Anydesk Repository: PGP-Key lässt sich nicht aktualisieren

Der PGP-Key ist im Dezember 2023 abgelaufen, wie ich gerade festgestellt habe.

Jetzt habe ich mit wget https://keys.anydesk.com/repos/RPM-GPG-KEY den aktuellen Schlüssel heruntergeladen mit mit sudo rpm --import RPM-GPG-KEY installiert.

In yast-repositories wird allerdings immer noch der alte Schlüssel angezeigt. Wenn ich diesen “lösche” und über “hinzufügen” den neuen Schlüssel importiere, wird das Ablaufdatum korrekt angezeigt. Aber nach dem nächsten Start von yast steht da immer wieder der alte Schlüssel?

Was mache ich falsch? Oder liegt das Problem darin, dass Philandro am 17.12.2023 einen neuen Schlüssel erzeugt hat und den alten nicht verlängert hat?

Jetzt bin ich gerade noch einmal nach exakt dieser Anleitung hier vorgegangen:

http://rpm.anydesk.com/howto.html

cat > AnyDesk-OpenSUSE.repo << "EOF" 
[anydesk]
name=AnyDesk OpenSUSE - stable
baseurl=http://rpm.anydesk.com/opensuse/$basearch/
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://keys.anydesk.com/repos/RPM-GPG-KEY
EOF

zypper addrepo --repo AnyDesk-OpenSUSE.repo

Die PGP-Signatur wird immer noch als abgelaufen angezeigt. Warum?

Das hast du auch im entsprechenden Ordner abgesetzt?

Poste mal:
ls -al /etc/zypp/repos.d/
und
zypper lr -d
und

rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey)
ls -al /etc/zypp/repos.d/
insgesamt 76
drwxr-xr-x 1 root root 818 22. Apr 06:13 .
drwxr-xr-x 1 root root 250 19. Mai 18:11 ..
-rw-r--r-- 1 root root 220  7. Jun 09:42 anydesk.repo
-rw-r--r-- 1 root root 147  7. Jun 09:42 games.repo
-rw-r--r-- 1 root root 185  7. Jun 09:42 http-ftp.gwdg.de-021c8d33.repo
-rw-r--r-- 1 root root 178  7. Jun 09:42 http-opensuse-guide.org-ec79c5f0.repo
-rw-r--r-- 1 root root 128  7. Jun 09:42 openSUSE-Leap-15.3-1.repo
-rw-r--r-- 1 root root 244  7. Jun 09:42 repo-backports-debug-update.repo
-rw-r--r-- 1 root root 199  7. Jun 09:42 repo-backports-update.repo
-rw-r--r-- 1 root root 179  7. Jun 09:42 repo-debug-non-oss.repo
-rw-r--r-- 1 root root 157  7. Jun 09:42 repo-debug.repo
-rw-r--r-- 1 root root 183  7. Jun 09:42 repo-debug-update-non-oss.repo
-rw-r--r-- 1 root root 162  7. Jun 09:42 repo-debug-update.repo
-rw-r--r-- 1 root root 171  7. Jun 09:42 repo-non-oss.repo
-rw-r--r-- 1 root root 160  7. Jun 09:42 repo-oss.repo
-rw-r--r-- 1 root root 222  7. Jun 09:42 repo-sle-debug-update.repo
-rw-r--r-- 1 root root 208  7. Jun 09:42 repo-sle-update.repo
-rw-r--r-- 1 root root 160  7. Jun 09:42 repo-source.repo
-rw-r--r-- 1 root root 176  7. Jun 09:42 repo-update-non-oss.repo
-rw-r--r-- 1 root root 159  7. Jun 09:42 repo-update.repo
-rw-r--r-- 1 root root 248  7. Jun 09:42 teamviewer.repo

zypper lr -d
#  | Alias                            | Name                                                                                        | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                                     | Service
---+----------------------------------+---------------------------------------------------------------------------------------------+---------+-----------+---------+----------+--------+-------------------------------------------------------------------------+--------
 1 | anydesk                          | AnyDesk OpenSUSE - stable                                                                   | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://rpm.anydesk.com/opensuse/x86_64/                                 | 
 2 | games                            | games                                                                                       | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | https://download.opensuse.org/repositories/games/15.5/                  | 
 3 | http-ftp.gwdg.de-021c8d33        | Packman Repository                                                                          | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_15.5/      | 
 4 | http-opensuse-guide.org-ec79c5f0 | libdvdcss repository                                                                        | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://opensuse-guide.org/repo/openSUSE_Leap_15.5/                      | 
 5 | openSUSE-Leap-15.3-1             | openSUSE-Leap-15.5-1                                                                        | Nein    | ----      | ----    |   99     | rpm-md | dvd:/                                                                   | 
 6 | repo-backports-debug-update      | Update repository with updates for openSUSE Leap debuginfo packages from openSUSE Backports | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/update/leap/15.5/backports_debug/          | 
 7 | repo-backports-update            | Update repository of openSUSE Backports                                                     | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/update/leap/15.5/backports/                | 
 8 | repo-debug                       | Debug Repository                                                                            | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/distribution/leap/15.5/repo/oss/     | 
 9 | repo-debug-non-oss               | Debug Repository (Non-OSS)                                                                  | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/distribution/leap/15.5/repo/non-oss/ | 
10 | repo-debug-update                | Update Repository (Debug)                                                                   | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.5/oss/                | 
11 | repo-debug-update-non-oss        | Update Repository (Debug, Non-OSS)                                                          | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.5/non-oss/            | 
12 | repo-non-oss                     | Non-OSS Repository                                                                          | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.5/repo/non-oss/       | 
13 | repo-oss                         | Main Repository                                                                             | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.5/repo/oss/           | 
14 | repo-sle-debug-update            | Update repository with debuginfo for updates from SUSE Linux Enterprise 15                  | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/debug/update/leap/15.5/sle/                | 
15 | repo-sle-update                  | Update repository with updates from SUSE Linux Enterprise 15                                | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/update/leap/15.5/sle/                      | 
16 | repo-source                      | Source Repository                                                                           | Nein    | ----      | ----    |   99     | N/A    | http://download.opensuse.org/source/distribution/leap/15.5/repo/oss/    | 
17 | repo-update                      | Main Update Repository                                                                      | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/update/leap/15.5/oss/                      | 
18 | repo-update-non-oss              | Update Repository (Non-Oss)                                                                 | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | http://download.opensuse.org/update/leap/15.5/non-oss/                  | 
19 | teamviewer                       | TeamViewer - x86_64                                                                         | Ja      | (r ) Ja   | Ja      |   99     | rpm-md | https://linux.teamviewer.com/yum/stable/main/binary-x86_64/             | 


 rpm -q --queryformat "%{SUMMARY}\n" $(rpm -q gpg-pubkey)
gpg(SuSE Package Signing Key <build@suse.de>)
gpg(SuSE Package Signing Key <build@suse.de>)
gpg(openSUSE Project Signing Key <opensuse@opensuse.org>)
gpg(Martin Schlander (cb400f) <martin.schlander@gmail.com>)
gpg(philandro Software GmbH <info@philandro.com>)
gpg(openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>)
gpg(TeamViewer GmbH (TeamViewer Linux 2017) <support@teamviewer.com>)
gpg(games OBS Project <games@build.opensuse.org>)
gpg(openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>)
gpg(openSUSE Project Signing Key <opensuse@opensuse.org>)
gpg(PackMan Project (signing key) <packman@links2linux.de>)

Ich war jetzt auf diesem Wege erfolgreich:

In Repositories habe ich das Anydesk-Repository inkl. Philandro.Key gelöscht und bin dann nach der obigen Anleitung vorgegangen + rpm --import RPM-GPG-KEY vor dem Befehl zypper addrepo --repo AnyDesk-OpenSUSE.repo.

Wenn ich mir das so anschaue, hätte es wahrscheinlich gereicht, den Philandro-Key in Repositories zu löschen und als root mit rpm --import RPM-GPG-KEY zu aktualisieren?

Eigentlich gibt es nichts zu tun. Beim ersten Versuch zu installieren fragt zypper “Do you want to reject the key, or trust always?”:

erlangen:~ # zypper install -dD anydesk
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 2 NEW packages are going to be installed:
  anydesk libgtkglext-x11-1_0-0

2 new packages to install.
Overall download size: 6.7 MiB. Already cached: 142.5 KiB. Download only.

Backend:  classic_rpmtrans --dry-run --download-only
Continue? [y/n/v/...? shows all options] (y): 
In cache libgtkglext-x11-1_0-0-1.2.0git20110529-8.6.x86_64.rpm                                                                                                                                                          (1/2), 142.5 KiB    
Retrieving: anydesk-6.3.2-1.x86_64 (AnyDesk OpenSUSE - stable)                                                                                                                                                          (2/2),   6.7 MiB    
Retrieving: anydesk_6.3.2-1_x86_64.rpm ...................................................................................................................................................................................[done (6.7 MiB/s)]
anydesk_6.3.2-1_x86_64.rpm:
    Header V4 RSA/SHA512 Signature, key ID 18df3741cdffde29: NOKEY
    V4 RSA/SHA512 Signature, key ID 18df3741cdffde29: NOKEY

warning: /var/tmp/AP_0xV9RUpT/Packages/anydesk_6.3.2-1_x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID cdffde29: NOKEY
Looking for gpg key ID CDFFDE29 in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID CDFFDE29 in repository AnyDesk OpenSUSE - stable.
  gpgkey=https://keys.anydesk.com/repos/RPM-GPG-KEY
Retrieving: RPM-GPG-KEY ..................................................................................................................................................................................................[done (1.7 KiB/s)]

New repository or package signing key received:

  Repository:       AnyDesk OpenSUSE - stable
  Key Fingerprint:  D563 11E5 FF3B 6F39 D5A1 6ABE 18DF 3741 CDFF DE29
  Key Name:         philandro Software GmbH <info@philandro.com>
  Key Algorithm:    RSA 2048
  Key Created:      Mon Dec 18 00:20:44 2023
  Key Expires:      Wed Dec 17 00:20:44 2025
  Subkey:           3C1690E043595971 2017-12-19 [expires: 2025-12-17]
  Rpm Name:         gpg-pubkey-cdffde29-657f824c



    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
    you are not sure whether the presented key is authentic, ask the repository provider or check
    their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
    are using.

Do you want to reject the key, or trust always? [r/a/?] (r): a

Checking for file conflicts: .........................................................................................................................................................................................................[done]
erlangen:~ # 

Nach Antwort “trust always” ist alles klar. Beim zweiten Versuch gibt es keine Fragen mehr:

erlangen:~ # zypper in -dD anydesk
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following 2 NEW packages are going to be installed:
  anydesk libgtkglext-x11-1_0-0

2 new packages to install.
Overall download size: 0 B. Already cached: 6.8 MiB. Download only.

Backend:  classic_rpmtrans --dry-run --download-only
Continue? [y/n/v/...? shows all options] (y): 
In cache libgtkglext-x11-1_0-0-1.2.0git20110529-8.6.x86_64.rpm                                                                                                                                                          (1/2), 142.5 KiB    
In cache anydesk_6.3.2-1_x86_64.rpm                                                                                                                                                                                     (2/2),   6.7 MiB    

Checking for file conflicts: .........................................................................................................................................................................................................[done]
erlangen:~ # 

Apropos:

erlangen:~ # zypper repos anydesk
Alias          : anydesk
Name           : AnyDesk OpenSUSE - stable
URI            : http://rpm.anydesk.com/opensuse/x86_64/
Enabled        : Yes
GPG Check      : ( p) Yes
Priority       : 99 (default priority)
Autorefresh    : On
Keep Packages  : Off
Type           : rpm-md
GPG Key URI    : https://keys.anydesk.com/repos/RPM-GPG-KEY
Path Prefix    : 
Parent Service : 
Keywords       : ---
Repo Info Path : /etc/zypp/repos.d/AnyDesk-OpenSUSE.repo
MD Cache Path  : /var/cache/zypp/raw/anydesk
erlangen:~ # 

Hallo Karl, die Abfrage nach der Akzeptanz des Keys kam bei mir leider nicht! Ich hätte eigentlich auch erwartet, dass das automatisch mit dem Einfügen des Repositorys passiert, so wie es konfiguriert ist.

Anydesk hatte ich übrigens bereits schon installiert und es gab da für openSuSE offenbar auch schon länger keine Updates mehr, ansonsten wäre ich wohl früher aufmerksam geworden.

Wie auch immer: Problem gelöst, wünsche ein schönes Wochenende und besten Dank nochmal für Euren Input!

Wer nach der obigen Anleitung installiert wird feststellen, dass der Autorefresh deaktiviert ist. Gewohnheitsmäßig aktiviere ich den immer:

erlangen:~ # zypper modifyrepo --refresh anydesk 
Nothing to change for repository 'anydesk'.
erlangen:~ # 

Eine Benutzung der Repositories ohne Autorefresh ist möglich, hat aber möglicherweise gravierende Nebenwirkungen. :wink:

Deshalb hatte ich Autorefresh auch umgehend nach der Installation des Repositories wieder aktiviert.

Wünsche einen schönen Sonntag,
Felix

Dann ist ja alles in Ordnung!

Zypper verwaltet die Keys selbständig. Wenn es hakt und Hand angelegt werden muss wird es unübersichtlich. Dann ist diese Liste ist ganz angenehm:

erlangen:~ # rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-7fac5991-4615767f    Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com> public key
gpg-pubkey-7a317ae5-5c4703b7    home:jayvdb OBS Project <home:jayvdb@build.opensuse.org> public key
gpg-pubkey-3dbdc284-53674dd4    gpg(openSUSE Project Signing Key <opensuse@opensuse.org>)
gpg-pubkey-602f90b9-5be013ea    home:lnussel OBS Project <home:lnussel@build.opensuse.org> public key
gpg-pubkey-793371fe-5bdfaa15    devel:languages:R OBS Project <devel:languages:R@build.opensuse.org> public key
gpg-pubkey-f3f033b1-5d5e777a    home:Dead_Mozay OBS Project <home:Dead_Mozay@build.opensuse.org> public key
gpg-pubkey-ed340235-5b8fb690    system:snappy OBS Project <system:snappy@build.opensuse.org> public key
gpg-pubkey-766da614-60c9e2e7    mozilla OBS Project <mozilla@build.opensuse.org> public key
gpg-pubkey-f23c6aa3-624437f7    multimedia OBS Project <multimedia@build.opensuse.org> public key
gpg-pubkey-855d10f6-62727474    home:dirkmueller OBS Project <home:dirkmueller@build.opensuse.org> public key
gpg-pubkey-03579c1d-615c81f7    Kernel OBS Project <Kernel@build.opensuse.org> public key
gpg-pubkey-65176565-61a0ee8f    openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org> public key
gpg-pubkey-943d8bb8-617b16bd    science OBS Project <science@build.opensuse.org> public key
gpg-pubkey-015baa41-6262b19e    home:kukuk OBS Project <home:kukuk@build.opensuse.org> public key
gpg-pubkey-3adca79d-550f2d7f    Plex Inc. public key
gpg-pubkey-61e7d06c-5ef939c1    YaST OBS Project <YaST@build.opensuse.org> public key
gpg-pubkey-ee454f98-5f77a196    server:monitoring OBS Project <server:monitoring@build.opensuse.org> public key
gpg-pubkey-40ce564d-5e9b79a3    home:harish2704 OBS Project <home:harish2704@build.opensuse.org> public key
gpg-pubkey-39db7c82-5f68629b    SuSE Package Signing Key <build@suse.de> public key
gpg-pubkey-7704c588-5f28b2dc    home:Kailed OBS Project <home:Kailed@build.opensuse.org> public key
gpg-pubkey-79fcea62-5c8ff5d5    BellSoft LLC <info@bell-sw.com> public key
gpg-pubkey-be1229cf-5631588c    Microsoft (Release signing) <gpgsecurity@microsoft.com> public key
gpg-pubkey-6867f5be-4d77cecd    gpg(Martin Schlander (cb400f) <martin.schlander@gmail.com>)
gpg-pubkey-e2c0098c-5d4739ba    Base:System OBS Project <Base:System@build.opensuse.org> public key
gpg-pubkey-42a81229-5b9d1d65    gpg(home:X0F OBS Project <home:X0F@build.opensuse.org>)
gpg-pubkey-23ab3b2c-5e690f29    home:lnussel:branches:Base:System OBS Project <home:lnussel:branches:Base:System@build.opensuse.org> public key
gpg-pubkey-0d210a40-602b3802    KDE:Extra OBS Project <KDE:Extra@build.opensuse.org> public key
gpg-pubkey-d38b4796-570c8cd3    Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com> public key
gpg-pubkey-4ca375da-5bb3b75d    gpg(home:seife OBS Project <home:seife@build.opensuse.org>)
gpg-pubkey-c4ade6bb-5cc1169c    gpg(home:Herbster0815 OBS Project <home:Herbster0815@build.opensuse.org>)
gpg-pubkey-cf5dd334-5153d20c    home:kill_it OBS Project <home:kill_it@build.opensuse.org> public key
gpg-pubkey-c27aa466-5ff5836d    Vivaldi Package Composer KEY07 <packager@vivaldi.com> public key
gpg-pubkey-1abd1afb-450ef738    PackMan Project (signing key) <packman@links2linux.de> public key
gpg-pubkey-29b700a4-62b07e22    openSUSE Project Signing Key <opensuse@opensuse.org> public key
gpg-pubkey-73043a97-4c9e8ee3    home:eyecreate OBS Project <home:eyecreate@build.opensuse.org> public key
gpg-pubkey-20038257-63ab09c9    Brave Linux Release (Brave Linux Release) <brave-linux-release@brave.com> public key
gpg-pubkey-c2d4e821-5bc51032    Brave Software <support@brave.com> public key
gpg-pubkey-6a8a26f9-5b4e234c    Brave Software (Brave Core Nightly Key) (We're reinventing the browser as a user-first platform for speed and privacy.) <support@brave.com> public key
gpg-pubkey-f661cdcb-63ab09ad    Brave Linux Pre Release (Brave Linux Pre Release) <brave-linux-pre-release@brave.com> public key
gpg-pubkey-9591c39b-479655f2    Application:Geo OBS Project <Application:Geo@build.opensuse.org> public key
gpg-pubkey-c9ec0f20-5ef459f2    home:Herbster0815 OBS Project <home:Herbster0815@build.opensuse.org> public key
gpg-pubkey-609ef903-637fdc76    home:SquarePeg79 OBS Project <home:SquarePeg79@build.opensuse.org> public key
gpg-pubkey-8a94c013-65da48ae    home:Stan8 OBS Project <home:Stan8@build.opensuse.org> public key
gpg-pubkey-21c7767f-4cf37b00    home:k-hb OBS Project <home:k-hb@build.opensuse.org> public key
gpg-pubkey-9056621d-4cd98a1a    utilities OBS Project <utilities@build.opensuse.org> public key
gpg-pubkey-324e6311-5370dbeb    filesystems OBS Project <filesystems@build.opensuse.org> public key
gpg-pubkey-a416781f-60642fca    home:Sauerland OBS Project <home:Sauerland@build.opensuse.org> public key
gpg-pubkey-cdffde29-5a38cbae    philandro Software GmbH <info@philandro.com> public key
erlangen:~ # 
erlangen:~ # rpm -qi gpg-pubkey-cdffde29-5a38cbae
Name        : gpg-pubkey
Version     : cdffde29
Release     : 5a38cbae
Architecture: (none)
Install Date: Sat Jun  8 10:06:01 2024
Group       : Public Keys
Size        : 0
License     : pubkey
Signature   : (none)
Source RPM  : (none)
Build Date  : Tue Dec 19 09:19:58 2017
Build Host  : localhost
Packager    : philandro Software GmbH <info@philandro.com>
Summary     : philandro Software GmbH <info@philandro.com> public key
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.19.1.1

mQENBFo4y64BCADDrIpJwfhOueAvVcbsziRiIBEKg1Bkz5ozDvO9dmU6bInCSesh
...
=sFo2
-----END PGP PUBLIC KEY BLOCK-----

Distribution: (none)
erlangen:~ # 

Er ist schnell gelöscht:

erlangen:~ # rpm -e gpg-pubkey-cdffde29-5a38cbae
erlangen:~ # 

Und genau so schnell importiert:

erlangen:~ # rpm --import https://keys.anydesk.com/repos/RPM-GPG-KEY
erlangen:~ #