-
Notifications
You must be signed in to change notification settings - Fork 2.2k
Description
Looks like https://bugs.mysql.com/bug.php?id=85029 has resurged today with an expiration of the PGP key used for signing MySQL releases. 😅
It appears that RPM/DNF/YUM don't mind the key being expired, but APT sure does, and fails our (re)builds on 8.0 and 5.7 (Debian-based images).
@ltangvald do you think there's a chance of this key getting a renewed expiration date? If not, we'll probably consider applying something like https://github.com/debuerreotype/debuerreotype/blob/60b625d1ce31bd81525bb67fc3a33f9686bc3433/scripts/.gpgv-ignore-expiration.sh during our build instead (so we still get the cryptographic benefits of PGP but without honoring/failing on the expiration date).
For reference:
root@dddeed483b62:/# wget -qO- 'https://repo.mysql.com/RPM-GPG-KEY-mysql-2022' | gpg --import
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 467B942D3A79BD29: public key "MySQL Release Engineering <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@dddeed483b62:/# wget -qO- 'https://repo.mysql.com/RPM-GPG-KEY-mysql' | gpg --import
gpg: key 8C718D3B5072E1F5: public key "MySQL Release Engineering <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@dddeed483b62:/# gpg --fingerprint
/root/.gnupg/pubring.kbx
------------------------
pub rsa4096 2021-12-14 [SC] [expired: 2023-12-14]
859B E8D7 C586 F538 430B 19C2 467B 942D 3A79 BD29
uid [ expired] MySQL Release Engineering <[email protected]>
pub dsa1024 2003-02-03 [SCA] [expired: 2022-02-16]
A4A9 4068 76FC BD3C 4567 70C8 8C71 8D3B 5072 E1F5
uid [ expired] MySQL Release Engineering <[email protected]>
glennslaven, disser4, avexbesuke, hiroshinakasone, miimsam and 3 moreg-boczkovski and avexbesuke
Metadata
Metadata
Assignees
Labels
No labels