This is one of the blockers for the libreoffice update Advisory: Updated mageia-repos package makes the DE-agnostic libreoffice-x11 plugin the default choice when libreoffice is upgraded (rather than libreoffice-kf5) when using dnf. This avoids additional Plasma packages being installed on non-Plasma systems. SRPMS: mageia-repos-6-2.mga6.src.rpm i586: mageia-repos-6-2.mga6.i586.rpm mageia-repos-cauldron-6-2.mga6.i586.rpm mageia-repos-keys-6-2.mga6.noarch.rpm mageia-repos-pkgprefs-6-2.mga6.noarch.rpm x86_64: mageia-repos-6-2.mga6.x86_64.rpm mageia-repos-cauldron-6-2.mga6.x86_64.rpm mageia-repos-keys-6-2.mga6.noarch.rpm mageia-repos-pkgprefs-6-2.mga6.noarch.rpm
Blocks: (none) => 24309
The mageia-repos-keys should include a version of the key with the expiry date should be extended. [root@x3 ~]# gpg --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia gpg: key 80420F66: public key "Mageia Packages <packages@mageia.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [root@x3 ~]# gpg --list-key 80420F66 pub 4096R/80420F66 2011-02-07 [expired: 2012-03-13] uid Mageia Packages <packages@mageia.org> The version of the key with the expiry date extended is available on the key servers. [root@x3 ~]# gpg --keyserver pool.sks-keyservers.net --recv-keys 80420F66 gpg: requesting key 80420F66 from hkp server pool.sks-keyservers.net gpg: key 80420F66: "Mageia Packages <packages@mageia.org>" 10 new signatures gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: new signatures: 10 [root@x3 ~]# gpg --list-key 80420F66 pub 4096R/80420F66 2011-02-07 [expires: 2020-12-30] uid Mageia Packages <packages@mageia.org>
CC: (none) => davidwhodgins
Indeed. seems we've been shipping an outdated key for a long time. Now fixed both on mga6 and cauldron repos and theese packages are now: SRPMS: mageia-repos-6-3.mga6.src.rpm i586: mageia-repos-6-3.mga6.i586.rpm mageia-repos-cauldron-6-3.mga6.i586.rpm mageia-repos-keys-6-3.mga6.noarch.rpm mageia-repos-pkgprefs-6-3.mga6.noarch.rpm x86_64: mageia-repos-6-3.mga6.x86_64.rpm mageia-repos-cauldron-6-3.mga6.x86_64.rpm mageia-repos-keys-6-3.mga6.noarch.rpm mageia-repos-pkgprefs-6-3.mga6.noarch.rpm
Summary: Update request: mageia-repos-6-2.mga6 => Update request: mageia-repos-6-3.mga6
[root@x3 ~]# gpg --import /etc/pki/rpm-gpg/RPM-GPG-KEY-Mageia gpg: key 80420F66: public key "Mageia Packages <packages@mageia.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) [root@x3 ~]# gpg --list-key 80420F66 pub 4096R/80420F66 2011-02-07 [expires: 2025-12-31] uid Mageia Packages <packages@mageia.org> Thanks. I don't agree with rpm silently ignoring expired keys, but that's clearly what it does. It's encouraging unsafe key usage. In my opinion, rpm should be changed to only allow the use of expired keys with some sort of user specified override.
Installed with issues. Mageia Packages sign key now valid until 2025-12-31. $ uname -a Linux marte 4.14.127-desktop-1.mga6 #1 SMP Mon Jun 17 21:30:07 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep mageia-repos mageia-repos-6-3.mga6 mageia-repos-keys-6-3.mga6 mageia-repos-pkgprefs-6-3.mga6 $ gpg --list-key "Mageia Packages <packages@mageia.org>" gpg: using classic trust model pub rsa4096 2011-02-07 [SCEA] [expires: 2025-12-31] 00EDB89585B012A8916F0DF8B742FA8B80420F66 uid [ unknown] Mageia Packages <packages@mageia.org>
CC: (none) => mageia
Flushing out before mga7
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2019-0044.html
Status: NEW => RESOLVEDResolution: (none) => FIXED