Expired Key on repositories download.opensuse.org

Antworten
Benutzeravatar
m.scalese
uib-Team
Beiträge: 37
Registriert: 22 Aug 2014, 09:13

Expired Key on repositories download.opensuse.org

Beitrag von m.scalese »

Dear opsi-users,

On 17.02.2017 the key of download.opensuse.org had expired. The key valid perio had been automatically extended. You may experience issues with Debian/Ubuntu and UCS at the moment. Even if you obtain the key as described in opsi-getting-started, it can still occur that you receive the old key. Should that happend, we have stored the Release.key for our repositories on download.uib.de.

For Debian / Ubuntu / UCS please follow this procedure:

Import the key:

Code: Alles auswählen

wget -O - http://download.uib.de/opsi4.0/Release.key | apt-key add -
This command should fix the problem. You can test it with the following command:

Code: Alles auswählen

apt-key list
You should see the following output to opsi:

Code: Alles auswählen

Pub 1024D / 4DC87421 2010-07-23 [expires: 2019-04-27]
Uid home: uibmz OBS Project <home: uibmz@build.opensuse.org>
If that doesn't work, try to remove the old key manually:

Code: Alles auswählen

apt-key del 4DC87421
And then again apply command to import the key (wget ...).

For RPM-based distributions, the key should be automatically updated. Still, in the case you experience issues with the mirrors. You can solve the problem on your distribution, following this steps:

Download the new key:

Code: Alles auswählen

wget http://download.uib.de/opsi4.0/Release.key
Import the new key:

Code: Alles auswählen

rpm --import Release.key

Report of Weak-Keys under Ubuntu 16.04:

It is not possible for us to influence the hashing from outside. As mentioned before, we experiment with own build instances and our own repositories. Therefore it was decided not to re-create the current key. As soon as we have another type of solution for this, we'll report back to you. The warning about the key will continue to appear.

As always, kind regards,

Martin Scalese
Zuletzt geändert von m.scalese am 23 Feb 2017, 10:11, insgesamt 1-mal geändert.
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.

http://www.uib.de
adlerweb
Beiträge: 28
Registriert: 09 Jul 2008, 10:33
Kontaktdaten:

Re: Expired Key on repositories download.opensuse.org

Beitrag von adlerweb »

Hi,

you might want to also have a look at the URLs mentioned in the documentation (http://download.uib.de/opsi_stable/doc/ ... ble-en.pdf). There is for example http://download.opensuse.org/repositori ... elease.key mentioned which still serves the old, expired key.
Benutzeravatar
n.wenselowski
Ex-uib-Team
Beiträge: 3194
Registriert: 04 Apr 2013, 12:15

Re: Expired Key on repositories download.opensuse.org

Beitrag von n.wenselowski »

Hi,

the problem is that the mirroring of the new key to the mirrors seems to take some time and we have no possibility to influence it as it is run by openSuse (which - I want to say - we are very grateful for).
An request for the key will land you on any of the mirrors and you might have some luck and get the new one but you may also get the old one.

The problem usually sorts itself out after some time has passed and all mirrors have the new file.


With kind regards

Niko

Code: Alles auswählen

import OPSI
Benutzeravatar
m.scalese
uib-Team
Beiträge: 37
Registriert: 22 Aug 2014, 09:13

Re: Expired Key on repositories download.opensuse.org

Beitrag von m.scalese »

UPDATE: As of today (06.03.2017 1:40 PM CET ), the repository keys should also be current on the mirror repositories. The copy of the key remains however on download.uib.de as workaround, just in case the replication doesn't work, or if another repository doesn't actually have the corresponding update.

As always, kind regards,

Martin from uib.
opsi support - uib gmbh
For productive opsi installations we recommend support contracts.

http://www.uib.de
Antworten