commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package suse-build-key for openSUSE:Factory
checked in at 2024-03-11 15:34:43
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
and /work/SRC/openSUSE:Factory/.suse-build-key.new.1770 (New)
Package is "suse-build-key"
Mon Mar 11 15:34:43 2024 rev:43 rq:1156876 version:12.0
Changes:
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes
2023-10-16 22:33:38.949260327 +0200
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1770/suse-build-key.changes
2024-03-11 15:42:24.489148553 +0100
@@ -1,0 +2,7 @@
+Thu Mar 7 10:19:49 UTC 2024 - Marcus Meissner
+
+- switch the container key to the new 4096RSA key by default
+- obsolete the 1024bit RSA key from SLES 11, so it gets deinstalled
+ from migrated systems.
+
+---
Old:
gpg-pubkey-307e3d54-5aaa90a5.asc
Other differences:
--
++ suse-build-key.spec ++
--- /var/tmp/diff_new_pack.dO1A6Z/_old 2024-03-11 15:42:25.061169638 +0100
+++ /var/tmp/diff_new_pack.dO1A6Z/_new 2024-03-11 15:42:25.065169785 +0100
@@ -1,7 +1,7 @@
#
# spec file for package suse-build-key
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -44,7 +44,9 @@
# pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key
# SLES 10 key.
-Source2:gpg-pubkey-307e3d54-5aaa90a5.asc
+# Source2:gpg-pubkey-307e3d54-5aaa90a5.asc
+# deinstall the old RSA 1024 bit key from SLES 11 .
+Obsoletes: gpg-pubkey = 307e3d54
#pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09]
# Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3
@@ -126,12 +128,12 @@
%endif
install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/
-install -c -m 644 %{SOURCE3}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
-install -c -m 644 %{SOURCE7}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc
+install -c -m 644 %{SOURCE3}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-old.asc
+install -c -m 644 %{SOURCE7}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/
-install -c -m 644 %{SOURCE10}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
-install -c -m 644 %{SOURCE8}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem
+install -c -m 644 %{SOURCE10}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-old.pem
+install -c -m 644 %{SOURCE8}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
%files
%defattr(644,root,root)
@@ -144,7 +146,8 @@
%endif
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
-%{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
+# SLES 11 key no longer added
+#{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
%{keydir}/gpg-pubkey-09d9ea69-645b99ce.asc
%{keydir}/gpg-pubkey-3fa1d6ce-63c9481c.asc
%{keydir}/gpg-pubkey-73f03759-626bd414.asc
@@ -152,9 +155,9 @@
%{keydir}/suse_ptf_4096_key.asc
%{keydir}/suse_ptf_key.asc
%{containerkeydir}/suse-container-key.asc
-%{containerkeydir}/suse-container-key-4096.asc
+%{containerkeydir}/suse-container-key-old.asc
%dir /usr/share/pki/
%dir %{pemcontainerkeydir}/
%{pemcontainerkeydir}/suse-container-key.pem
-%{pemcontainerkeydir}/suse-container-key-4096.pem
+%{pemcontainerkeydir}/suse-container-key-old.pem
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package suse-build-key for openSUSE:Factory
checked in at 2023-10-16 22:33:23
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
and /work/SRC/openSUSE:Factory/.suse-build-key.new.20540 (New)
Package is "suse-build-key"
Mon Oct 16 22:33:23 2023 rev:42 rq:1117951 version:12.0
Changes:
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes
2023-09-12 21:05:56.242711642 +0200
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new.20540/suse-build-key.changes
2023-10-16 22:33:38.949260327 +0200
@@ -1,0 +2,8 @@
+Mon Oct 16 08:55:24 UTC 2023 - Marcus Meissner
+
+- build-container-d4ade9c3-5a2e9669.pem: added missing current
+ PEM container key.
+- install the PEM files to the container dir, not the .asc files
+ (bsc#1216203)
+
+---
New:
build-container-d4ade9c3-5a2e9669.pem
Other differences:
--
++ suse-build-key.spec ++
--- /var/tmp/diff_new_pack.qHRcUk/_old 2023-10-16 22:33:39.613284278 +0200
+++ /var/tmp/diff_new_pack.qHRcUk/_new 2023-10-16 22:33:39.617284422 +0200
@@ -50,6 +50,8 @@
# Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3
# container key used by Container TUF style signing.
Source3:build-container-d4ade9c3-5a2e9669.asc
+# same, in PEM format
+Source10: build-container-d4ade9c3-5a2e9669.pem
# New ALP Keys
#pub rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09]
@@ -126,9 +128,10 @@
install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/
install -c -m 644 %{SOURCE3}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
install -c -m 644 %{SOURCE7}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key-4096.asc
+
install -d -m 755 $RPM_BUILD_ROOT%{pemcontainerkeydir}/
-install -c -m 644 %{SOURCE3}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
-install -c -m 644 %{SOURCE7}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem
+install -c -m 644 %{SOURCE10}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key.pem
+install -c -m 644 %{SOURCE8}
$RPM_BUILD_ROOT%{pemcontainerkeydir}/suse-container-key-4096.pem
%files
%defattr(644,root,root)
++ build-container-d4ade9c3-5a2e9669.pem ++
-BEGIN PUBLIC KEY-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvM/dHoi6nSy7hbKHLYUr
Xy6Bv35JbdoIzny5vSFiRXApr0KS56U8PugdGmh+vd7H8YNlx2YOJxzv02Blsrcm
WDZcXjE3Xpsi/IHFfRZLOdwwR+u8MNFxwRUVzxyIzKGtbREVVfXPfb2Xc6FL5/tE
vQtUKuR6XdzSaav2RnV5IybCB09s0Np0AUbdi5EfSe4INuqgY+VFYLjvM5onbAQL
N3bFLS4Quk66Dhv93Zi6NwopwL1F07UPC5uadkyePStP3PA0OAOemj9vZADOWx5a
dsGCKISs8iphNC5mDVoLy8Ry49Ms3eQXRjVQOMco3YNf8AhsIdxDNBVN8VTDKVkE
DwIDAQAB
-END PUBLIC KEY-
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package suse-build-key for openSUSE:Factory
checked in at 2023-09-12 21:04:26
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
and /work/SRC/openSUSE:Factory/.suse-build-key.new.1766 (New)
Package is "suse-build-key"
Tue Sep 12 21:04:26 2023 rev:41 rq:1110632 version:12.0
Changes:
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes
2023-05-22 13:14:40.242910735 +0200
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1766/suse-build-key.changes
2023-09-12 21:05:56.242711642 +0200
@@ -1,0 +2,6 @@
+Tue Sep 12 10:08:56 UTC 2023 - Marcus Meissner
+
+- remove gpg, fileutils, mktemp, sh-utils requires as they are not
+ needed by the package main functionality, but only by dumpsigs.
+
+---
Other differences:
--
++ suse-build-key.spec ++
--- /var/tmp/diff_new_pack.cmD5it/_old 2023-09-12 21:05:58.290784695 +0200
+++ /var/tmp/diff_new_pack.cmD5it/_new 2023-09-12 21:05:58.294784838 +0200
@@ -19,8 +19,6 @@
Name: suse-build-key
BuildRequires: gpg
Provides: build-key
-Requires: gpg
-AutoReqProv:off
Summary:The public gpg key for rpm package signature verification
License:GPL-2.0-or-later
Group: System/Packages
@@ -98,10 +96,6 @@
%define keydir %{_prefix}/lib/rpm/gnupg/keys
%define containerkeydir %{_prefix}/share/container-keys/
%define pemcontainerkeydir %{_prefix}/share/pki/containers/
-PreReq: fileutils
-PreReq: gpg
-PreReq: mktemp
-PreReq: sh-utils
%description
This package contains the gpg keys that are used to sign the
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2023-05-22 13:14:35 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.1533 (New) Package is "suse-build-key" Mon May 22 13:14:35 2023 rev:40 rq:1088291 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2021-07-05 22:24:06.489198143 +0200 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.1533/suse-build-key.changes 2023-05-22 13:14:40.242910735 +0200 @@ -1,0 +2,13 @@ +Mon May 15 09:44:20 UTC 2023 - Marcus Meissner + +- updated with all current changes + - gpg-pubkey-3fa1d6ce-63c9481c.asc: Upcoming SLE RSA 4096 bit signing key. + - gpg-pubkey-25db7ae0-645bae34.asc: New SLE RSA 4096 bit backup signing key. + - gpg-pubkey-09d9ea69-645b99ce.asc: New ALP RSA 4096 bit signing key. + - gpg-pubkey-73f03759-626bd414.asc: New ALP RSA 4096 bit backup signing key. + - suse_ptf_key.asc: switch to use current RSA 2048 bit key + - suse_ptf_4096_key.asc: upcoming RSA 4096 bit key for SUSE PTFs. + - build-container-8fd6c337-63c94b45.asc: New SLE RSA 4096 bit container signing key (GPG format). + - build-container-8fd6c337-63c94b45.pem: New SLE RSA 4096 bit container signing key (PEM format). + +--- New: build-container-8fd6c337-63c94b45.asc build-container-8fd6c337-63c94b45.pem gpg-pubkey-09d9ea69-645b99ce.asc gpg-pubkey-25db7ae0-645bae34.asc gpg-pubkey-3fa1d6ce-63c9481c.asc gpg-pubkey-73f03759-626bd414.asc suse_ptf_4096_key.asc Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.N9zGYD/_old 2023-05-22 13:14:41.210915565 +0200 +++ /var/tmp/diff_new_pack.N9zGYD/_new 2023-05-22 13:14:41.214915586 +0200 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,10 +30,19 @@ # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. Source0:gpg-pubkey-39db7c82-5f68629b.asc +#pub rsa4096/0xF74F09BC3FA1D6CE 2023-01-19 [SC] [expires: 2027-01-18] +# Key fingerprint = 7F00 9157 B127 B994 D5CF BE76 F74F 09BC 3FA1 D6CE +#uid SUSE Package Signing Key +Source4:gpg-pubkey-3fa1d6ce-63c9481c.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. Source1:gpg-pubkey-50a3dd1c-50f35137.asc +# new reserver key RSA 4096 bit +#pub rsa4096/0xA1BFC02BD588DC46 2023-01-19 [SC] [expires: 2033-01-16] +# Key fingerprint = B56E 5601 41D8 F654 2DFF 3BF9 A1BF C02B D588 DC46 +#uid SUSE Package Signing Key (reserve key) +Source9:gpg-pubkey-25db7ae0-645bae34.asc # pub 1024R/307E3D54 2006-03-21 SuSE Package Signing Key # SLES 10 key. @@ -44,18 +53,42 @@ # container key used by Container TUF style signing. Source3:build-container-d4ade9c3-5a2e9669.asc -# pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key +# New ALP Keys +#pub rsa4096/0xFEC28EAF09D9EA69 2023-05-10 [SC] [expires: 2027-05-09] +# Key fingerprint = 1C59 D66F CD52 563A 1693 3DBC FEC2 8EAF 09D9 EA69 +#uid ALP Package Signing Key +Source5:gpg-pubkey-09d9ea69-645b99ce.asc +# reserve key +#pub rsa4096/0xC7B81E4373F03759 2022-04-29 [SC] [expires: 2032-04-26] +# Key fingerprint = 5056 7568 F292 0FF1 65B2 5FB2 C7B8 1E43 73F0 3759 +#uid ALP Package Signing Key (reserve key) +Source6:gpg-pubkey-73f03759-626bd414.asc + +# new 4096 bit SLES container key. +#pub rsa4096/0x100CEB438FD6C337 2023-01-19 [SC] [expires: 2027-01-18] +# Key fingerprint = 2BFA 4649 1A1C FFA8 31EF C4B6 100C EB43 8FD6 C337 +#uid SUSE Linux Container Signing Key +Source7:build-container-8fd6c337-63c94b45.asc +# Exact same key in PEM format for notary and cosign +Source8:build-container-8fd6c337-63c94b45.pem + # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default -Source98: suse_ptf_key.asc - -#pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10] -#Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922 -#uid [ full ] SUSE Security Team -#uid [ full ] SUSE Security Team -#sub
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package suse-build-key for openSUSE:Factory
checked in at 2021-07-05 22:23:19
Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old)
and /work/SRC/openSUSE:Factory/.suse-build-key.new.2625 (New)
Package is "suse-build-key"
Mon Jul 5 22:23:19 2021 rev:39 rq:904142 version:12.0
Changes:
--- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes
2021-06-14 23:11:38.396810571 +0200
+++ /work/SRC/openSUSE:Factory/.suse-build-key.new.2625/suse-build-key.changes
2021-07-05 22:24:06.489198143 +0200
@@ -1,0 +2,5 @@
+Fri Jun 11 09:49:11 UTC 2021 - Dirk M??ller
+
+- remove dumpsigs for SLE12+ (rpm 4.x) (bsc#1186827)
+
+---
Other differences:
--
++ suse-build-key.spec ++
--- /var/tmp/diff_new_pack.kHLbPX/_old 2021-07-05 22:24:06.969194429 +0200
+++ /var/tmp/diff_new_pack.kHLbPX/_new 2021-07-05 22:24:06.973194398 +0200
@@ -91,7 +91,9 @@
;;
esac
done
+%if 0%{?suse_version} && 0%{?suse_version} < 1120
install -m 755 %{SOURCE100} $RPM_BUILD_ROOT/usr/lib/rpm/gnupg
+%endif
install -d -m 755 $RPM_BUILD_ROOT%{containerkeydir}/
install -c -m 644 %{SOURCE3}
$RPM_BUILD_ROOT%{containerkeydir}/suse-container-key.asc
@@ -102,7 +104,9 @@
%attr(755,root,root) %dir %{_prefix}/lib/rpm/gnupg
%attr(755,root,root) %dir %{keydir}
%attr(755,root,root) %dir %{containerkeydir}
+%if 0%{?suse_version} && 0%{?suse_version} < 1120
%attr(755,root,root) %{_prefix}/lib/rpm/gnupg/dumpsigs
+%endif
%{keydir}/gpg-pubkey-50a3dd1c-50f35137.asc
%{keydir}/gpg-pubkey-39db7c82-5f68629b.asc
%{keydir}/gpg-pubkey-307e3d54-5aaa90a5.asc
commit suse-build-key for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package suse-build-key for openSUSE:Factory checked in at 2021-06-14 23:11:09 Comparing /work/SRC/openSUSE:Factory/suse-build-key (Old) and /work/SRC/openSUSE:Factory/.suse-build-key.new.32437 (New) Package is "suse-build-key" Mon Jun 14 23:11:09 2021 rev:38 rq:899890 version:12.0 Changes: --- /work/SRC/openSUSE:Factory/suse-build-key/suse-build-key.changes 2019-01-28 20:50:33.217771749 +0100 +++ /work/SRC/openSUSE:Factory/.suse-build-key.new.32437/suse-build-key.changes 2021-06-14 23:11:38.396810571 +0200 @@ -2 +2 @@ -Fri Jan 11 15:00:10 UTC 2019 - meiss...@suse.com +Mon Sep 21 08:30:03 UTC 2020 - Marcus Meissner @@ -4,2 +4,27 @@ -- add PTF key to the key directory, so it does not get stripped - out when using --exclude-docs (bsc#1044232) +- suse build key extended (bsc#1176759) + gpg-pubkey-39db7c82-5847eb1f.asc -> gpg-pubkey-39db7c82-5f68629b.asc + + +--- +Thu Aug 13 09:32:26 UTC 2020 - Marcus Meissner + +- actually the container key is different from the build signing + key. (PM-1845 bsc#1170347) + +--- +Thu Apr 23 13:32:45 UTC 2020 - Marcus Meissner + +- add a /usr/share/container-keys/ directory for GPG based Container + verification. +- Add the SUSE build key as "suse-container-key.asc". (PM-1845 bsc#1170347) + +--- +Wed Mar 11 09:09:42 UTC 2020 - Marcus Meissner + +- created a new secur...@suse.de communication key (bsc#1166334) + +--- +Tue Nov 13 12:41:24 UTC 2018 - meiss...@suse.com + +- include ptf key in the key directory to avoid it being + stripped via %doc stripping. (bsc#1044232) Old: gpg-pubkey-39db7c82-5847eb1f.asc New: build-container-d4ade9c3-5a2e9669.asc gpg-pubkey-39db7c82-5f68629b.asc Other differences: -- ++ suse-build-key.spec ++ --- /var/tmp/diff_new_pack.fgtA34/_old 2021-06-14 23:11:38.788811279 +0200 +++ /var/tmp/diff_new_pack.fgtA34/_new 2021-06-14 23:11:38.788811279 +0200 @@ -1,7 +1,7 @@ # # spec file for package suse-build-key # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,14 +22,14 @@ Requires: gpg AutoReqProv:off Summary:The public gpg key for rpm package signature verification -License:GPL-2.0+ +License:GPL-2.0-or-later Group: System/Packages Version:12.0 Release:0 # pub 2048R/39DB7C82 2013-01-31 SuSE Package Signing Key # The main package signing key. -Source0:gpg-pubkey-39db7c82-5847eb1f.asc +Source0:gpg-pubkey-39db7c82-5f68629b.asc # pub 2048R/50A3DD1C 2013-01-14 SuSE Package Signing Key (reserve key) # Fallback key if main key gets lost. @@ -39,16 +39,22 @@ # SLES 10 key. Source2:gpg-pubkey-307e3d54-5aaa90a5.asc +#pub rsa2048/0x8EFE1BC4D4ADE9C3 2017-12-11 [SC] [expires: 2027-12-09] +# Key fingerprint = 0EE9 CA43 0050 9E29 17A0 54ED 8EFE 1BC4 D4AD E9C3 +# container key used by Container TUF style signing. +Source3:build-container-d4ade9c3-5a2e9669.asc + # pub 1024D/B37B98A9 2005-05-11 SUSE PTF Signing Key # SUSE supplied PTF (program temporary fixes) are signed by this key. # supplied to be not imported by default Source98: suse_ptf_key.asc -#pub rsa4096/0x21FE92322BA9E067 2018-03-15 [SC] [expires: 2020-03-14] -# Key fingerprint = EC7C 5EAB 2C34 09A6 4F3B BE6E 21FE 9232 2BA9 E067 -#uid SUSE Security Team -#uid SUSE Security Team -#sub rsa4096/0xFF97314EC1E11A0E 2018-03-15 [E] [expires: 2020-03-14] +#pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10] +#Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922 +#uid [ full ] SUSE Security Team +#uid [ full ] SUSE Security Team +#sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2022-03-10] +# Key fingerprint = DB30 DF8E 6E44 CFF8 25E8 C858 A679 ED66 FD41 7627 # Only used for email communication Source99:
