MySQL Forums
Forum List  »  Install & Repo

2023 gpg key rotation plans
Posted by: Hans Borresen
Date: May 31, 2022 10:19AM

Hello,

Earlier this year, MySQL started rotating out their GPG signing keys for packages.

On yum/dnf operating systems, the signing key is specified with "gpgkey=" in /etc/yum.repos.d/mysql-community.repo which is managed by the mysql80-community-release rpm.

Currently, the signing key is stored under /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022 -- and it is set to expire on 2023-12-14

I assume you guys plan to handle key rotations via updates to the mysql80-community-release rpm -- however, mysql-community.repo is marked as a config noreplace file -- which means that any attempts to add new signing keys won't work without user intervention because all that will happen is that a ".rpmnew" repo file will be made. No update will be applied to the actual repo file.

Do you guys have any other plan that will gracefully handle key rotation when the 2022 key expires so that manual user intervention will not be necessary?

Options: ReplyQuote


Subject
Written By
Posted
2023 gpg key rotation plans
May 31, 2022 10:19AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.