Cloud:OTC OBS Project GPG key renewal

GPG key extension of Cloud:OTC repositories on 20th of October 2022

The CLOUD:OTC GPG key is expired. Some Linux based distributions (except RHEL and SUSE) are affected which are currently using the following GPG key:

$ sudo apt-key list
pub   rsa2048 2018-06-11 [SC] [expired: 2022-10-20]
      3EA8 5041 32B7 F1E9 54A9  C0AD A4F6 B298 05A6 C49C
uid           [ expired] Cloud:OTC OBS Project <Cloud:OTC@build.opensuse.org>
...

The new GPG key will expire on 14th of December 2024.

pub   rsa2048 2018-06-11 [SC] [expires: 2024-12-14]
      3EA8 5041 32B7 F1E9 54A9  C0AD A4F6 B298 05A6 C49C
uid           [ unknown] Cloud:OTC OBS Project <Cloud:OTC@build.opensuse.org>

In certain cases an error message is returning by running an update of packages which have been signed with this GPG key.

Please follow only instructions given down below in case of any error message returning to you!

In this case Image Factory Team has updated a package called: cloud-oty-keyring to version 2022.1. It contains the new CLOUD:OTC GPG key and enroll it to our customers automatically. In the case the public sync need more time the usually you can find the package under e.g. https://download.opensuse.org/repositories/Cloud:/OTC:/Tools/. Just select the desired OS and noarch and you are able to have a look at the package cloud-oty-keyring.

SUSE - SLES | openSUSE

The GPG key extension and eventually mirroring might take some time for some of the repos and during that time zypper will complain about expiring GPG key. Below is a workaround for SUSE case.

zypper --no-gpg-checks <rest of the arguments>

RHEL based distro's (CentOS, Fedora, ...)

Please be aware that during the package update, we found a bug in the update process of this package. The package will clean up the old and the new key after the update. As a workaround uninstall the package and then install it again. This should restore the right GPG key. This bug is fixed in the new package, but the update process triggers automatically the script from the old package to clean up. The new package name is 'cloud-otc-keyring-2022.1.0'.

Remove and install to import new GPG key

If required for e.g. Fedora 36, yum command can also be replaced by dnf command!

$ yum clean all
$ yum repolist all
$ yum -y remove cloud-otc-keyring
$ yum -y --nogpgcheck install cloud-otc-keyring

Debian | Ubuntu

Install the apt key

If you would run apt update now, you would get a error message like: "The repository 'http://debmirror.otc-service.com/repositories/Cloud:/OTC:/Tools/Debian_11 Release' is not signed."
To fix this the apt key following the next steps.

Then the cloud-otc-keyring package can be updated:

$ apt -o Acquire::AllowInsecureRepositories=true update
$ apt install --allow-unauthenticated cloud-otc-keyring
# or
$ apt install --only-upgrade --allow-unauthenticated cloud-otc-keyring

Now you run apt update, again. It should not show any errors anymore. The repository is now ready and can be used to install and upgrade packages.

If the the above steps fail, please run the following commands and rerun the steps above:

$ apt clean
$ rm /var/lib/apt/lists/*OTC*