On Mon Dec 13 09:48:43 CET 2021 Marc Schiffbauer wrote:
> * Giacomo Comes schrieb am 12.12.21 um 03:44 Uhr:
> I have more information about the key problem.
>
> Some time ago the package rpm in opensuse was patched with
> a pgp hardening changes from upstream (bsc#1185299)
> This caused a problem with the current packman key.
> However, the key itselt is not bad. It's just that
> the rpm code before patching and the code after patching
> will consider the same key as different.
>
> The solution for me was to delete the packman key
> (rpm -e gpg-pubkey-1abd1afb-54176598) and then,
> when asked, reimport the key.
>
> After that, everything worked fine.
Thanks for that! So I guess we could leave the current key in place.
Users just need to know the required steps.
I haven't been able to build new images based on openSUSE that include a config
script to import the Packman key because it fails:
:~> rpm --import /etc/zypp/repos.d/repomd.xml.key
error: /etc/zypp/repos.d/repomd.xml.key: key 1 import failed.
The cause of the error is the updated version of rpm in Tumbleweed and Leap:
-
https://1password.community/discussion/123891/rpm-gpg-key-is-not-accepted-by-new-rpm-versions
-
https://github.com/rpm-software-management/rpm/commit/f22499a05d0a01e35dd10d7644f8d74391ba4222
-
https://itectec.com/unixlinux/yum-in-amazon-linux-2-still-asks-for-gpg-key-even-after-rpm-import-when-adding-kubernetes-repo/
They talk there in those threads about updating the key to remove the critical
bit but keeping the same key, but that's all over my head. I think something
needs to be done about the Packman key, even if it means creating a new one.
_______________________________________________
Packman mailing list
Packman@links2linux.de
https://lists.links2linux.de/cgi-bin/mailman/listinfo/packman
