SUSE Support

Here When You Need Us

Handling SUSE package signing key renewal

This document (000019805) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12

Situation

In October 2020, the GPG key used the verify the repository signatures of SUSE Linux Enterprise 12 and 15, was a adjusted from 2020, to 2024.

This change was delivered via suse-build-key package updates, and also via repository keys refreshes in the Update repositories (see Additional Information):

There are rare cases where this update did not refresh the RPM keyring, e.g. if you refresh all repositories all the time.
In this case there was a bug in libzypp which prohibited the automatic refresh of the key.

Resolution

When encountering this behavior, you can resolve this using either one one of these two options below once :
  • zypper refresh only one of the update repositories
this will refresh the zypper keyring.
 
  • manually refresh the new gpg key from suse-build-key as root:
rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5f68629b.asc
 
  • Alternatively, the following command (as root) can be executed which will manually trigger a refrsh
zypper lr -E | grep Updates | awk -F\| '$4 ~ /Yes/{gsub(/ /,"",$2);print $1;exit}' | xargs -r zypper ref -f -r

Cause

The GPG signing key for the SUSE Update repositories was close to expire.

Additional Information

Updates were released as per the following :
https://lists.suse.com/pipermail/sle-updates/2020-October/016396.html
https://lists.suse.com/pipermail/sle-updates/2020-October/016320.html


In addition, also the GPG key for the various SLE media has now also expired.
For example:

  • SUSE Linux Enterprise Server 15 SP2
  • SUSE Linux Enterprise Server 15 SP1
  • SUSE Linux Enterprise Server 15 GA

In case official SUSE media with the updated GPG is required for any offline deployments, SUSE suggests to download the QU Media ISO instead. These Quarterly Update releases contain all maintenance updates of the packages that have been released in the meantime

The QU (Quarterly Update) ISO's can be downloaded from the the regular SUSE Download page, and can be identified as quarterly update by their name.  For example SLE-15-SP2-Full-x86_64-QU1-Media1.iso and SLE-15-SP1-Installer-DVD-x86_64-QU5-Media1.iso

 Signing keys can be found on the following link:
https://www.suse.com/support/security/keys/

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019805
  • Creation Date: 07-Dec-2020
  • Modified Date:21-Feb-2025
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center