[wouter@rhel rpm-gpg]$ sudo rpm --import RPM-GPG-KEY-BEID-RELEASE
[wouter@rhel rpm-gpg]$ sudo rpm --import RPM-GPG-KEY-BEID-RELEASE-2025
fout: RPM-GPG-KEY-BEID-RELEASE-2025: key 1 import failed.
[wouter@rhel rpm-gpg]$ sudo rpm --import RPM-GPG-KEY-BEID-CONTINUOUS
The only differences are that -2025 is recent and ECDSA NIST P-384, the other two are over 10 years old and need to be rotated, and are RSA.
Does RPM not support ECDSA for code signatures? Or am I doing something wrong?
@neverpanic Good question! Absolutely zero clue. This is the standard RPM as shipped with RHEL9 (haven't tried on fedora or opensuse yet)
@neverpanic yes, it does seem to work on RHEL10. Also on Fedora 41, but not on OpenSUSE 15.5 (I don't have VMs for the other RPM-based systems we support). So we'll probably have to drop support for RHEL9 and openSUSE 15.5 then, I guess (provided 15.6 works, will test soon).
Is there a workaround for this that you're aware of? Other than "generate RSA keys instead", which technically we could do but which I'd like to avoid if at all possible.
Is there a workaround for this that you're aware of? Other than "generate RSA keys instead", which technically we could do but which I'd like to avoid if at all possible.
@neverpanic actually we're supposed to have already dropped 15.5 since... January. Heh.
@neverpanic I found out in the mean time through a quickly whipped up docker container that 15.6 doesn't support it, but 16 does (at least as far as "rpm --import" not complaining with "rpm -qa|grep gpg" listing the key).
I'm fine with dropping RHEL9 and OpenSUSE <15 from our supported distributions 🤷
I'm fine with dropping RHEL9 and OpenSUSE <15 from our supported distributions 🤷
- replies
- 0
- announces
- 0
- likes
- 0