/suse-container-key-4096.asc %{containerkeydir}/suse-container-key-old.asc
%dir /usr/share/pki/ %dir /usr/share/pki/
%dir %{pemcontainerkeydir}/ %dir %{pemcontainerkeydir}/
%{pemcontainerkeydir}/suse-container-key.pem %{pemcontainerkeydir}/suse-container-key.pem
%{pemcontainerkeydir}/suse-container-key-4096.pem %{pemcontainerkeydir}/suse-container-key-old.pem
%changelog %changelog