Handling SUSE package signing key renewal
This document (000019805) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 12
Situation
This change was delivered via suse-build-key package updates, and also via repository keys refreshes in the Update repositories (see Additional Information):
There are rare cases where this update did not refresh the RPM keyring, e.g. if you refresh all repositories all the time.
In this case there was a bug in libzypp which prohibited the automatic refresh of the key.
Resolution
- zypper refresh only one of the update repositories
- manually refresh the new gpg key from suse-build-key as root:
rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5f68629b.asc
- Alternatively, the following command (as root) can be executed which will manually trigger a refrsh
zypper lr -E | grep Updates | awk -F\| '$4 ~ /Yes/{gsub(/ /,"",$2);print $1;exit}' | xargs -r zypper ref -f -r
Cause
Additional Information
Updates were released as per the following :
https://lists.suse.com/pipermail/sle-updates/2020-October/016396.html
https://lists.suse.com/pipermail/sle-updates/2020-October/016320.html
In addition, also the GPG key for the various SLE media has now also expired.
For example:
- SUSE Linux Enterprise Server 15 SP2
- SUSE Linux Enterprise Server 15 SP1
- SUSE Linux Enterprise Server 15 GA
In case official SUSE media with the updated GPG is required for any offline deployments, SUSE suggests to download the QU Media ISO instead. These Quarterly Update releases contain all maintenance updates of the packages that have been released in the meantime
The QU (Quarterly Update) ISO's can be downloaded from the the regular SUSE Download page, and can be identified as quarterly update by their name. For example SLE-15-SP2-Full-x86_64-QU1-Media1.iso and SLE-15-SP1-Installer-DVD-x86_64-QU5-Media1.iso
Signing keys can be found on the following link:
https://www.suse.com/support/security/keys/
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000019805
- Creation Date: 07-Dec-2020
- Modified Date:21-Feb-2025
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com