New GPG Release Key for RPMs

As mentioned in the previous batch of release notes (e.g. 10.6.11), our Yum/DNF/Zypper repositories for Red Hat Enterprise Linux, Centos, Fedora, openSUSE and SUSE will, from our next set of releases, be migrated to being signed with a new GPG key with SHA2 digest algorithms instead of SHA1.

The key we are migrating to is the same one we already use for our Debian and Ubuntu repositories.

  • The short Key ID is: 0xC74CD1D8
  • The long Key ID is: 0xF1656F24C74CD1D8
  • The full fingerprint of the key is: 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8

The key can be imported now in preparation for this change using the following command:

sudo rpm --import

Those with a gpgkey=https://mirror/yum/RPM-GPG-KEY-MariaDB in their repo file will still work, you’ll just need to accept the new key on DNF update.

You should apply package manager specific commands to clean and refresh the package cache.

Feedback Welcome

If you come across any problems in this feature preview, with the design, or edge cases that don’t work as expected, please let us know with a JIRA bug/feature request in the MDEV project. You are welcome to chat about it on Zulip.