commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2024-03-11 15:34:43 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.1770 (New) Package is "suse-build-key" Mon Mar 11 15:34:43 2024 rev:43 rq:1156876 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2023-10-16 22:33:38.949260327 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1770/suse-build-key.changes 2024-03-11 15:42:24.489148553 +0100 @@ -1,0 +2,7 @@ +Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner + +- switch the container key to the new 4096RSA key by default +- obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled + from migrated systems. + +--- Old: gpg-pubkey-307e3d54-5aaa90a5.asc Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.dO1A6Z/_old 2024-03-11 15:42:25.061169638 +0100 +++ /var/tmp/diff_new_pack.dO1A6Z/_new 2024-03-11 15:42:25.065169785 +0100 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,9 @@ # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key # SLES 10 key. -Source2:gpg-pubkey-307e3d54-5aaa90a5.asc +# Source2:gpg-pubkey-307e3d54-5aaa90a5.asc +# deinstall the old RSA 1024 bit key from SLES 11 . +Obsoletes: gpg-pubkey = 307e3d54 #pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] # Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 @@ -126,12 +128,12 @@ %endif install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ -install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc -install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc +install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.asc +install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/ -install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem -install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem +install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-old.pem +install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem %files %defattr(644,root,root) @@ -144,7 +146,8 @@ %endif %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-39db7c82-5f68629b.asc -%{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc +# SLES 11 key no longer added +#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc %{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc %{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc %{keydir}/gpg-pubkey-73f03759-626bd414.asc @@ -152,9 +155,9 @@ %{keydir}/suse_ptf_4096_key.asc %{keydir}/suse_ptf_key.asc %{containerkeydir}/suse-container-key.asc -%{containerkeydir}/suse-container-key-4096.asc +%{containerkeydir}/suse-container-key-old.asc %dir /usr/share/pki/ %dir %{pemcontainerkeydir}/ %{pemcontainerkeydir}/suse-container-key.pem -%{pemcontainerkeydir}/suse-container-key-4096.pem +%{pemcontainerkeydir}/suse-container-key-old.pem
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2023-10-16 22:33:23 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.20540 (New) Package is "suse-build-key" Mon Oct 16 22:33:23 2023 rev:42 rq:1117951 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2023-09-12 21:05:56.242711642 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.20540/suse-build-key.changes 2023-10-16 22:33:38.949260327 +0200 @@ -1,0 +2,8 @@ +Mon Oct 16 08:55:24 UTC 2023 - Marcus Meissner + +- build-container-d4ade9c3-5a2e9669.pem: added missing current + PEM container key. +- install the PEM files to the container dir, not the .asc files + (bsc#1216203) + +--- New: build-container-d4ade9c3-5a2e9669.pem Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.qHRcUk/_old 2023-10-16 22:33:39.613284278 +0200 +++ /var/tmp/diff_new_pack.qHRcUk/_new 2023-10-16 22:33:39.617284422 +0200 @@ -50,6 +50,8 @@ # Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 # container key used by Container TUF style signing. Source3:build-container-d4ade9c3-5a2e9669.asc +# same, in PEM format +Source10: build-container-d4ade9c3-5a2e9669.pem # New ALP Keys #pub rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09] @@ -126,9 +128,10 @@ install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc + install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/ -install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem -install -c -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem +install -c -m 644 %{SOURCE10} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem +install -c -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem %files %defattr(644,root,root) ++ build-container-d4ade9c3-5a2e9669.pem ++ -BEGIN PUBLIC KEY- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM/dHoi6nSy7hbKHLYUr Xy6Bv35JbdoIzny5vSFiRXApr0KS56U8PugdGmh+vd7H8YNlx2YOJxzv02Blsrcm WDZcXjE3Xpsi/IHFfRZLOdwwR+u8MNFxwRUVzxyIzKGtbREVVfXPfb2Xc6FL5/tE vQtUKuR6XdzSaav2RnV5IybCB09s0Np0AUbdi5EfSe4INuqgY+VFYLjvM5onbAQL N3bFLS4Quk66Dhv93Zi6NwopwL1F07UPC5uadkyePStP3PA0OAOemj9vZADOWx5a dsGCKISs8iphNC5mDVoLy8Ry49Ms3eQXRjVQOMco3YNf8AhsIdxDNBVN8VTDKVkE DwIDAQAB -END PUBLIC KEY-
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2023-09-12 21:04:26 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.1766 (New) Package is "suse-build-key" Tue Sep 12 21:04:26 2023 rev:41 rq:1110632 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2023-05-22 13:14:40.242910735 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1766/suse-build-key.changes 2023-09-12 21:05:56.242711642 +0200 @@ -1,0 +2,6 @@ +Tue Sep 12 10:08:56 UTC 2023 - Marcus Meissner + +- remove gpg, fileutils, mktemp, sh-utils requires as they are not + needed by the package main functionality, but only by dumpsigs. + +--- Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.cmD5it/_old 2023-09-12 21:05:58.290784695 +0200 +++ /var/tmp/diff_new_pack.cmD5it/_new 2023-09-12 21:05:58.294784838 +0200 @@ -19,8 +19,6 @@ Name: suse-build-key BuildRequires: gpg Provides: build-key -Requires: gpg -AutoReqProv:off Summary:The public gpg key for rpm package signature verification License:GPL-2.0-or-later Group: System/Packages @@ -98,10 +96,6 @@ %define keydir %{_prefix}/lib/rpm/gnupg/keys %define containerkeydir %{_prefix}/share/container-keys/ %define pemcontainerkeydir %{_prefix}/share/pki/containers/ -PreReq: fileutils -PreReq: gpg -PreReq: mktemp -PreReq: sh-utils %description This package contains the gpg keys that are used to sign the
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2023-05-22 13:14:35 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.1533 (New) Package is "suse-build-key" Mon May 22 13:14:35 2023 rev:40 rq:1088291 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2021-07-05 22:24:06.489198143 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1533/suse-build-key.changes 2023-05-22 13:14:40.242910735 +0200 @@ -1,0 +2,13 @@ +Mon May 15 09:44:20 UTC 2023 - Marcus Meissner + +- updated with all current changes + - gpg-pubkey-3fa1d6ce-63c9481c.asc: Upcoming SLE RSA 4096 bit signing key. + - gpg-pubkey-25db7ae0-645bae34.asc: New SLE RSA 4096 bit backup signing key. + - gpg-pubkey-09d9ea69-645b99ce.asc: New ALP RSA 4096 bit signing key. + - gpg-pubkey-73f03759-626bd414.asc: New ALP RSA 4096 bit backup signing key. + - suse_ptf_key.asc: switch to use current RSA 2048 bit key + - suse_ptf_4096_key.asc: upcoming RSA 4096 bit key for SUSE PTFs. + - build-container-8fd6c337-63c94b45.asc: New SLE RSA 4096 bit container signing key (GPG format). + - build-container-8fd6c337-63c94b45.pem: New SLE RSA 4096 bit container signing key (PEM format). + +--- New: build-container-8fd6c337-63c94b45.asc build-container-8fd6c337-63c94b45.pem gpg-pubkey-09d9ea69-645b99ce.asc gpg-pubkey-25db7ae0-645bae34.asc gpg-pubkey-3fa1d6ce-63c9481c.asc gpg-pubkey-73f03759-626bd414.asc suse_ptf_4096_key.asc Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.N9zGYD/_old 2023-05-22 13:14:41.210915565 +0200 +++ /var/tmp/diff_new_pack.N9zGYD/_new 2023-05-22 13:14:41.214915586 +0200 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,10 +30,19 @@ # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. Source0:gpg-pubkey-39db7c82-5f68629b.asc +#pub rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18] +# Key fingerprint = 7F00 9157 B127 B994 D5CF BE76 F74F 09BC 3FA1 D6CE +#uid SUSE Package Signing Key +Source4:gpg-pubkey-3fa1d6ce-63c9481c.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. Source1:gpg-pubkey-50a3dd1c-50f35137.asc +# new reserver key RSA 4096 bit +#pub rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16] +# Key fingerprint = B56E 5601 41D8 F654 2DFF 3BF9 A1BF C02B D588 DC46 +#uid SUSE Package Signing Key (reserve key) +Source9:gpg-pubkey-25db7ae0-645bae34.asc # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key # SLES 10 key. @@ -44,18 +53,42 @@ # container key used by Container TUF style signing. Source3:build-container-d4ade9c3-5a2e9669.asc -# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key +# New ALP Keys +#pub rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09] +# Key fingerprint = 1C59 D66F CD52 563A 1693 3DBC FEC2 8EAF 09D9 EA69 +#uid ALP Package Signing Key +Source5:gpg-pubkey-09d9ea69-645b99ce.asc +# reserve key +#pub rsa4096/0xC7B81E4373F03759 2022-04-29 [SC] [expires: 2032-04-26] +# Key fingerprint = 5056 7568 F292 0FF1 65B2 5FB2 C7B8 1E43 73F0 3759 +#uid ALP Package Signing Key (reserve key) +Source6:gpg-pubkey-73f03759-626bd414.asc + +# new 4096 bit SLES container key. +#pub rsa4096/0x100CEB438FD6C337 2023-01-19 [SC] [expires: 2027-01-18] +# Key fingerprint = 2BFA 4649 1A1C FFA8 31EF C4B6 100C EB43 8FD6 C337 +#uid SUSE Linux Container Signing Key +Source7:build-container-8fd6c337-63c94b45.asc +# Exact same key in PEM format for notary and cosign +Source8:build-container-8fd6c337-63c94b45.pem + # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default -Source98: suse_ptf_key.asc - -#pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10] -#Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922 -#uid [ full ] SUSE Security Team -#uid [ full ] SUSE Security Team -#sub
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2021-07-05 22:23:19 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.2625 (New) Package is "suse-build-key" Mon Jul 5 22:23:19 2021 rev:39 rq:904142 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2021-06-14 23:11:38.396810571 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.2625/suse-build-key.changes 2021-07-05 22:24:06.489198143 +0200 @@ -1,0 +2,5 @@ +Fri Jun 11 09:49:11 UTC 2021 - Dirk M??ller + +- remove dumpsigs for SLE12+ (rpm 4.x) (bsc#1186827) + +--- Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.kHLbPX/_old 2021-07-05 22:24:06.969194429 +0200 +++ /var/tmp/diff_new_pack.kHLbPX/_new 2021-07-05 22:24:06.973194398 +0200 @@ -91,7 +91,9 @@ ;; esac done +%if 0%{?suse_version} && 0%{?suse_version} < 1120 install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg +%endif install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/ install -c -m 644 %{SOURCE3} $RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc @@ -102,7 +104,9 @@ %attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg %attr(755,root,root) %dir %{keydir} %attr(755,root,root) %dir %{containerkeydir} +%if 0%{?suse_version} && 0%{?suse_version} < 1120 %attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs +%endif %{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc %{keydir}/gpg-pubkey-39db7c82-5f68629b.asc %{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2021-06-14 23:11:09 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.32437 (New) Package is "suse-build-key" Mon Jun 14 23:11:09 2021 rev:38 rq:899890 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2019-01-28 20:50:33.217771749 +0100 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.32437/suse-build-key.changes 2021-06-14 23:11:38.396810571 +0200 @@ -2 +2 @@ -Fri Jan 11 15:00:10 UTC 2019 - meiss...@suse.com +Mon Sep 21 08:30:03 UTC 2020 - Marcus Meissner @@ -4,2 +4,27 @@ -- add PTF key to the key directory, so it does not get stripped - out when using --exclude-docs (bsc#1044232) +- suse build key extended (bsc#1176759) + gpg-pubkey-39db7c82-5847eb1f.asc -> gpg-pubkey-39db7c82-5f68629b.asc + + +--- +Thu Aug 13 09:32:26 UTC 2020 - Marcus Meissner + +- actually the container key is different from the build signing + key. (PM-1845 bsc#1170347) + +--- +Thu Apr 23 13:32:45 UTC 2020 - Marcus Meissner + +- add a /usr/share/container-keys/ directory for GPG based Container + verification. +- Add the SUSE build key as "suse-container-key.asc". (PM-1845 bsc#1170347) + +--- +Wed Mar 11 09:09:42 UTC 2020 - Marcus Meissner + +- created a new secur...@suse.de communication key (bsc#1166334) + +--- +Tue Nov 13 12:41:24 UTC 2018 - meiss...@suse.com + +- include ptf key in the key directory to avoid it being + stripped via %doc stripping. (bsc#1044232) Old: gpg-pubkey-39db7c82-5847eb1f.asc New: build-container-d4ade9c3-5a2e9669.asc gpg-pubkey-39db7c82-5f68629b.asc Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.fgtA34/_old 2021-06-14 23:11:38.788811279 +0200 +++ /var/tmp/diff_new_pack.fgtA34/_new 2021-06-14 23:11:38.788811279 +0200 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,14 +22,14 @@ Requires: gpg AutoReqProv:off Summary:The public gpg key for rpm package signature verification -License:GPL-2.0+ +License:GPL-2.0-or-later Group: System/Packages Version:12.0 Release:0 # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. -Source0:gpg-pubkey-39db7c82-5847eb1f.asc +Source0:gpg-pubkey-39db7c82-5f68629b.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. @@ -39,16 +39,22 @@ # SLES 10 key. Source2:gpg-pubkey-307e3d54-5aaa90a5.asc +#pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] +# Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 +# container key used by Container TUF style signing. +Source3:build-container-d4ade9c3-5a2e9669.asc + # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default Source98: suse_ptf_key.asc -#pub rsa4096/0x21FE92322BA9E067 2018-03-15 [SC] [expires: 2020-03-14] -# Key fingerprint = EC7C 5EAB 2C34 09A6 4F3B BE6E 21FE 9232 2BA9 E067 -#uid SUSE Security Team -#uid SUSE Security Team -#sub rsa4096/0xFF97314EC1E11A0E 2018-03-15 [E] [expires: 2020-03-14] +#pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10] +#Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922 +#uid [ full ] SUSE Security Team +#uid [ full ] SUSE Security Team +#sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2022-03-10] +# Key fingerprint = DB30 DF8E 6E44 CFF8 25E8 C858 A679 ED66 FD41 7627 # Only used for email communication Source99: