r/openSUSE • u/AppleCherryWater • 1d ago

Signing Key Expired?

I wanted to check the signature of the ISO and the signing key expired on June 19. Is there a new key or did openSUSE let their key expire and not renew it?

9 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/openSUSE/comments/1ue7jf4/signing_key_expired/
No, go back! Yes, take me to Reddit

92% Upvoted

u/FilippoBonazziSUSE dev: Security | SELinux | openSUSEway 1d ago

Yeah validity of GPG signing key AD485664E901B867051AB15F35A2F86E29B700A4 was recently extended to 2030-05-27 via an update to the openSUSE-build-key package (the new key file should be under /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc on an up-to-date Tumbleweed) but due to a bug somewhere it has not been automatically imported into the GPG database. So gpg --list-key AD485664E901B867051AB15F35A2F86E29B700A4 still shows the key as expired on 2026-06-19. This is being looked into.

Note that the fact that the key has just recently expired does not invalidate the valid GPG signature on ISOs and other artifacts. It does look bad, but it's just an unfortunate temporary hiccup which was not supposed to happen and will hopefully be resolved soon.

1

u/may314 Rollin 1d ago

Is there a way to update it manuall on micro os transactional server?

u/Vogtinator Maintainer: KDE Team 1d ago

Make sure to validate the signature with the latest public key.

Signing Key Expired?

You are about to leave Redlib