How to update expired OBS home project signing key

I’ve had an OBS home project for a while now and the signing key is now expired. I’ve hunted around in docs, lists and forums, but I haven’t found anything that explains how to update the signing key.
Can anyone point me to the right docs?

Thanks!

Olivier

On Thu 26 May 2016 11:26:01 PM CDT, oliviercalle wrote:

I’ve had an OBS home project for a while now and the signing key is now
expired. I’ve hunted around in docs, lists and forums, but I haven’t
found anything that explains how to update the signing key.
Can anyone point me to the right docs?

Thanks!

Olivier

Hi
Run;


osc signkey --extend home:<your_project>


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.21-14-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Hi Malcolm,

I ran the osc command 2 different ways:
osc signkey --extend home:oliviercalle
osc signkey --extend (within local checkout of home:oliviercalle)

Both returned <status code=“ok” />

If I look at the repos or run “zypper ref --force home-oliviercalle” the key is still expired. Perhaps because I let it expire I need to delete and create a new signing key? (osc --delete; osc --create)

Thanks for your help!

Olivier

On Fri 03 Jun 2016 05:06:01 PM CDT, oliviercalle wrote:

Hi Malcolm,

I ran the osc command 2 different ways:
osc signkey --extend home:oliviercalle
osc signkey --extend (within local checkout of home:oliviercalle)

Both returned <status code=“ok” />

If I look at the repos or run “zypper ref --force home-oliviercalle” the
key is still expired. Perhaps because I let it expire I need to delete
and create a new signing key? (osc --delete; osc --create)

Thanks for your help!

Olivier

Hi
The gpg key is cached, fire up YaST software repositories, click on the
gpg button and delete the old key. Then is should ask to add again.


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.21-14-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

That didn’t work. It asked me to accept the expired key again.

Olivier

On Fri 03 Jun 2016 07:06:01 PM CDT, oliviercalle wrote:

That didn’t work. It asked me to accept the expired key again.

Olivier

Hi
Have a read through this thread and see how you go manually
removing/adding.
https://forums.opensuse.org/showthread.php/512615-How-do-I-un-trust-a-repo?highlight=gpg


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.21-14-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

I’m fairly sure the problem is not local, but on OBS.
I’ve successfully removed the key locally because “zypper ref --force home-oliviercalle” says a new key has been received. The key it lists is the old, expired key.
I went ahead and tried the following commands with no change to the “zypper ref --force” command:

> osc signkey --create<status code=“ok” />
> osc signkey --create home:oliviercalle
<status code=“ok” />
> osc signkey --delete home:oliviercalle
Server returned an error: HTTP Error 403: Forbidden
No permission to delete public key for project ‘home:oliviercalle’. Either maintainer permissions by upper project or admin permissions is needed.
> osc signkey --create home:oliviercalle
<status code=“ok” />

“zypper ref” after this still presents the old, expired key. Also, looking at the actual download repository (http://download.opensuse.org/repositories/home:/oliviercalle/openSUSE_Leap_42.1/repodata/) shows no changes since January. Shouldn’t it show a change in the key and signature there?

Olivier

On Fri 03 Jun 2016 10:46:01 PM CDT, oliviercalle wrote:

I’m fairly sure the problem is not local, but on OBS.
I’ve successfully removed the key locally because “zypper ref --force
home-oliviercalle” says a new key has been received. The key it lists is
the old, expired key.
I went ahead and tried the following commands with no change to the
“zypper ref --force” command:

> osc signkey --create<status code=“ok” />
> osc signkey --create home:oliviercalle
<status code=“ok” />
> osc signkey --delete home:oliviercalle
Server returned an error: HTTP Error 403: Forbidden
No permission to delete public key for project ‘home:oliviercalle’.
Either maintainer permissions by upper project or admin permissions is
needed.
> osc signkey --create home:oliviercalle
<status code=“ok” />

“zypper ref” after this still presents the old, expired key. Also,
looking at the actual download repository (http://tinyurl.com/jodtmrt)
shows no changes since January. Shouldn’t it show a change in the key
and signature there?

Olivier

Hi
Maybe trigger a rebuild on one of your packages on OBS then, might get
things to clean up…


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE Leap 42.1|GNOME 3.16.2|4.1.21-14-default
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

That did it! :slight_smile:
The key I was presented was generated on June 3rd, so it had already been updated, just not visible in the repo.
Thanks for your help!

Olivier