https://en.opensuse.org/api.php?action=feedcontributions&user=Msmeissn&feedformat=atomopenSUSE Wiki - User contributions [en]2024-03-28T23:29:44ZUser contributionsMediaWiki 1.37.6https://en.opensuse.org/index.php?title=openSUSE:Security_team&diff=185206openSUSE:Security team2024-03-19T09:04:25Z<p>Msmeissn: /* Members */</p>
<hr />
<div>{{Security navbar}}<br />
<div class="center"><br />
[[File:Icon-security.png|48px]]<br />
</div><br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Introduction ===<br />
</div><br />
The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Contact Details ===<br />
</div><br />
<br />
* You can mail us at [mailto:security@suse.de security@suse.de]<br />
* You can involve us in discussions on GitHub by tagging '''@opensuse/security'''<br />
{{mailinglist|security-announce|Publication of security announcements}}<br />
{{mailinglist|security|Discussion forum for security topics}}<br />
* There is also security related IRC channel [irc://irc.opensuse.org/openSUSE-security #openSUSE-security]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Members ===<br />
</div><br />
The security team includes the following SUSE employees:<br />
<br />
* [[User:Abergmann|Alexander Bergmann]]<br />
* Carlos López<br />
* Cathy Hu<br />
* Filippo Bonazzi<br />
* Gabriele Sonnu<br />
* Gianluca Gabrielli<br />
* Johannes Segitz<br />
* Matthias Gerstner<br />
* Paolo Perego<br />
* Robert Frohl<br />
* Thomas Leroy<br />
* Wolfgang Frisch<br />
* Andrea Mattiazzo<br />
* Camila Camargo de Matos<br />
<br />
Project manager Security:<br />
* [[User:Msmeissn|Marcus Mei&szlig;ner]]<br />
<br />
Teamlead:<br />
* Stoyan Manolov <br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Areas of work ===<br />
</div><br />
We work in following large areas:<br />
<br />
=== Reactive work ===<br />
<br />
That's what you see as security updates. We monitor mailinglists,<br />
coordinate between vendors, check software releases, and receive<br />
reports and drive the security update process of the openSUSE and SUSE Linux based products during their [[Lifetime|lifetime]].<br />
<br />
This is summarized on the page [[openSUSE:Security_Incident_Handling|incident handling]].<br />
<br />
* Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/<br />
* If you want to report an incident, mail [mailto:security@suse.de security@suse.de]<br />
* Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)<br />
<br />
Fingerprint:<br />
<pre><br />
pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2024-02-24]<br />
Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922<br />
uid [ full ] SUSE Security Team <security@suse.com><br />
uid [ full ] SUSE Security Team <security@suse.de><br />
sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2024-02-24]<br />
</pre><br />
(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)<br />
<br />
=== Proactive work ===<br />
<br />
We regularly check packages contained in our Linux distributions.<br />
We focus on security critical packages, network daemons, setuid<br />
programs and similar (see [[openSUSE:Package_security_guidelines|Package Security Guidelines]]). We also work on the [[openSUSE:Security Features|Security Features]].<br />
<br />
We also try to replace security critical daemons or setuid binaries<br />
by technologies less prone to attacks.<br />
<br />
Please see our [[openSUSE:Security disclosure policy|policy]] on details how and when we disclose security issues found by us.<br />
<br />
[[Category:Team pages]]<br />
[[Category:Security]]<br />
<br />
[[de:Sicherheits-Team]]<br />
[[ru:Security_Team]]<br />
<br />
__NOTOC__</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=183646openSUSE:Maintenance update process2024-02-06T13:58:57Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.5:</b><br />
<br />
openSUSE Leap 15.5 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.5:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.5:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP5:Update): all non SLE packages in openSUSE Leap 15.5<br />
* SLE repo (via download.opensuse.org/update/leap/15.5/sle/): all SLE imported binary packages for openSUSE Leap 15.5<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.5:Update or openSUSE:Backports:SLE-15-SP5:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there. (NOTE: If you are a SUSE employee, please directly submit in the IBS to the listed project, this avoids the mirroring step.)<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.5:</b><br />
http://download.opensuse.org/update/leap/15.5-test/<br />
(note: this does not include the pending SLE imported updates at this time.)<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]<br />
<br />
==Patchinfo==<br />
<br />
From Leap 15.4 onwards, the part of Leap that comes from SUSE Linux Enterprise is using both patchinfos and dedicated channels. The ''channels'' are the same tools we use on SUSE Linux Enterprise for filtering and aggregating the binaries built from a source package and that we want to deliver to a specific product.<br />
<br />
This change, better consolidated with Leap 15.5, unifies the way to delivery maintenance updates in Leap and SUSE Linux Enterprise. <br />
<br />
IBS internal service links:<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.4<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.5<br />
<br />
Given that Leap is built also with sources not coming from SUSE Linux Enterprise, we have some blocklisting mechanism for filtering out binaries from SUSE Linux Enterprise that are not supposed to land on Leap (like for example branding).<br />
<br />
The blocklist is embedded in the perl generator script for updates: (hosted on SUSE internal gitlab). <br />
<br />
[https://gitlab.suse.de/maintenance/tools.git SUSE internal gitlab - tools] generate-leap-15.5-channel.pl<br />
<br />
==Videos / Slides==<br />
<br />
[https://vimeo.com/482294939 SFScon 2020 - Marina Latini - openSUSE maintenance updates]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_maintenance&diff=183643openSUSE:Package maintenance2024-02-06T13:28:21Z<p>Msmeissn: </p>
<hr />
<div>{{Maintenance_navbar}}<br />
{{Intro|This document describes how packagers can submit updates for released openSUSE products as part of the [[Portal:Maintenance|maintenance process]].}}<br />
<br />
{{Navbar|TITLE=[[openSUSE:Package maintenance|Similar pages]]|CONTENT=[[openSUSE:Fixing_bugs|Fixing bugs]] -[[openSUSE:Build_Service_Tutorial|Build Service Tutorial]] - [[openSUSE:Maintenance update process|Maintenance update process]]}}<br />
<br />
{{Warning|All packages in the openSUSE build service are fully public. Therefore the build service cannot be used to prepare embargoed security updates. In case of an embargoed update the packager has to wait until end of the embargo before checking in the fixes}}<br />
<br />
{{Warning|<b>Before you start working on a Leap package, please check [[openSUSE:Maintenance_update_process|the maintenance process]].</b>}}<br />
<br />
==Find the package that you need to work with==<br />
<br />
The build service contains many different versions of packages. Some may be<br />
official releases and others may be under development by users in their home<br />
projects. The easiest way to find which versions are candidates for<br />
maintenance, use the <tt>osc maintained</tt> command. We'll use the<br />
nfs-utils package as an example.<br />
<br />
<code><br />
$ osc maintained nfs-utils<br />
openSUSE:Leap:15.1:Update/nfs-utils<br />
</code><br />
<br />
==Create a branch==<br />
The build service provides an easy way to work on packages without having to unnecessarily contaminate the original package. It allows the user to check out a private version of the package into their home project. Any changes committed to it will be stored as a set of changes to the original. This has the advantage of making the differences between the two projects obvious when the branch is eventually submitted back to the original project.<br />
<br />
The process for creating a branch of a single package from a single project is:<br />
<br />
<code><br />
$ osc branch -M -c openSUSE:Leap:42.3 nfs-utils<br />
[...]<br />
</code><br />
<br />
In this case an update for nfs-utils was released previously already. The<br />
updated sources got stored in a different project, ''openSUSE:Leap:42.3:Update''.<br />
You don't have to bother about that detail. osc automatically does the right<br />
thing and uses the updated sources. So just follow the instructions provided<br />
and check out your branched copy of the package:<br />
<br />
If you already have a branch for this package, you should remove and recreate it. A branch that is still around and you wonder why needs investigation. It may mean that a submit-request was not accepted, and thus the cleanup never triggered. Removing such a branch may destroy your previous work. <br />
<br />
The branch point exists from the point in time that you created it. If other changes have been committed in the interim, they will be lost if you use your existing branch. You can delete the branch by deleting the package with the <tt>osc rdelete</tt> <i>project package</i> command. For our example, it would be <tt>osc rdelete home:BenniBrunner:branches:openSUSE:Leap:42.3:Update nfs-utils.openSUSE_Leap_42.3_Update</tt>.<br />
<br />
===Branching all code streams at once===<br />
<br />
Sometimes you need to update a package for all maintained code streams, e.g. for a<br />
security fix. With the method described above you'd have to branch and check<br />
out the package two times, once for Leap 42.2 and Leap 42.3. <br />
<br />
<br />
The <tt>osc mbranch</tt> command will make that convenient. It can query the build service to find the list of projects where a package is flagged for maintenance. <br />
<br />
{{Warning|This relies on correct configuration within the build service. Please consult with the maintenance team, if you suspect the list of projects used by <tt>osc mbranch</tt> is incorrect.}}<br />
<br />
<tt>osc mbranch</tt> collects all copies of the package from all projects flagged for maintenance and creates branches of those packages in one project:<br />
<br />
<code><br />
$ osc mbranch nfs-utils<br />
Project home:BenniBrunner:branches:OBS_Maintained:nfs-utils created.<br />
</code><br />
<code><br />
$ osc co home:BenniBrunner:branches:OBS_Maintained:nfs-utils<br />
A home:BenniBrunner:branches:OBS_Maintained:nfs-utils<br />
A home:BenniBrunner:branches:OBS_Maintained:nfs-utils/nfs-utils.openSUSE_Leap_42.2_Update<br />
[...]<br />
A home:BenniBrunner:branches:OBS_Maintained:nfs-utils/nfs-utils.openSUSE_Leap_42.3_Update<br />
[...]<br />
</code><br />
<br />
{{Warning|If you have multiple spec files in your package, please use <tt>osc ls home:<i>username</i>:branches:OBS_Maintained:<i>packagename</i></tt> to double-check that packages were created for all spec-files.}}<br />
<br />
===Adding a new codestream===<br />
<br />
<tt>osc mbranch</tt> has no way of adding new code streams to a maintenance project. Instead, you can use <tt>osc branch</tt>'s <tt>-M</tt> parameter.<br />
<br />
<code><br />
osc branch -M openSUSE:Leap:15.5:Update nfs-utils home:BenniBrunner:branches:OBS_Maintained:nfs-utils<br />
</code><br />
<br />
This will link the package to the Leap 15 Update repository, name the package correctly (i.e. append the name of the code stream), and add the necessary repository in the project config.<br />
<br />
Now, you can run <tt>osc up</tt> in the maintenance project directory to check out the newly created code stream package.<br />
<br />
=== Getting the list of maintained copies manually ===<br />
If still in doubt, please contact the maintenance team for the correct list.<br />
<br />
==Make your changes==<br />
Now that you have a private copy of the package, you can make whatever changes you need to the package. The easiest way to handle updating the file list is to ensure that you don't have any temporary files still in the source package directory and use the <tt>osc addremove</tt> command.<br />
<br />
If you add new patches, make sure to follow the [[openSUSE:Packaging_Patches_guidelines|Patch tagging guidelines]].<br />
<br />
Once you've completed your changes, add an entry to the .changes files using<br />
<tt>osc vc</tt>.<br />
* briefly describe the problem, one line per problem<br />
* include a reference to the bug number in the form (bnc#12345) (if you have a bug, it must be included)<br />
* for security fixes include the CVE number if available.<br />
Finally commit your changes to your branch with the <tt>osc commit</tt> command.<br />
<br />
See [[openSUSE:Howto_write_good_changes| HOWTO write good changes]]<br />
<br />
==Submit your changes==<br />
<br />
Your branch is now a separate package and will build independently in your home project. It's generally a good idea to ensure that it builds within the tight constraints of the build system and is tested properly before submitting it. The submit process is simple.<br />
<br />
From your checked-out project directory:<br />
<br />
<code><br />
$ osc mr <br />
created request id 22864<br />
</code><br />
<br />
All packages from a remote-project:<br />
<br />
<code><br />
$ osc mr $prj<br />
created request id 22864<br />
</code><br />
<br />
A specific package from a remote-project:<br />
<br />
<code><br />
$ osc mr $prj $pkg $target #(e.g. $target could be openSUSE:Leap:15.5:Update)<br />
created request id 22864<br />
</code><br />
<br />
A sub-set of packages from a remote-project:<br />
<br />
<code><br />
$osc mr $prj $list $of $packages $target<br />
created request id 22864<br />
</code><br />
<br />
Osc will prompt you for a message for the submit request. Usually<br />
you just use the same message as for the .changes file.<br />
<br />
{{Warning|Please check the created request ID for acceptance or declines. Especially the automatic bot reviews might be buggy sometimes.}}<br />
<br />
If the above doesn't work, you can try, from the checked-out package directory:<br />
<br />
<code><br />
$ osc sr<br />
WARNING:<br />
WARNING: Project does not accept submit request, request to open a NEW maintenance incident instead<br />
WARNING:<br />
created request id Request: #180441<br />
</code><br />
<br />
==Update the Bugzilla state==<br />
<br />
Once your submission is done and your packages build successful, please adjust the Bugzilla entry.<br />
<br />
If the bug is security (starting with VUL- in the subject):<br />
<br />
* reassign to security-team@suse.de once you think everything is done.<br />
<br />
If the bug is anything else<br />
<br />
* mark as RESOLVED/FIXED once you have submitted your fixes.<br />
<br />
<br />
<br />
[[de:openSUSE:Wartung von Paketen]]<br />
[[zh:openSUSE:Package_maintenance]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_policy&diff=183640openSUSE:Maintenance policy2024-02-06T13:26:09Z<p>Msmeissn: </p>
<hr />
<div>{{Maintenance_navbar}}<br />
<br />
The openSUSE maintenance update policy aims to establish a common understanding about what kind of bug qualifies as maintenance update and defines rules for packages to minimize the risk of breaking user systems.<br />
<br />
== Bug criteria ==<br />
<br />
* Security bugs generally qualify for an update unless the bug has very low impact or only affects unusual configurations. The [[openSUSE:Security_team|security team]] evaluates security bugs and helps deciding whether it's worth an update.<br />
<br />
* Non Security Bugs: If it makes general sense to release and is worth the effort and risk. Lets give a negative indicator list:<br />
** We cannot fix installation bugs (we cannot release new media).<br />
** If no one would stumble over a bug, it is not necessary to release for an old distribution.<br />
** Package / Code cleanups that would not be visible to regular users.<br />
** Feature development which is better left for the next release.<br />
<br />
== Packaging rules ==<br />
<br />
To reduce the risk of breaking user systems, special care has to be<br />
taken when preparing a maintenance update.<br />
<br />
* '''fixes should be applied as small, self-contained patches'''<br />
* an update must meet user expectations for compatibility and quality<br />
* an update must not break existing package dependencies<br />
* an update should not introduce new package dependencies<br />
* an update should not introduce new (sub-)packages<br />
<br />
=== Version updates ===<br />
<br />
In some cases it might be sensible to use the a new upstream version<br />
instead of applying a patch. For example if the fix is complicated<br />
to backport and upstream also only fixes critical bugs in new<br />
versions anyways the risk of taking the new version might be lower<br />
than producing a broken patch.<br />
<br />
Please note that we are not operating openSUSE maintenance as rolling update<br />
release at this time, currently please use Tumbleweed for this. (So no version updates for the sake of the version update).<br />
<br />
<noinclude><br />
[[ja:openSUSE:メンテナンスポリシー]]<br />
[[zh:openSUSE:Maintenance_policy]]<br />
[[pl:{{FULLPAGENAME}}]]<br />
</noinclude></div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_team&diff=183637openSUSE:Maintenance team2024-02-06T13:25:25Z<p>Msmeissn: adjust maintenance team list</p>
<hr />
<div>{{Maintenance_navbar}}<br />
<br />
{{Intro|The openSUSE maintenance team takes care of delivery of updates to the current openSUSE and future openSUSE versions as they become available.}}<br />
<br />
== Maintenance team members ==<br />
<br />
* [[User:msmeissn|Marcus Meissner]]<br />
* [[User:rfrohl|Robert Frohl]]<br />
<br />
== Previous Members ==<br />
* Christian Dengler<br />
* Benjamin Brunner<br />
* Manuel Schnitzer<br />
* Andreas Stieger<br />
----<br />
<br />
== Duty ==<br />
<br />
* We watch NEEDINFO <code>maintenance@opensuse.org</code> bugs and decide whether to do an update or not.<br />
* We ensure all updates adhere to the [[openSUSE:Maintenance_policy|maintenance policy]]<br />
* We coordinate the updates.<br />
<br />
----<br />
<br />
== Helping ==<br />
<br />
You can help e.g. in:<br />
<br />
* notify interesting bugs that should be fixed by a maintenance update<br />
* work as a QA tester and check testing updates to improve the quality and give feedback<br />
* help us to create a new maintenance policy<br />
* work in the maintenance council<br />
* work as a package maintainer and provide the updates<br />
* work as a junior maintainer and learn to build packages and provide minor fixes<br />
* ...<br />
<br />
----<br />
== Contact ==<br />
For questions, update request, feedback you can use the mailing list of the maintenance team:<br />
<br />
{{Mailinglist|maintenance|Maintenance team}}<br />
<br />
----<br />
<br />
[[Category:Team pages]]<br />
<br />
[[de:openSUSE:Wartungs Team]]<br />
[[pl:openSUSE:Maintenance team]]<br />
[[zh:openSUSE:Maintenance_team]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=179810openSUSE:Maintenance update process2023-10-09T07:39:33Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.5:</b><br />
<br />
openSUSE Leap 15.5 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.5:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.5:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP5:Update): all non SLE packages in openSUSE Leap 15.5<br />
* SLE repo (via download.opensuse.org/update/leap/15.5/sle/): all SLE imported binary packages for openSUSE Leap 15.5<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.5:Update or openSUSE:Backports:SLE-15-SP5:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there. (NOTE: If you are a SUSE employee, please directly submit in the IBS to the listed project, this avoids the mirroring step.)<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.5:</b><br />
http://download.opensuse.org/update/leap/15.4-test/<br />
(note: this does not include the pending SLE imported updates at this time.)<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]<br />
<br />
==Patchinfo==<br />
<br />
From Leap 15.4, the part of Leap that comes from SUSE Linux Enterprise is using both patchinfos and dedicated channels. The ''channels'' are the same tools we use on SUSE Linux Enterprise for filtering and aggregating the binaries built from a source package and that we want to deliver to a specific product.<br />
<br />
This change, better consolidated with Leap 15.5, unifies the way to delivery maintenance updates in Leap and SUSE Linux Enterprise. <br />
<br />
IBS internal service links:<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.4<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.5<br />
<br />
Given that Leap is built also with sources not coming from SUSE Linux Enterprise, we have some blocklisting mechanism for filtering out binaries from SUSE Linux Enterprise that are not supposed to land on Leap (like for example branding).<br />
<br />
The blocklist is embedded in the perl generator script for updates: (hosted on SUSE internal gitlab). <br />
<br />
[https://gitlab.suse.de/maintenance/tools.git SUSE internal gitlab - tools] generate-leap-15.4-channel.pl / generate-leap-15.4-channel.pl<br />
<br />
==Videos / Slides==<br />
<br />
[https://vimeo.com/482294939 SFScon 2020 - Marina Latini - openSUSE maintenance updates]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=179807openSUSE:Maintenance update process2023-10-09T07:39:00Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.5:</b><br />
<br />
openSUSE Leap 15.5 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.5:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.5:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP5:Update): all non SLE packages in openSUSE Leap 15.5<br />
* SLE repo (via download.opensuse.org/update/leap/15.5/sle/): all SLE imported binary packages for openSUSE Leap 15.5<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.5:Update or openSUSE:Backports:SLE-15-SP5:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there. (NOTE: If you are a SUSE employee, please directly submit in the IBS to the listed project, this avoids the mirroring step.)<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.4:</b><br />
http://download.opensuse.org/update/leap/15.4-test/<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]<br />
<br />
==Patchinfo==<br />
<br />
From Leap 15.4, the part of Leap that comes from SUSE Linux Enterprise is using both patchinfos and dedicated channels. The ''channels'' are the same tools we use on SUSE Linux Enterprise for filtering and aggregating the binaries built from a source package and that we want to deliver to a specific product.<br />
<br />
This change, better consolidated with Leap 15.5, unifies the way to delivery maintenance updates in Leap and SUSE Linux Enterprise. <br />
<br />
IBS internal service links:<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.4<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.5<br />
<br />
Given that Leap is built also with sources not coming from SUSE Linux Enterprise, we have some blocklisting mechanism for filtering out binaries from SUSE Linux Enterprise that are not supposed to land on Leap (like for example branding).<br />
<br />
The blocklist is embedded in the perl generator script for updates: (hosted on SUSE internal gitlab). <br />
<br />
[https://gitlab.suse.de/maintenance/tools.git SUSE internal gitlab - tools] generate-leap-15.4-channel.pl / generate-leap-15.4-channel.pl<br />
<br />
==Videos / Slides==<br />
<br />
[https://vimeo.com/482294939 SFScon 2020 - Marina Latini - openSUSE maintenance updates]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Inst-source-utils&diff=178433Inst-source-utils2023-08-01T10:01:26Z<p>Msmeissn: note to createpatch</p>
<hr />
<div>[[Category:Repositories]][[Category:Libzypp]]<br />
== Some information about inst-source-utils ==<br />
<br />
The new package inst-source-utils will replace the current package autoyast-utils. The scripts in the obsolete package are moved to the new package and extended with new ones. The main target of both packages: Provide utilities supporting autoinstallation and creation of customized package sources.<br />
<br />
More information about AutoYaST is available [http://www.suse.de/~ug/ here].<br />
<br />
The package inst-source-utils will be enhanced in the near future. If you have additional scripts for the above target, feel free to [https://bugzilla.novell.com/enter_bug.cgi Enter a bug] an attach your scripts.<br />
<br />
<br />
== Short description of the scripts ==<br />
<br />
{| border="1"<br />
!Tool/ Script<br />
!Description<br />
|-<br />
|'''create_directory.yast'''<br />
|Creates the file directory.yast in each subdirectory of the (optional) targetdir (pwd is used if targetdir is not given as argument).<br />
<br />
YaST needs this file during Network installation to "see" the content of the directory if the server doesn't support directory listings.<br />
|-<br />
|'''create_update_source.sh'''<br />
|creates an update tree on the installation source in parallel of the actual installation tree. <br />
Usage example:<br />
Suppose the source resides in myInstallSource<br />
<br />
./create_update_source.sh myInstallSource<br />
cp -a myPackage-2.3.44.5-6.i586.rpm myInstallSource/updates/suse/i586<br />
cd myInstallSource/updates/suse<br />
create_package_descr -x setup/descr/EXTRA_PROV<br />
cd setup/descr<br />
create_directory.yast .<br />
create_md5sums .<br />
|-<br />
|'''create_md5sums'''<br />
|Creates MD5SUMS files in each subdirectory of the (optional) targetdir (pwd is used if targetdir is not given as argument).<br />
<br />
These MD5SUMS files are not used during installation any more. But are usefull if you copy files from one installation source to another.<br />
There a simple '''md5sums -c MD5SUMS''' is enough to check for any transmission errors.<br />
|-<br />
|'''create_package_descr'''<br />
|YaST uses a file named ''packages'' located in the directory ''/suse/setup/descr/'' as "package database" during installation. This script <br />
creates such a package database file (See [[Libzypp/Metadata/YaST/packages|packages Metadata description]] for more details.) and also <br />
corresponding language files named ''package._lang_'' which contain the language specific translations for the packages. <br />
See [[Libzypp/Metadata/YaST/packagesLang|packagesLang Metadata description]] for more details.<br />
<br />
So if you change or add some packages in your installation source, you need to run this script afterwards - otherwise YaST will not recognise <br />
any changes in your installation source.<br />
<br />
The script comes with a set of parameters:<br />
{| border="1"<br />
|[-d DATADIR1 <br />
[-d DATADIR2 ... ] ] <br />
(default cwd)<br />
|Path to the packages and other metadata on your installation source.<br />
|-<br />
|[-p PDB_DATA_DIR ]<br />
|Path to the directory containing a dump of the (currently SUSE internal) package database. <br />
<br />
This directory should contain a file named &lt;packagename&gt;.pl for each package in your repository. (See [[PDB/Metadata/pdbdump|pdbdump Metadata]] for more details.)<br />
|-<br />
|[-x EXTRA_PROV_FILE ]<br />
|The file ''EXTRA-PROV'' contains dependencies, the packagemanager can't resolve during installation. <br />
<br />
For example: if a package requires ''/bin/bash'' - the package manager couldn't resolve this because <br />
he doesn't know that the package "bash" contains this file. With an entry like<br />
"bash: /bin/bash"<br />
in the ''EXTRA_PROV'' file, create_package_descr will add a line containing "/bin/bash" as "Provides" to <br />
the packages file. So YaST "knows" during installation that the package "bash" must be installed - <br />
even if the package "bash" doesn't provide "/bin/bash".<br />
<br />
Keep in mind that YaST doesn't use the ''EXTRA_PROV'' file but the packages file. You can use the <br />
''EXTRA_PROV'' file on the media as draft for your own file.<br />
|-<br />
|[-i IGNORE_DIR ] <br />
[-I IGNORE_FILE ]<br />
|Sometimes it could be useful to ignore just some files or directories (like ''setup/descr'') in your Datadir.<br />
|-<br />
|[-l LANG1 <br />
[-l LANG2 [... ] ]<br />
|create_package_descr will create a file named ''package._lang_'' for each of this languages containing <br />
the summary and the description in the specific language. These language specific parts must be in the <br />
[[PDB/Metadata/pdbdump|pdbdump Metadata]] - otherwise english will be used.<br />
|-<br />
|[-o OUTPUT_DIR ]<br />
|Where to put the resulting ''packages*'' files.<br />
|-<br />
|[-Z ]<br />
|If a package has a license that has to be confirmed manually by the user before installation, this <br />
option can be used. Remember to have a license tag (named "confirmlic_yast") entered in the <br />
[[PDB/Metadata/pdbdump|pdbdump Metadata]] of the package for every language (english is used as fallback).<br />
|-<br />
|[-S ]<br />
|Add package informations for source packages (*.src.rpm), too.<br />
|-<br />
|[-P ]<br />
|Use DT:Rich (some simple HTML Tags like <p>) instead of plain ASCII text for the description.<br />
These texts are marked with the ending "_yast" (description_yast) in the [[PDB/Metadata/pdbdump|pdbdump Metadata]].<br />
|-<br />
|[-L ]<br />
|With this option create_package_descr searches only for regular files.<br />
|-<br />
|[-C ]<br />
|This option will add a sha1sum entry in the packages file for each package. This should be the default for <br />
installation sources since 10.1.<br />
|}<br />
<br />
EXAMPLE: ./create_package_descr suse -x /home/foo/CD-Creation/EXTRA_PROV -p -/home/foo/CD-Creation/pdb <br />
-i meta -o suse/setup/descr -l english -l german -l czech -l french -l spanish -l hungarian<br />
<br />
|-<br />
|'''createpatch'''<br />
|Creates a valid XML patchfile for a set of packages. This script needs the basedir to the repository and <br />
the Patch name as argument. Note that this was used only up to SLES 10 , future products use "updateinfo" style patchinfos. All other options described below are optional.<br />
<br />
{| border="1"<br />
|[-i PATCH_ID]<br />
|Patch id, needs to be unique in world, will be prefixed by "hostname -d" as default followed by the name of the<br />
first package. Dots in "hostname -d" will be converted to "_"s.<br />
|-<br />
|[-n PATCH_NAME]<br />
|Required parameter, terse patch name, like aaa_base<br />
|-<br />
|[-v PATCH_VERSION]<br />
|default to "0" first non-existant if not given<br />
|-<br />
|[-s PATCH_SUMMARY]<br />
|default to the package summary of the first RPM specified on the command line<br />
|-<br />
|[-d PATCH_DESCRTIPON]<br />
|Long description, defaults to the package description of the first RPM specified on commandline<br />
|-<br />
|[-C CATEGORY]<br />
|Category for the patch. Defaults to recommended. Possible values: security, recommended, optional<br />
|-<br />
|[-p RPM_BASENAME<br />
[,rpm_basename...]<br />
|List of RPMs for this patch. You need at least one. More can be separated by commata. (Hint: check the dependency <br />
of a package to get an overview about needed packages for a patch.<br />
|-<br />
|[-u]<br />
|Run createrepo to update repository and take care of keeping the patch*xml files - use when augmenting existing repository <br />
with new patches. So your clients only need one Update-Repository - and you can fill it up with newer patches every day.<br />
|-<br />
|[-S]<br />
|Detached sign the repomd.xml file like SUSE does for official openSUSE update Repos.<br />
|-<br />
|[-I KEY_ID]<br />
|Key-id to use for signing the repomd.xml file, if not given gpg will use the default signing key of the user <br />
calling the script.<br />
|-<br />
|[-L LICENSE_FILE]<br />
|Add an EULA to the patch, read from the file specified. This EULA will be displayed bevor a patch will be installed. <br />
The user has to accept the EULA manually.<br />
|}<br />
<br />
Example: '''./createpatch -n "Security Update for foo and bar" -s "This patch solves CVE-000-0000" -d "An attacker could easily <br />
hack your computer using..." -C security -u -p foo,bar update/10.1/<br />
<br />
|-<br />
|'''create_repo_for_patch.sh'''<br />
|Generates a YUM repository out of a patchfile and an external repository containing the needed RPMs.<br />
<br />
{| border="1"<br />
|[-p]<br />
|Additional patch files (if not located in <target_directory>)<br />
|-<br />
|[-P]<br />
|Prefix for patchfiles (default: patch-). You should use something like your comany name or something similar to avoid <br />
problems for endusers. (They can install only one patchfile with the same name...)<br />
|-<br />
|[-S]<br />
|Detached sign the repomd.xml file, if not given gpg will use the default signing key of the user<br />
calling the script.<br />
|-<br />
|[-I KEY_ID]<br />
|Key-id to use for signing the repomd.xml file, if not given gpg will try to use the default signing key<br />
|-<br />
|[-v]<br />
|Be verbose.<br />
|}<br />
<br />
Example: '''./create_repo_for_patch.sh -S .'''<br />
<br />
WARING: create_repo_for_patch.sh will delete all files except patch files in the <target directory> !<br />
<br />
|-<br />
|'''mk_listings'''<br />
|Creates the files ARCHIVES.gz, INDEX.gz and ls-lR.gz. These files can be used to search for:<br />
<br />
* files in RPMs => ARCHIVES.gz<br />
* files on the media => INDEX.gz and ls-lR.gz<br />
<br />
Tools like [[SDB:A_Help_File_to_Help_Yourself#PIN|pin]] use these files - but you can also just '''zgrep <filename> INDEX.gz'''.<br />
|}</div>Msmeissnhttps://en.opensuse.org/index.php?title=SDB:System_upgrade&diff=175837SDB:System upgrade2023-06-07T15:27:46Z<p>Msmeissn: </p>
<hr />
<div>{{Migration navbar}}<br />
{{Intro|This guide shows how to use [[Portal:Zypper|Zypper]] to do a live distribution upgrade of openSUSE. <br />
When updating from 15.3 to 15.4: see [[SDB:System_upgrade_to_Leap_15.4]].<br />
}}<br />
{{Knowledge|<br />
*[[Portal:15.4|15.5]]<br />
*[[Portal:15.4|15.4]]<br />
*[[Portal:15.3|15.3]]<br />
*[[Portal:15.2|15.2]]<br />
*[[Portal:15.1|15.1]]<br />
*[[Portal:15.0|15.0]]<br />
*[[Portal:42.3|42.3]]<br />
*[[Portal:42.2|42.2]]<br />
*[[Portal:42.1|42.1]]<br />
|<br />
*[[SDB:Zypper_usage|Zypper usage]]<br />
*[[YaST Online Update]]<br />
|<br />
*[[YaST Software Management]]<br />
*[[SDB:Offline_upgrade]]<br />
*[[SDB:How_to_migrate_to_SLE]]<br />
}}<br />
<br />
----<br />
==Summary==<br />
This page explains how to run a series of command line steps to '''live upgrade''' your system to the latest version of openSUSE. A live upgrade from the prior version is officially supported. This allows to perform a complete operating system upgrade in place, without reloading everything from scratch.<br />
<br />
Doing a live upgrade has advantages as well as disadvantages over an offline-upgrade using an installation media.<br />
<br />
Among the advantages are:<br />
* You only download the packages that need to be upgraded, thus using a lot less bandwidth.<br />
* During the upgrade, you can still use your workstation (even if this is not recommended); the only downtime will be the reboot after the upgrade.<br />
* You do not have to use a DVD, nor do you need a DVD writer. You do not have to use a USB key. This because you boot your existing system, and install everything from the net.<br />
<br />
The disadvantages:<br />
* If, for any reason, the upgrade is interrupted (e.g. power outages, network disconnect) and the process cannot continue, you could be left with a broken system (that depends on where the process stopped of course).<br />
* If you have multiple systems to upgrade, you use bandwidth each time, so it might be better to download an ISO image.<br />
* It does not do all of the cleanup and maintenance that an offline DVD Upgrade does.<br />
<br />
If you are interested in an offline upgrade, a.k.a. traditional or DVD upgrade, read [[SDB:offline_upgrade|offline upgrade]].<br />
<!-- This upgrade method is safer and more versatile. Unless you have a good reason to do otherwise, use the [[SDB:offline_upgrade|offline upgrade]] method. --><br />
<br />
==Upgrading transactional-based system such as Leap Micro==<br />
<br />
Example of upgrade from e.g. Leap Micro 5.2 to Leap Micro 5.4 would be<br />
<br />
$ sudo transactional-update shell<br />
$ zypper --releasever 5.4 dup<br />
$ exit # exit the transactional shell<br />
$ reboot<br />
<br />
User have a brand new snapshot containing the upgrade version, while he has option to boot the previous btrfs snapshot in case upgrade didn't end up well.<br />
<br />
<br />
<br />
==Migration to a new Leap release==<br />
<br />
===General rules===<br />
<br />
* Make sure that you read the [[openSUSE:Most_annoying_bugs|list of annoying bugs]] for the new version you are going to install. Some of them could affect the update process. Usually, some solution or workaround is listed alongside the bug, so make sure that you are prepared for upcoming problems. Also, read the [[openSUSE:Release Notes|Release Notes]] which list changes and glitches in the new release.<br />
* All important data must be backed up prior to beginning the upgrade process.<br />
* You must update your system with the latest updates for the release you are currently running before upgrading the distribution. Note: for 15.3 specifically only the upgrade from a fully updated 15.2 is supported, as starting with 15.3 binaries from SLES are used. See the [https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.3/#sec.upgrade.152 release notes for Leap 15.3].<br />
* Do not skip a release when upgrading! Example: do ''not'' upgrade from 15.1 to 15.4. Instead, from 15.1 upgrade to 15.2, then to 15.3, and only then from 15.3 upgrade to 15.4.<br />
* The instructions here mainly cover upgrades 15.3 -> 15.4, but apply the same for 15.2 -> 15.3 as long as you substitute the version numbers in the commands respectively - if you upgrade from an earlier version (< 15.2), take note of the additional advice in the "Legacy migrations" section.<br />
<br />
=== Note about ports (non intel architectures) ===<br />
<br />
'''Users of Leap on ppc64le and aarch64 who migrated from to 15.3+ from older releases (before Closing the Leap Gap) are advised to remove all repositories having '/ports/' as part of URL a from their system'''. Existing ports repositories for Leap are just symlinks. This will ensure that they do not fetch the same data twice and will result in faster repo refresh. <br />
<br/><br />
Users on x86_64, s390x, and everyone who did a clean install of Leap after 15.3 (applies to all arches) are not affected.<br />
<br/><br />
All of the Leap rpms should be downloaded from the main oss repository,<br />
http://download.opensuse.org/distribution/leap/$releasever/repo/oss/<br />
also, from non-oss repository,<br />
http://download.opensuse.org/distribution/leap/$releasever/repo/-non-oss/<br />
and from update repositories, as specified in [https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.3/#installation-new-update-repos release-notes]. <br />
<br/><br />
This does not apply to Tumbleweed users, where Tumbleweed is still actively utilizing ports subproject for non-intel architectures.<br />
<br />
=== Backup ===<br />
We recommend to use btrfs based installation and snapper [[openSUSE:Snapper_Tutorial]] for effortless rollback.<br />
<br />
===Checking the current version===<br />
<br />
Find out what version of openSUSE you currently run as follows:<br />
<syntaxhighlight lang="bash">lsb_release -d</syntaxhighlight><br />
or<br />
<syntaxhighlight lang="bash">more /etc/os-release</syntaxhighlight><br />
<br />
=== Extra repositories handling ===<br />
<br />
The '''supported''' starting point is the last openSUSE Leap release with all current updates applied, but this does not include arbitrary openSUSE Build Service repositories you may have added. We recommend that you disable all OBS repositories first, perform the upgrade, then reenable them.<br />
<br />
Whilst zypper dup can now better handle extra repositories during an upgrade, it may be desirable to manually check if replacement repositories for the new release are available, and to either adjust the URLs in /etc/zypp/repos.d before the upgrade, or to re-add the repositories after the upgrade (see step 6).<br />
<br />
However, a system upgrade can be the perfect occasion to remove some repositories, as too many repositories complicates maintenance. For example, suppose we have some Xfce or Plasma repository we activated to get newer versions (say we needed a feature or correct a problem that was handled in a newer version): now would be the perfect occasion to revert to the mainline version. It would be the chance to consider removing all HOME repositories that we really do not need.<br />
<br />
Keep in mind however, that removing a repository causes the problem that every package that was installed from it will revert to another repository (if found), or deleted, or left at the old version, depending on the administrator choices. It may be a better method to leave the repository active if you do not intend to cleanup its packages immediately. A typical example would be Packman.<br />
<br />
Each repo we remove will cause zypper to ask what to do with packages installed from them during an update: keep or upgrade with vendor change. The policy would be "keep" if we intend to add back the repository after system upgrade, or "update" otherwise. We could use "--allow-vendor-change" but this may have unintended consequences as zypper will then evaluate if any package would be better to obtain a version from ''another'' repo, considering the priorities they have.<br />
<br />
Thus, you have to choose what road to take, as the administrator ;-)<br />
<br />
<!-- this was discouraged in another paragraph, hence commenting it here as well - I suggest revisiting why YaST is not recommended, as it would be easier for non-cli users<br />
===Graphical tool===<br />
See [[YaST_Online_Update|YaST Online Update]].<br />
--><br />
<br />
===Performing the upgrade===<br />
<br />
====0. New 4096 bit RSA signing key ====<br />
<br />
The new 4096 bit RSA signing key was also introduced as part of openSUSE Leap 15.5 as well as 15.4 via a maintenance update, additionally a new 4096 bit RSA backports key was introduced.<br />
<br />
Leap 15.4 users are expected to update their system prior to upgrade of 15.5.<br />
<br />
Users of 15.4 release currently need to import key manually with:<br />
rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc<br />
and also the new 4096 openSUSE Backports key needs to be imported:<br />
rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc<br />
<br />
Soon we will add automatic imports to Leap 15.4 additionally to allow seamless migration to Leap 15.5.<br />
<br />
You can grab the keys from here [https://build.opensuse.org/package/view_file/openSUSE:Leap:15.5/openSUSE-build-key/gpg-pubkey-25db7ae0-645bae34.asc?expand=1 2023 gpg-pubkey-25db7ae0-645bae34.asc] and [https://build.opensuse.org/package/view_file/openSUSE:Leap:15.5/openSUSE-build-key/gpg-pubkey-25db7ae0-645bae34.asc?expand=1 2023 gpg-pubkey-29b700a4-62b07e22.asc]<br />
<br />
<br />
====1. Update system to the latest packages====<br />
<syntaxhighlight lang="bash">zypper refresh</syntaxhighlight><br />
<syntaxhighlight lang="bash">zypper update</syntaxhighlight><br />
For more information, read [[SDB:Zypper_usage|Zypper Usage]].<br />
<br />
====2. Update the repos====<br />
Check if your Leap repos defined in /etc/zypp/repos.d/ are using the $releasever variable already. If they are still hard-coded with a particular Leap version number, then you need to modify them first. For example, assuming your current version is Leap 15.4, then this can be done with<br />
<br />
<syntaxhighlight lang="bash">sed -i 's/15.4/${releasever}/g' /etc/zypp/repos.d/*.repo</syntaxhighlight><br />
<br />
{{Warning| Due to '''Closing the Leap Gap''' some repos which had "openSUSE_Leap_${releasever}" for 15.3 may change target to just "${releasever}" for 15.4 ( from now on it will be the same for SLES and Leap so OBS don't need to keep two versions of binary identical rpm's). Obviously query above won't handle this so you will get "Repository 'xxxxx' is invalid." error.<br><br />
<br />
''Solution'' - follow repo URL but one level up from "openSUSE_Leap_15.3" and check available targets. If "15.4" is there just manually correct URL.}}<br />
<br />
====3. Refresh with the new repos====<br />
Switch and refresh all repositories to 15.5<syntaxhighlight lang="bash">zypper --releasever=15.5 refresh</syntaxhighlight><br />
<br />
====4. Execute the full distribution upgrade====<br />
Now execute the full distribution upgrade.<br />
<br />
{{Warning|It is strongly recommended that you run the upgrade outside the X-window graphical mode. Thus it is recommended you run the command from either runlevel 3 (text + network), or a virtual console. Unfortunately many times the WIFI connection is managed/available only in runlevel 5, so a virtual text console may be best while staying logged into the graphical console behind the scenes. People had their X session stopped/crashed during the upgrade, causing the upgrade to abort, which in turn left the system in an inconsistent state. To change to runlevel 3, see [[SDB:Switch_runlevel]]. To remain in runlevel 5, but use a "virtual console", type control-alt-F1 (as an example).<br />
}}<br />
<br />
<syntaxhighlight lang="bash">zypper --releasever=15.5 dup</syntaxhighlight><br />
With the above command, zypper will download all packages in advance - which is more reliable if your internet connection may fail. To download packages in heaps and install them in heaps, use: <br />
<syntaxhighlight lang="bash">zypper --releasever=15.5 dup --download-in-heaps</syntaxhighlight> <br />
<br />
Once the <code>dup</code> is finished, openSUSE sets the <code>releasever</code> variable to the new version.<br />
<br />
{{Info|If you did the above dist upgrade before the official release date (e.g. 2023-06-07 for Leap 15.5), you may have installed a Release Candidate (RC) or a milestone version and will need to repeat the final <code>zypper dup</code> step now to receive the final release.}}<br />
<br />
====5. Reboot====<br />
After upgrading, reboot the system.<br />
<br />
====6. (Optional) Add extra repositories====<br />
Search for updated openSUSE Leap 15.5 compatible third-party repositories that you used before&nbsp;— if you still need them&nbsp;— and add them. {{Warning|Use with caution. Using third-party repositories may break your system or cause instabilities.}} <syntaxhighlight lang="bash">zypper addrepo --name <name> <url> <alias></syntaxhighlight> Or, if you have URL of a .repo file: <syntaxhighlight lang="bash">zypper ar <url.repo></syntaxhighlight><br />
<br />
Executing <code>zypper up</code> may be enough to update your software from these extra repositories.<br />
<br />
====Afterwards====<br />
<br />
Discover and enjoy :)<br />
<br />
{{Info|In addition, <code>zypper up</code> can be run from time to time to ensure you have the latest available packages from the various repositories that you have enabled. YOU (Yast Online Update) only addresses security updates from the official repositories.}}<br />
<br />
<!-- should we remove this or adapt it to have instructions when upgrading from pre-15.3 \? hidden because it's not a good idea to mix the Leap stable upgrade with a testing upgrade<br />
== openSUSE Leap 15.3 alpha/beta/RC testing ==<br />
<br />
The above instructions will also allow you to update to any of the openSUSE Leap 15.3 candidate releases, simply by substituting the relevant (15.3) release version. Again remember that upgrades should be stepwise (ie 15.0, 15.1, 15.2 and only then to 15.3), and note that these releases are designed for testing with some packages in a state of flux. Your system users are the testers, so rapid feedback (via Bugzilla) is strongly encouraged.<br />
<br />
Please be aware that openSUSE Leap 15.3 ('''currently in beta and scheduled for final release in July 2021''') uses binaries from SUSE Linux Enterprise and therefore the upgrade from 15.2 to 15.3 involves a vendor change from openSUSE to SUSE LLC. Recent version of libzypp released in 15.2 treats SUSE and openSUSE signatures as equal so the should not be a need to explicitly allow vendor change.<br />
<br />
Users running older releases are advised users to explicitly allow vendor change.<br />
<br />
<syntaxhighlight lang="bash">zypper --releasever=15.3 dup --allow-vendor-change</syntaxhighlight><br />
<br />
or following which only does vendor change were necessary.<br />
<syntaxhighlight lang="bash">zypper --releasever=15.3 dup --no-allow-vendor-change --force-resolution</syntaxhighlight><br />
<br />
'''yast or zypper migrate should allow vendor change from openSUSE to SUSE LLC without explicit whitelist.'''<br />
--><br />
<!-- what happened to this \? - hidden because this is not working properly<br />
===Graphical tool===<br />
There is a [[YaST]] module called [[YaST wagon|Wagon]] to run the distribution upgrade with a graphical user interface ([[GUI]]).<br />
{{Warning|Keep in mind that the Wagon update is less tested than the command line method described above.}}<br />
Here is a quick walkthrough the 11.3->11.4 upgrade with [[YaST wagon|Wagon]]:<br />
* ensure you have yast2-wagon installed<br />
* make sure you have only 11.3 repositories enabled<br />
* start "<code>YaST2 wagon</code>" or use the YaST control center<br />
* when asked for a URL, choose "Custom URL" => "Specify URL" and give http://download.opensuse.org/distribution/11.4/repo/oss<br />
* follow the dialogs<br />
* after upgrade, ignore the message about contacting Novell Customer Center => click Abort<br />
* update all repositories to 11.4 as described above (e.g. with yast2 inst_source)<br />
* reboot<br />
--><br />
<br />
==Legacy migrations==<br />
<br />
===Upgrading from Leap < 15.2===<br />
<br />
====Check if the update repository exists and is enabled====<br />
<syntaxhighlight lang="bash">zypper repos --uri</syntaxhighlight><br />
Check if <tt>http://download.opensuse.org/update/leap/15.3/oss/</tt> exists in one of the ''URI'' column values, and '''Yes''' in column ''Enabled'', like the example below - substitute 15.3 with the respective version you are currently running:<br />
# | Alias | Name | Enabled | Refresh | URI<br />
---+-----------------+-----------------+---------+---------+----------------------------------------------------<br />
1 | repo-update | repo-update | Yes | Yes | http://download.opensuse.org/update/leap/15.3/oss/<br />
<br />
If the ''Enabled'' column says ''No'', enable it by issuing the command<br />
<syntaxhighlight lang="bash">zypper modifyrepo --enable repo-update</syntaxhighlight><br />
: where ‘repo-update’ is the name of the update repository.<br />
<br />
=====Adding the update-repository=====<br />
{{Info|''Applies: If your pre-upgrade system is 15.0 or older and the update repository does not already exist:.''}}<br />
<br />
<syntaxhighlight lang="bash">zypper addrepo --check --refresh --name 'openSUSE-Leap-15.0-Update' http://download.opensuse.org/update/leap/15.0/oss/ repo-update</syntaxhighlight><br />
: Replace 15.0 above with your current openSUSE version.<br />
<br />
Note: The openSUSE Leap 15.3 adds two additional update repositories one for openSUSE Backports and one for SUSE Linux Enterprise, these additional repositories are used during online installation and delivered to Leap 15.3 system via a maintenance update of openSUSE-release with Leap 15.3 GA. This is covered in depth in the Release notes.<br />
<br />
====Moving /var/cache to a separate subvolume====<br />
{{Info|''Applies: If the root file system is Btrfs and you're upgrading from Leap < 15.0.''}}<br />
<br />
/var/cache contains a lot of very volatile data, such as the Zypper cache with RPM packages in different versions for each update. As a result of storing data that is mostly redundant but highly volatile, the amount of disk space a snapshot occupies can increase very fast. For solving this problem move /var/cache to a separate subvolume:<br />
<br />
* Find out the device name of the root file system:<br />
<syntaxhighlight lang="bash">df /</syntaxhighlight><br />
*Identify the parent subvolume of all the other subvolumes. For openSUSE 15.1 installations, this is a subvolume named with @:<br />
<syntaxhighlight lang="bash">btrfs subvolume list / | grep '@'</syntaxhighlight><br />
* If the output of this command is empty, you do not have a subvolume named with @. In that case, you may be able to proceed with subvolume ID 5 which was used in older versions of openSUSE.<br />
* Mount the specific subvolume to a temporary mount point:<br />
<syntaxhighlight lang="bash">mount /dev/<root-device> -o subvol=@ /mnt</syntaxhighlight><br />
: If you don't have a @ in the subvolume name, mount subvolume ID 5 instead:<br />
<syntaxhighlight lang="bash">mount /dev/<root-device> -o subvolid=5 /mnt</syntaxhighlight><br />
* /mnt/var/cache can already exist and could be the same directory as /var/cache. To avoid data loss, move it:<br />
<syntaxhighlight lang="bash">mv /mnt/var/cache /mnt/var/cache.old</syntaxhighlight><br />
* Create a new subvolume:<br />
<syntaxhighlight lang="bash">btrfs subvol create /mnt/var/cache</syntaxhighlight><br />
* If there is now a directory /var/cache.old, move it to the new location:<br />
<syntaxhighlight lang="bash">mv /var/cache.old/* /mnt/var/cache</syntaxhighlight><br />
: If that is not the case, instead do:<br />
<syntaxhighlight lang="bash">mv /var/cache/* /mnt/var/cache/</syntaxhighlight><br />
* After moving (optionally) remove /mnt/var/cache.old:<br />
<syntaxhighlight lang="bash">rm -rf /mnt/var/cache.old</syntaxhighlight><br />
* Unmount the subvolume from the temporary mount point:<br />
<syntaxhighlight lang="bash">umount /mnt</syntaxhighlight><br />
* Add an entry to /etc/fstab for the new /var/cache subvolume. Use an existing subvolume as a template to copy from. Make sure to leave the UUID untouched (this is the root file system's UUID) and change the subvolume name and its mount point consistently to /var/cache.<br />
* Mount the new subvolume as specified in /etc/fstab:<br />
<syntaxhighlight lang="bash">mount /var/cache</syntaxhighlight><br />
<br />
==Migrating between architectures==<br />
Update from 32-bit openSUSE to Leap is not supported. Leap is 64-bit only. If your hardware has x86_64 support, you can upgrade Leap to 64-bit first. See [http://blog.sukimashita.com/2015/02/21/opensuse-32-bit-to-64-bit-update-fairy-tale/ 32-bit to 64-bit upgrade] - note these instructions have only been tested on 13.2 and may no longer be applicable.<br />
<br />
On the AArch64 architecture (64-bit ARM), upgrading from Leap 15.0 to Leap >= 15.1 is not supported. Please do a fresh installation on those systems.<br />
<br />
Be aware that, in principle, this upgrade process is considered “best effort” only. This means that due to some third-party packages and the myriad of possible configurations, it is possible for some combinations to cause failure upon upgrade.<br />
<br />
== Other migration scenarios ==<br />
<br />
==== Migration to openSUSE Tumbleweed ====<br />
<br />
Note: according to [https://lists.opensuse.org/opensuse-factory/2017-11/msg00363.html factory mail list] it has been tested in openQA direct upgrade from openSUSE 12.x to Tumbleweed (till snapshot 1101). Currently (Nov 2017) the process is tested from 13.x and 42.x directly to TW. However, this does not mean that you should do it! You could hit an unknown problem.<br />
<br />
==== Migration to SUSE Linux Enterprise ====<br />
<br />
If you're interested in migration from openSUSE Leap to SUSE Linux Enterprise. Then please follow [[SDB:How_to_migrate_to_SLE|our guide for migrating to SUSE Linux Enterprise]].<br />
<br />
<br />
<br />
<br />
<br />
[[Category:System_management]]<br />
{{IW|SDB:System_upgrade}}</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175621openSUSE:Signing Keys2023-06-05T13:27:06Z<p>Msmeissn: /* openSUSE Backports project signing key 4096 bit RSA */</p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. <br />
The openSUSE Containers are signed by both X.509 (PEM format) key (Notary and Sigstore/Cosign), and GPG format (Atomic method).<br />
<br />
The keys can be found in the <code>openSUSE-build-key</code> package on the media and are trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
zypper import will show this finger print:<br />
<pre><br />
Key Fingerprint: AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 4096<br />
Key Created: Mon 20 Jun 2022 04:03:14 PM CEST<br />
Key Expires: Fri 19 Jun 2026 04:03:14 PM CEST<br />
Rpm Name: gpg-pubkey-29b700a4-62b07e22<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
zypper import will show this fingerprint:<br />
<pre><br />
Key Fingerprint: F044 C2C5 07A1 262B 538A AADD 8A49 EB03 25DB 7AE0<br />
Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org><br />
Key Algorithm: RSA 4096<br />
Key Created: Wed 10 May 2023 04:46:12 PM CEST<br />
Key Expires: Sun 09 May 2027 04:46:12 PM CEST<br />
Rpm Name: gpg-pubkey-25db7ae0-645bae34<br />
</pre><br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
Note that it will soon switch over to a 4096 bit RSA key, also found on above page.<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
zypper import will show this fingerprint:<br />
<pre><br />
Key Fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 2048<br />
Key Created: Mon 05 May 2014 10:37:40 AM CEST<br />
Key Expires: Thu 02 May 2024 10:37:40 AM CEST<br />
Rpm Name: gpg-pubkey-3dbdc284-53674dd4<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Zypper import will show this fingerprint:<br />
<pre><br />
Key Fingerprint: 637B 32FF 3D83 F07A 7AE1 C40A 9C21 4D40 6517 6565<br />
Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org><br />
Key Algorithm: RSA 2048<br />
Key Created: Fri 26 Nov 2021 03:26:23 PM CET<br />
Key Expires: Sun 04 Feb 2024 03:26:23 PM CET<br />
Rpm Name: gpg-pubkey-65176565-61a0ee8f<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175618openSUSE:Signing Keys2023-06-05T13:26:10Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. <br />
The openSUSE Containers are signed by both X.509 (PEM format) key (Notary and Sigstore/Cosign), and GPG format (Atomic method).<br />
<br />
The keys can be found in the <code>openSUSE-build-key</code> package on the media and are trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
zypper import will show this finger print:<br />
<pre><br />
Key Fingerprint: AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 4096<br />
Key Created: Mon 20 Jun 2022 04:03:14 PM CEST<br />
Key Expires: Fri 19 Jun 2026 04:03:14 PM CEST<br />
Rpm Name: gpg-pubkey-29b700a4-62b07e22<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
Note that it will soon switch over to a 4096 bit RSA key, also found on above page.<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
zypper import will show this fingerprint:<br />
<pre><br />
Key Fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 2048<br />
Key Created: Mon 05 May 2014 10:37:40 AM CEST<br />
Key Expires: Thu 02 May 2024 10:37:40 AM CEST<br />
Rpm Name: gpg-pubkey-3dbdc284-53674dd4<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Zypper import will show this fingerprint:<br />
<pre><br />
Key Fingerprint: 637B 32FF 3D83 F07A 7AE1 C40A 9C21 4D40 6517 6565<br />
Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org><br />
Key Algorithm: RSA 2048<br />
Key Created: Fri 26 Nov 2021 03:26:23 PM CET<br />
Key Expires: Sun 04 Feb 2024 03:26:23 PM CET<br />
Rpm Name: gpg-pubkey-65176565-61a0ee8f<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175615openSUSE:Signing Keys2023-06-05T13:22:54Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. <br />
The openSUSE Containers are signed by both X.509 (PEM format) key (Notary and Sigstore/Cosign), and GPG format (Atomic method).<br />
<br />
The keys can be found in the <code>openSUSE-build-key</code> package on the media and are trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
finger print show by zypper:<br />
<br />
Key Fingerprint: AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 4096<br />
Key Created: Mon 20 Jun 2022 04:03:14 PM CEST<br />
Key Expires: Fri 19 Jun 2026 04:03:14 PM CEST<br />
Rpm Name: gpg-pubkey-29b700a4-62b07e22<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
Note that it will soon switch over to a 4096 bit RSA key, also found on above page.<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
Zypper import will show this fingerprint:<br />
<br />
Key Fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284<br />
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org><br />
Key Algorithm: RSA 2048<br />
Key Created: Mon 05 May 2014 10:37:40 AM CEST<br />
Key Expires: Thu 02 May 2024 10:37:40 AM CEST<br />
Rpm Name: gpg-pubkey-3dbdc284-53674dd4<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175612openSUSE:Signing Keys2023-06-05T12:57:21Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. <br />
The openSUSE Containers are signed by both X.509 (PEM format) key (Notary and Sigstore/Cosign), and GPG format (Atomic method).<br />
<br />
The keys can be found in the <code>openSUSE-build-key</code> package on the media and are trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
Note that it will soon switch over to a 4096 bit RSA key, also found on above page.<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175609openSUSE:Signing Keys2023-06-05T12:56:18Z<p>Msmeissn: /* openSUSE Leap SLE imports signing key */</p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
Note that it will soon switch over to a 4096 bit RSA key, also found on above page.<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175606openSUSE:Signing Keys2023-06-05T12:55:44Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
= openSUSE Leap SLE imports signing key =<br />
<br />
The openSUSE Leap 15.x SLE import signing key is the 2048 bit RSA key, and can be found on https://www.suse.com/support/security/keys/<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175603openSUSE:Signing Keys2023-06-05T12:54:47Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5, and in openSUSE Tumbleweed and other openSUSE products from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with openSUSE Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
<br />
= openSUSE Container signing key 4096 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PUBLIC KEY-----<br />
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJRIkfQgDmhI1JcK0pVZ<br />
nanqmzDl0gzKufrv3yBXT+IgHPa+R+oc/3+GL/9qwQcqOiQmQu8QsTwRzYmjXdQy<br />
tFnVW6VhgfZ+Lx/c80/A8X+OViu0DfZeX/in0kQ57+3v599q7tgFZamvSKO/wofS<br />
F1XhkrY5f+qPmP+2Yp0FJ0JBh1iuo/rI4CMU2HrCAXGEl8aXY3cNFxx8sikIqrQ8<br />
vKFwC1hjyWEcArE4hBAlWMzPmufunnf80cTiqXxdlfkNStphuS0Pq8Rqy91VjXIN<br />
42YzzEGwuEDPHK9m95qxNngRIUrRdIkUuarjCzBszcaHDASZTs+rJ0ixr4vF691M<br />
zJHp7n7saLRwP+5XDZqNhNhwK0eIj8y5GXteLy77DF4DNvT5FzYBIfi9EEhWqU0V<br />
G+2XsAaTdW+z/huIHGFMpjL8GmPVxwCN44Vis5cqvbiCSDXU00wQdUenugkKXosm<br />
t+9QFAjRgmQ6oS+t4B1b1YGVTEKX/DY2Ljdpt0jiukkqtZ5zJFhN5NkVnOah5YN/<br />
BzqFquBvkgjElsguIn3/jm/K1VrlLZohMWLSzpP4XTR+5UbVHY8CgkiDpWHgCv3u<br />
//Rgf3ypbtGTRQa8KchlTIHz5gg212YkIZIRPAbYt27S+RwcWJjZY89ZzGxAoLRE<br />
L+j4LNW8YA2jWhlbJWL+9t8CAwEAAQ==<br />
-----END PUBLIC KEY-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in PEM format.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGQ5DP8BEADAlEiR9CAOaEjUlwrSlVmdqeqbMOXSDMq5+u/fIFdP4iAc9r5H<br />
6hz/f4Yv/2rBByo6JCZC7xCxPBHNiaNd1DK0WdVbpWGB9n4vH9zzT8Dxf45WK7QN<br />
9l5f+KfSRDnv7e/n32ru2AVlqa9Io7/Ch9IXVeGStjl/6o+Y/7ZinQUnQkGHWK6j<br />
+sjgIxTYesIBcYSXxpdjdw0XHHyyKQiqtDy8oXALWGPJYRwCsTiEECVYzM+a5+6e<br />
d/zRxOKpfF2V+Q1K2mG5LQ+rxGrL3VWNcg3jZjPMQbC4QM8cr2b3mrE2eBEhStF0<br />
iRS5quMLMGzNxocMBJlOz6snSLGvi8Xr3UzMkenufuxotHA/7lcNmo2E2HArR4iP<br />
zLkZe14vLvsMXgM29PkXNgEh+L0QSFapTRUb7ZewBpN1b7P+G4gcYUymMvwaY9XH<br />
AI3jhWKzlyq9uIJINdTTTBB1R6e6CQpeiya371AUCNGCZDqhL63gHVvVgZVMQpf8<br />
NjYuN2m3SOK6SSq1nnMkWE3k2RWc5qHlg38HOoWq4G+SCMSWyC4iff+Ob8rVWuUt<br />
miExYtLOk/hdNH7lRtUdjwKCSIOlYeAK/e7/9GB/fKlu0ZNFBrwpyGVMgfPmCDbX<br />
ZiQhkhE8Bti3btL5HBxYmNljz1nMbECgtEQv6Pgs1bxgDaNaGVslYv723wARAQAB<br />
tERvcGVuU1VTRSBDb250YWluZXIgU2lnbmluZyBLZXkgPGJ1aWxkLWNvbnRhaW5l<br />
ci0yMDIzMDRAb3BlbnN1c2Uub3JnPokCVAQTAQgAPhYhBPmGHzlqIRNKhVSYBPxr<br />
ygbWhK/sBQJkOQz/AhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ<br />
EPxrygbWhK/sAwUP/A803yOTrsE5ppcEAp3yGSeXR3HQo0fIqh+QFJO76W7vF/Ar<br />
eZnxPWL3AOOB+wNccdklZXhQKL4eQ29Ggekp2/RWTyx4BBM//SID+td7KZjZH/KC<br />
Z6kBBy+IzSBQCCIrdDm83agob/Kcp9RJX5A06dgGyGhMxXYpld3mcCjFETHXIb5U<br />
JvsSC+06eEsbwNqH0se2T/5zJ8v9xjcMDC+otLmh3+SjyC/7t8YaKxyqobf2f5nl<br />
GM3ts7UDBQdqxBb0ZRxXsLCdiRrOt6l5imczczi1GA/Dce3KE/V9A2LNifns4eQI<br />
GLVrZ36litKC1+b5AXblLU5ZmJN24IEQj699GCYiPGaZS64IE1eVD8WX+N6vgI+c<br />
BqthN/Z4B3iJ9dBviXvK098/bXjzUVjQubvfT827tO2xnbNE5gzUA5bAZjQLVJm/<br />
b9mZJuKLOJePoqGYvmMVBtLz5xZYH68dncZAf+OQNZ5T7F+M1gfsq8W+FYvm6ILN<br />
Xyh29fY+29H25A7v8WITT/SzpxYJrNRHck8Ua9M0foj2GLIf6FEROJHEZ4+xvu11<br />
XaABkqvjdNluflDP0PXP5fcY9QkMvtlW6cQNzMYZnn7MTb7dxow5ysEGcE0rrKrC<br />
F9zTwOvctMqlu0dndhntKRhdNgm8lKrg1xTJg7EOWQFKeQiWQKdY0Qk9vi3/<br />
=sRjv<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
Use for containers from https://registry.opensuse.org/ starting mid 2023, in GPG format.<br />
<br />
<br />
= openSUSE Container signing key 2048 bit RSA =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBFrjEWoBCADEJttox1LVpcP2YIsLIO5qKmwfMhyjSQ+L4ETztnFRLKFIlin4<br />
19Tic/llF9ymQr2MxlKlRgdzFZ9ScH1rg52bmWdxy+2TZ8JIsSV4XyfSTZJvM+nX<br />
YGxEQBJrYlcRfC5he0tBGTEwG+hp6kXH563F+XU4uzGUmh1rBhavDsWjeMo9sjaf<br />
sqn66JAJnxJrQOcqjNvazYjppEjFzye/Haqu2r5cnD/bPnMvQEZtpN1jznWkIha2<br />
DdapVZq2b/SmdTMV7zHRqQvhERU2uS4SFLNopyt/cwujj3XTWqCArvQgRTaiHAiL<br />
4HY3lUpDWH9pmxT+yu5f7FINc+prRmvnQ1YpABEBAAG0PW9wZW5TVVNFIENvbnRh<br />
aW5lciBTaWduaW5nIEtleSA8YnVpbGQtY29udGFpbmVyQG9wZW5zdXNlLm9yZz6J<br />
AT4EEwECACgFAlrjEWoCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA<br />
AAoJENdUaU+atIzpdt0H/A5j9B7feqTRK49TWIsgKTELG+6ac4WL+uvZs4HmUPgO<br />
Me9fkQvmJtPMGQT3awCSejEHuvq7sMsOOAXJ3loVDNkJWOtkohRyJf6++lvzL24v<br />
ApbzSLfxa1intscyoJ0g8A2V+NzG428cMAzL5Rnf1ckimDkwOgjFBTDqwq1nPFDQ<br />
+01wAenDPLduLAS65+urmMEOIhoBB3Opc5fqPKWU+w8qav8YfYUjaQcAfGeswt+6<br />
m54VXYk8prmCuSfFHq9Yi8T2+VMcIEdHQYOn4nVhzNY9mTzJ4CCGYdLhap4/P8/x<br />
HuiUuVrARHeCoTiQSc1FwjT1QXaU+yYk1SLFi0LaPgQ=<br />
=Klfs<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
Use for containers from https://registry.opensuse.org/, in GPG format.<br />
<br />
<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to openSUSE Leap 15.4, and in openSUSE Tumbleweed and related products up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to openSUSE Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175570openSUSE:Signing Keys2023-06-05T08:01:28Z<p>Msmeissn: /* old openSUSE Backports signing key 2048 bit RSA */</p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with Leap 15.5, and in Tumbleweed from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to Leap 15.4, and in Tumbleweed up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key is used up to Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175567openSUSE:Signing Keys2023-06-05T07:59:14Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA =<br />
<br />
This key is used starting with Leap 15.5, and in Tumbleweed from begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA =<br />
<br />
This key is used starting with Leap 15.5.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA =<br />
<br />
This key was used up to Leap 15.4, and in Tumbleweed up to begin of 2023.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA =<br />
<br />
This key was used up to Leap 15.4.<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175564openSUSE:Signing Keys2023-06-05T07:57:50Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023)=<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA (used starting with Leap 15.5) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA (used up to Leap 15.4, and in Tumbleweed up to begin of 2023) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA (used up to Leap 15.4) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
This key is in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175561openSUSE:Signing Keys2023-06-05T07:46:19Z<p>Msmeissn: </p>
<hr />
<div>__toc__<br />
The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023)=<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA (used starting with Leap 15.5) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA (used up to Leap 15.4, and in Tumbleweed up to begin of 2023) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA (used up to Leap 15.4) =<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.<br />
<br />
</pre></div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175558openSUSE:Signing Keys2023-06-05T07:45:26Z<p>Msmeissn: </p>
<hr />
<div>The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023)=<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA (used starting with Leap 15.5)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA (used up to Leap 15.4, and in Tumbleweed up to begin of 2023)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA (used up to Leap 15.4)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.<br />
<br />
</pre></div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175555openSUSE:Signing Keys2023-06-05T07:45:12Z<p>Msmeissn: </p>
<hr />
<div>The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA (used starting with Leap 15.5)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA (used up to Leap 15.4, and in Tumbleweed up to begin of 2023)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</pre><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA (used up to Leap 15.4)<br />
<br />
<pre><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.<br />
<br />
</pre></div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Signing_Keys&diff=175552openSUSE:Signing Keys2023-06-05T07:44:09Z<p>Msmeissn: Created page with "The deliveries of openSUSE are signed cryptographically. The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key. The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation. Following keys are in use: = openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023) <nowiki> -----BEGIN PGP PUBLIC KEY BLOCK----- Version:..."</p>
<hr />
<div>The deliveries of openSUSE are signed cryptographically.<br />
<br />
The RPM and repositories are signed by GPG Keys. The openSUSE Containers are signed by a standard X.509 key.<br />
<br />
The keys are found in the <code>openSUSE-build-key</code> package on the medium and trusted by default during installation.<br />
<br />
Following keys are in use:<br />
<br />
= openSUSE project signing key 4096 bit RSA (used from 15.5, and in Tumbleweed from begin of 2023)<br />
<br />
<nowiki><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQINBGKwfiIBEADe9bKROWax5CI83KUly/ZRDtiCbiSnvWfBK1deAttV+qLTZ006<br />
090eQCOlMtcjhNe641Ahi/SwMsBLNMNich7/ddgNDJ99H8Oen6mBze00Z0Nlg2HZ<br />
VZibSFRYvg+tdivu83a1A1Z5U10Fovwc2awCVWs3i6/XrpXiKZP5/Pi3RV2K7VcG<br />
rt+TUQ3ygiCh1FhKnBfIGS+UMhHwdLUAQ5cB+7eAgba5kSvlWKRymLzgAPVkB/NJ<br />
uqjz+yPZ9LtJZXHYrjq9yaEy0J80Mn9uTmVggZqdTPWx5CnIWv7Y3fnWbkL/uhTR<br />
uDmNfy7a0ULB3qjJXMAnjLE/Oi14UE28XfMtlEmEEeYhtlPlH7hvFDgirRHN6kss<br />
BvOpT+UikqFhJ+IsarAqnnrEbD2nO7Jnt6wnYf9QWPnl93h2e0/qi4JqT9zw93zs<br />
fDENY/yhTuqqvgN6dqaD2ABBNeQENII+VpqjzmnEl8TePPCOb+pELQ7uk6j4D0j7<br />
slQjdns/wUHg8bGE3uMFcZFkokPv6Cw6Aby1ijqBe+qYB9ay7nki44OoOsJvirxv<br />
p00MRgsm+C8he+B8QDZNBWYiPkhHZBFi5GQSUY04FimR2BpudV9rJqbKP0UezEpc<br />
m3tmqLuIc9YCxqMt40tbQOUVSrtFcYlltJ/yTVxu3plUpwtJGQavCJM7RQARAQAB<br />
tDRvcGVuU1VTRSBQcm9qZWN0IFNpZ25pbmcgS2V5IDxvcGVuc3VzZUBvcGVuc3Vz<br />
ZS5vcmc+iQI+BBMBAgAoBQJisH4iAhsDBQkHhM4ABgsJCAcDAgYVCAIJCgsEFgID<br />
AQIeAQIXgAAKCRA1ovhuKbcApKRrEACJMhZhsPJBOkYmANvH5mqlk27brA3IZoM4<br />
8qTzERebzKa0ZH1fgRI/3DhrfBYL0M5XOb3+26Ize0pujyJQs61Nlo1ibtQqCoyu<br />
dvP/pmY1/Vr374wlMFBuCfAjdad4YXkbe7q7GGjo6cF89qtBfTqEtaRrfDgtPLx/<br />
s9/WXLGo0XYqCCSPVoU66jQYNcCt3pH+hqytvntXJDhU+DveOnQCOSBBHhCMST3E<br />
QvriN/GnHf+sO19UmPpyHH0TM5Ru4vDrgzKYKT/CzbllfaJSk9cEuTY8Sv1sP/7B<br />
Z7YvOE0soIgM1sVg0u3R/2ROx0MKoLcq7EtLw64eE+wnw9bHYZQNmS+J/18p7Bo8<br />
I7e+8WRi+m/pus5FEWsIH1uhxKLgJGFDTHHGZtW+myjnUzXVIkpJGrKoolzYjHdK<br />
lRYM2fVuNI1eq6CZ6PFXg2UxovVczSnGMO33HZE09vpgkRDBrw1vF0o/Wnm02kig<br />
V6xYHk5wJx8vL74wPvCbw73UNT9OSdxYAz7JPqGOD6cpKe7XcAH2sYmlGpggAIUz<br />
Rq/lROEF5lx4SxB838JU4ezxD++BJXfBTE8JZmlGscXv74y9nCtSOZza8KOKj8ou<br />
WRl739FMnx9jRd7HHj3TIyymoveODnZ7f3IElyyFsjBW3XuQ9XfpZrIkwHuaZV5M<br />
6q2h+hgWNQ==<br />
=nMh8<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</nowiki><br />
<br />
This key is also in the "openSUSE-build-key" package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-29b700a4-62b07e22.asc</code><br />
<br />
= openSUSE Backports project signing key 4096 bit RSA (used starting with Leap 15.5)<br />
<br />
<nowiki><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
<br />
mQINBGRbrjQBEACwmRL/YrGlEi8SWHrg16phvxyM0Lr4BMNmmVVS0EajOVT6sh7O<br />
eOz772YH115o88Oe6y5sZXhzb2q8xZFl4YNBEbB+/JY2Ep5AHje5aQxOMdS6a3G+<br />
CmohxuJjGQeY0mRP2G6uokgwqLM2LrJVKgO6zPYkb201vk9T89gj0tLCJOpuAZvy<br />
eUPNqIiXc2h+hm47rw0ZzpVJttczH7RRTLrpobPs6igIQsK96uZNYriiRaI8XVOL<br />
N2Oj5xhCkM5ksSeCsbVa3fCG38+I30R/Vd+doqeJ0GFej6fCF/e5nFWM/Q39tLa9<br />
GNxTLpO1PuNGa+Pk+QimOPwcMhJsR/2fUK1HNTOqJlPbMs4RfdeNvm1HvuiPQOoq<br />
q+WMIgNc1vbEDOyuLJBtwoZX4U6k7c+1XZimWkJMrgpg2da/WwMJ3Mx6crTe9lz1<br />
l+lQZuDB35c3zkHDRWeeNpHqTXZFx1jhZt44wprkpiCMMFsc1CNdwJPh+ARAFWD3<br />
B0q8aCWsNwFhwf/0EOEFJUd8kgC3lEwcArxyAwqxfLnnPq6qdLtS2yNZVnX/uzEU<br />
k5FWcjPaXFsTgryzK+xKJAQ8VDgb2kqkI7PHbkyWJozMukXz92yZXS5CMqYTfxzs<br />
uv1L4QHf8UO+9jGhyd9Wfr6ZxbRbsAk0rW5LnPG9V4SaqwPSC1Kl1gh3LwARAQAB<br />
tEZvcGVuU1VTRTpCYWNrcG9ydHMgT0JTIFByb2plY3QgPG9wZW5TVVNFOkJhY2tw<br />
b3J0c0BidWlsZC5vcGVuc3VzZS5vcmc+iQJUBBMBCAA+FiEE8ETCxQehJitTiqrd<br />
iknrAyXbeuAFAmRbrjQCGwMFCQeEzgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA<br />
CgkQiknrAyXbeuBchRAAobGt3EQ+lnrXNDnh36Y85NfAqUJ5WdhTSa1IauLbK6nH<br />
kd5i2qaCBteH/fxOaVZYGxPASdjlSyfJxCrrAMp0oAMr+w2sFMmiyREQTMmlIK2f<br />
61AkoY4iHKmKl0LfjmWZKublQn8C9DZShHxYZgawvsAB06rDRA8tn1W1Pf+7TfvD<br />
rRZFekWxu/panUaoh4H8nNfuBrxjliSerAsOM1drIdgdfMPMWjSgsNepPoH4ty2W<br />
yalbiZqztvRSY3/KDN3qoZ60Ba7hhiqod3/7iqYHQPLl5z/kPwcSNtKX1HPyS/BQ<br />
2nNrgrxjoI7Nzlk/VEhHuaBpxkVcIy2hekTqwhVxtQf1/FsNIxbckVNs3ns3sJbB<br />
HUEzvr++P+cmIUIzjX9vTxbQZF417p4nQ16F0onXaXKy5xjgEwY2nmIdsKA2i1Lx<br />
tnHxr6cV4uoYLWDCIkbJksulcenT7yCJCyMJXZoI7ItzsGt+F7tbK5PFtZBUZNrC<br />
8RgTUWPexEQuTWCx3VhMzh/N0vUxps8QOzuLtUBwSZfb3FxQysO+pB636ge5CNJa<br />
JycaO8squEGsZIyNhekHyaLEmmXrmjghTQ3t9IXsIM69+AUjzbbq3bi3L+Cv1REP<br />
BNEont7uB9w9fTjgcR6TkHGhOcQ4EvDC+XLLAa1ySbbRnQvDnxtNPtgzIKNA5Sg=<br />
=IXOI<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</nowiki><br />
<br />
This key can be found on openSUSE Leap 15.5 and newer in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-25db7ae0-645bae34.asc</code>.<br />
<br />
= old openSUSE project signing key 2048 bit RSA (used up to Leap 15.4, and in Tumbleweed up to begin of 2023)<br />
<br />
<nowiki><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.15 (GNU/Linux)<br />
<br />
mQENBEkUTD8BCADWLy5d5IpJedHQQSXkC1VK/oAZlJEeBVpSZjMCn8LiHaI9Wq3G<br />
3Vp6wvsP1b3kssJGzVFNctdXt5tjvOLxvrEfRJuGfqHTKILByqLzkeyWawbFNfSQ<br />
93/8OunfSTXC1Sx3hgsNXQuOrNVKrDAQUqT620/jj94xNIg09bLSxsjN6EeTvyiO<br />
mtE9H1J03o9tY6meNL/gcQhxBvwuo205np0JojYBP0pOfN8l9hnIOLkA0yu4ZXig<br />
oKOVmf4iTjX4NImIWldT+UaWTO18NWcCrujtgHueytwYLBNV5N0oJIP2VYuLZfSD<br />
VYuPllv7c6O2UEOXJsdbQaVuzU1HLocDyipnABEBAAG0NG9wZW5TVVNFIFByb2pl<br />
Y3QgU2lnbmluZyBLZXkgPG9wZW5zdXNlQG9wZW5zdXNlLm9yZz6JATwEEwECACYC<br />
GwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCU2dN1AUJHR8ElQAKCRC4iy/UPb3C<br />
hGQrB/9teCZ3Nt8vHE0SC5NmYMAE1Spcjkzx6M4r4C70AVTMEQh/8BvgmwkKP/qI<br />
CWo2vC1hMXRgLg/TnTtFDq7kW+mHsCXmf5OLh2qOWCKi55Vitlf6bmH7n+h34Sha<br />
Ei8gAObSpZSF8BzPGl6v0QmEaGKM3O1oUbbB3Z8i6w21CTg7dbU5vGR8Yhi9rNtr<br />
hqrPS+q2yftjNbsODagaOUb85ESfQGx/LqoMePD+7MqGpAXjKMZqsEDP0TbxTwSk<br />
4UKnF4zFCYHPLK3y/hSH5SEJwwPY11l6JGdC1Ue8Zzaj7f//axUs/hTC0UZaEE+a<br />
5v4gbqOcigKaFs9Lc3Bj8b/lE10Y<br />
=i2TA<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
</nowiki><br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-3dbdc284-53674dd4.asc</code>.<br />
<br />
= old openSUSE Backports signing key 2048 bit RSA (used up to Leap 15.4)<br />
<br />
<nowiki><br />
-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)<br />
<br />
mQENBFVoS3UBCAC2SATmg4+9L7G0FVrtWC34ltD+FUeaBbqcEn9mlFTJRSNcGdRd<br />
0/lXOmTTIq0j7yxPXebyrEmMEDJ6wSdvH8seeO41iYe8dim0/qdlan7tRTkYiQVH<br />
uMzwvyhF2wRgN0/GM+4/ELYV7+YMrHn1Ty5l0N6g4mTpe0OM5xCf0j3H/pAG40cv<br />
y6+hMcmHTvEHrbH4+fJZxbPkV18BGCEWFAZlS5e+1M6STm4+FXKSX26oeYL/ZkT7<br />
FkQGEyLMIqBSYMVV+ooidONy1Ct0WsgwKk+c0myZ2ZWgUoE1FhUeZgWXD3t3eJbV<br />
6L1dMX3o51NX8nb6YcV3GYXObjjvIgFVnnnNABEBAAG0Rm9wZW5TVVNFOkJhY2tw<br />
b3J0cyBPQlMgUHJvamVjdCA8b3BlblNVU0U6QmFja3BvcnRzQGJ1aWxkLm9wZW5z<br />
dXNlLm9yZz6JAT4EEwECACgFAmGg7o8CGwMFCRBXUxoGCwkIBwMCBhUIAgkKCwQW<br />
AgMBAh4BAheAAAoJEJwhTUBlF2VlB14H/3XlaiL/2FwRRkrh9VIiBk90pz50C4DJ<br />
BitxFzJX5rDFKkzijizqxeIn+5kjgCsvtsCgfXWC1zY1nAeJn0/KRbIcyNskpZ2c<br />
+mHg9931z7zztwX5N7TcgPOCyhGGgrPs8I3K4t3qyECT0OnG5wVYuENzJBHi9POI<br />
IkGcrjTSxgi1M3HMbcGXQsNc+W08M8HIMS3rnEh6QSCIC8c9hjos22k1W52WdxrK<br />
//qj9+08hn2O3R+UBKqrMokGR1oFwYPXVqte5oSw1JZ9+j8/jm+b3jG2j3o3eAIr<br />
uGOZrgQnImXZxcWfZaplFmdcXT8f5mBuJ5VzlVZxvxJ+lVzaFZLNJwOIRgQTEQIA<br />
BgUCVWhLdgAKCRA7MBG3a51lI3xLAKCqjianm4ZKLCxspXHKvPI1UKlfGwCfXj6l<br />
bd2KrM801FeRkNevZOyNdxM=<br />
=9UDk<br />
-----END PGP PUBLIC KEY BLOCK-----<br />
<br />
This key was in the openSUSE-build-key package in <code>/usr/lib/rpm/gnupg/keys/gpg-pubkey-65176565-61a0ee8f.asc</code>.<br />
<br />
</nowiki></div>Msmeissnhttps://en.opensuse.org/index.php?title=Portal:OpenSUSE:Roadmap&diff=166967Portal:OpenSUSE:Roadmap2022-06-15T08:53:19Z<p>Msmeissn: </p>
<hr />
<div>== How often gets Leap Micro updated? ==<br />
Leap Micro is one of our low maintenance projects and each supported version receives maintenance updates once per quarter.<br />
Leap Micro has a 6 months release cadence. Support until the next next release is released.<br />
<br />
<br />
These are done simply by rebuilding product media and related [https://download.opensuse.org/distribution/leap-micro/5.2/product/repo/ product FTP repositories for Intel and Arm].<br />
<br />
We can trigger an ad-hoc rebuild in case of an important CVE.<br />
<br />
Ideal cadence would be once month, but openSUSE release team does not have capacity do so for multiple supported Leap Micro releases in parallel. More than once a month doesn't make much sense for given package set and the low maintenance nature of the project.<br />
<br />
There is now also a SLE imported updates update channel to catch up on SLE Micro updates into openSUSE Leap Micro. {http://download.opensuse.org/update/leap-micro/5.2/sle/ SLE Micro Update repo].<br />
<br />
== Roadmap ==<br />
<br />
<br />
[[Category:LeapMicro]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=165130openSUSE:Maintenance update process2022-04-13T14:37:30Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.3:</b><br />
<br />
openSUSE Leap 15.3 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.3:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.3:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP3:Update): all non SLE packages in openSUSE Leap 15.3<br />
* SLE repo (via download.opensuse.org/update/leap/15.3/sle/): all SLE imported binary packages for openSUSE Leap 15.3<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.3:Update or openSUSE:Backports:SLE-15-SP3:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there.<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.3:</b><br />
http://download.opensuse.org/update/leap/15.3-test/<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]<br />
<br />
==Patchinfo==<br />
<br />
The part of openSUSE Leap that comes from SLE) is using patchinfos and dedicated channels now. for that part there are no differences with SLE in how we deliver updates. We have some blocklists for filtering out things that are not supposed to land on Leap.<br />
<br />
(IBS internal service links)<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.3<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.4<br />
<br />
And for the blocklist, it is embedded in the perl generator script for updates: (hosted on SUSE internal gitlab). <br />
<br />
[https://gitlab.suse.de/maintenance/tools.git SUSE internal gitlab - tools] generate-leap-15.3-channel.pl / generate-leap-15.4-channel.pl<br />
<br />
==Videos / Slides==<br />
<br />
[https://vimeo.com/482294939 SFScon 2020 - Marina Latini - openSUSE maintenance updates]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=165127openSUSE:Maintenance update process2022-04-13T14:36:25Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.3:</b><br />
<br />
openSUSE Leap 15.3 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.3:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.3:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP3:Update): all non SLE packages in openSUSE Leap 15.3<br />
* SLE repo (via download.opensuse.org/update/leap/15.3/sle/): all SLE imported binary packages for openSUSE Leap 15.3<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.3:Update or openSUSE:Backports:SLE-15-SP3:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there.<br />
<br />
<b>openSUSE Leap 15.2:</b> (requires ''osc-plugin-origin'' package)<br />
<br />
$osc origin --project openSUSE:Leap:15.2 package $package<br />
<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.2:</b><br />
http://download.opensuse.org/update/leap/15.2-test/<br />
<br />
<b>openSUSE Leap 15.1:</b><br />
http://download.opensuse.org/update/leap/15.1-test/<br />
<br />
<b>openSUSE Leap 15.0:</b><br />
http://download.opensuse.org/update/leap/15.0-test/<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]<br />
<br />
==Patchinfo==<br />
<br />
The part of openSUSE Leap that comes from SLE) is using patchinfos and dedicated channels now. for that part there are no differences with SLE in how we deliver updates. We have some blocklisting for filtering out things that are not supposed to land on Leap<br />
<br />
(IBS internal service links)<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.3<br />
* https://build.suse.de/package/show/SUSE:Channels/openSUSE-SLE_15.4<br />
<br />
And for the blocklist, it is embedded in the perl generator script for updates: (hosted on SUSE internal gitlab). <br />
<br />
[https://gitlab.suse.de/maintenance/tools.git suse internal gitlab - tools] generate-leap-15.3-channel.pl / generate-leap-15.4-channel.pl<br />
<br />
==Videos / Slides==<br />
<br />
[https://vimeo.com/482294939 SFScon 2020 - Marina Latini - openSUSE maintenance updates]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Wine&diff=159603Wine2021-09-20T12:10:38Z<p>Msmeissn: update available wine repo list... just 15.1->15.3 and tumbleweed currently</p>
<hr />
<div>{{Intro|[http://www.winehq.org/ Wine] is an open-source implementation of Windows API for Linux. This enables you to run your favorite Windows programs on Linux.<br />
<br />
Wine makes Linux "pose" as Windows. Unlike VMWare, Xen and others which pretend to be a computer, on which you then run the real Microsoft Windows as you would on a physical machine, Wine instead just pretends to be Windows, by offering applications the Windows API and functions they use, and mapping them to the corresponding Linux API.<br />
<br />
Given that Wine pretends to be Windows, and Windows is complex and convoluted, this posing works only to a certain degree, and varies a lot depending on which Windows application you use, which functions it uses and how complete the Wine implementation is. You can check the [http://appdb.winehq.org/ Wine Application Database] for other people's experiences with your application.<br />
Both regular office apps and games are supported by the standard Open-Source Wine shipped with openSUSE.<br />
There are also some non-free versions of Wine which support other applications.}}<br />
<br />
__TOC__<br />
<br />
== Use ==<br />
<br />
Of course, Wine needs to be installed, see Repositories below.<br />
<br />
To use the Windows program, first Linux needs to have access to it. The preferred (more reliable and secure) way is to install it from the Windows program's installation CD, by running the setup.exe with Wine, i.e. when openSUSE recognizes the inserted CD and opens it in Konqueror, you just click on setup.exe.<br />
<br />
By default, the emulated drive C: will be a directory on the Linux partition, and you can install your program there. You don't need to have Microsoft Windows installed nor to access any possibly existing Windows partition.<br />
<br />
Afterwards, you start the program via one of the ways listed below.<br />
<br />
=== From Konqueror/Nautilus ===<br />
<br />
You should be able to just click on a Windows .exe file in your file manager (e.g. Konqueror). That should start the program in Wine (TODO verify common file managers).<br />
<br />
CDs that you insert should appear under /media/, and the C: drive in Wine is mapped by default to <code>~/.wine/drive_c/</code> - paste that in your Konqueror address bar and make a bookmark.<br />
<br />
=== From shell ===<br />
<br />
If you open a [[SDB:What_is_a_console|terminal]] (e.g. Konsole or Gnome Terminal), you can also type <code>wine "<i>/media/dvd/setup.exe</i>"</code> or <code>wine "<i>/media/c/Program Files/Mozilla Firefox/firefox.exe</i>"</code>, where the <i>italics</i> part is the path to the program you want to start, and it depends on your system and your application. The quotes are needed if you have spaces in the pathname.<br />
<br />
=== From start menu ===<br />
<br />
Most Windows programs will create menu and desktop entries during their installation and these will show up in either the GNOME or KDE start menus somewhere.<br />
<br />
If you want to have an entry for the program in your start / KDE / SuSE menu, you can open the menu folder where want to place it, then click the right mouse button for the context menu, and select "Edit menu". You should see an application "KDE menu editor" opening. Click File | New element..., enter a name and description for it, and enter as "command" the same command as described under "From shell" above. Test the command in a shell first before adding it to the menu.<br />
<br />
== Commercial Wine versions ==<br />
<br />
You can just install the Open-Source Wine for SUSE - see below. There is also a commercial product based to a large part on Wine: Crossover Office. It has made changes to Wine to improve the execution of some specific applications on which they concentrate. You should check their list of supported applications.<br />
<br />
Crossover Office (from [http://www.codeweavers.com CodeWeavers]) supports use of some office software like MS Office and Adobe Photoshop on Linux. See the [http://www.codeweavers.com/compatibility/search Compatibility list]. There also is Crossover Games focusing on games.<br />
<br />
== Repositories ==<br />
<br />
WINE is available for all openSUSE versions on the standard installation.<br />
<br />
Up to date Wine RPMs are available from:<br />
<br />
<br />
{{Version note|Factory|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Factory/}}<br />
{{Version note|Tumbleweed|<br><br>https://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/}}<br />
{{Version note|Leap 15.3|<br><br>https://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_15.3/}}<br />
{{Version note|Leap 15.2|<br><br>https://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_15.2/}}<br />
{{Version note|Leap 15.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_15.1/}}<br />
<br />
Above URLs provide both "YUM" and old style "YAST" repositories and can be added by the YAST Installation Sources module, zypper or smart.<br />
<br />
Following packages are available:<br />
* wine: Builds of the biweekly WINE snapshot releases. This is the recommended version for most users.<br />
* wine-staging: Builds of Wine + Staging patchset, which brings lot of experimental improvements that are prepared for the regular Wine.<br />
* wine-snapshot: Daily builds of the current WINE GIT state. Only for the experienced user, can potentially be broken!<br />
<br />
The SUSE Wine packages are maintained by [[User:Msmeissn|Marcus]], [mailto:meissner@suse.de here to send e-mail]<br />
<br />
== Utilities ==<br />
<br />
=== winetricks ===<br />
<br />
Winetricks a small shell program which is included in the above packages. Just start <code>winetricks</code>.<br />
It will open a dialog offering to automatically download and install various common programs like Win32 Firefox,<br />
Apple QuickTime / iTunes, multimedia codecs, various truetype fonts, and also helper runtime dlls like the Visual C runtimes.<br />
<br />
The snapshot packages always contain the latest <code>winetricks</code>, a description can be found [http://wiki.winehq.org/winetricks here].<br />
<br />
=== Wine Doors ===<br />
[http://www.wine-doors.org/ Wine Doors] is a menu driven installer for standard Windows components, with option of downloading components.<br />
<br />
Wine Doors is in the <code>wine-doors</code> package in above repositories.<br />
<br />
=== Internet Explorer on Wine ===<br />
<br />
As a frequently asked question, how to install Internet Explorer on Wine ... <br />
<br />
Run:<br />
<br />
{{Shell|winetricks ie6}}<br />
<br />
(for IE 6) or<br />
<br />
{{Shell|winetricks ie7}}<br />
(for IE7).<br />
<br />
(In former times there was a tool called "ies4linux", but this script is not maintained nor working anymore with current Wine.)<br />
<br />
=== Picasa ===<br />
Google Labs ported the Picasa2 photo organizer through its own implementation of Wine.<br /><br />
This installation is now deprecated, one could instead install Picasa 3.9 thorough Wine. In this case it appears that [[#Internet Explorer on Wine|Internet Explorer 6]] should be installed, in order to have full functionality in Linux.<br />
<br />
== Source ==<br />
The possibility to install from source is also an option. This is usually needed only if you are debugging Wine, or if you want to compile an older separate version of wine for different programs.<br />
<br />
=== Building on x86 (32bit) ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel, giflib-devel, liblcms-devel, libxslt-devel, Mesa-devel, libpng-devel, libxml2-devel, freeglut-devel, zlib-devel, glibc-devel, fontconfig-devel, xorg-x11-devel, libjpeg-devel, unixODBC-devel, freetype2-devel, openssl-devel, openldap2-devel<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine>}}<br />
<br />
=== 64-bit ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel-32bit, giflib-devel-32bit, liblcms-devel-32bit, <br />
libxslt-devel-32bit, Mesa-devel-32bit, libpng-devel-32bit, libxml2-devel-32bit, freeglut-devel-32bit, <br />
zlib-devel-32bit, glibc-devel-32bit, fontconfig-devel-32bit, xorg-x11-devel-32bit, xorg-x11-libXext-32bit, <br />
xorg-x11-libXp-32bit, xorg-x11-libXt-32bit, capi4linux-32bit, xorg-x11-libICE-32bit, xorg-x11-libXext-devel-32bit, sane-32bit, cups-libs-32bit, libjpeg-devel-32bit, unixODBC-devel-32bit, freetype2-devel-32bit, openssl-devel-32bit, openldap2-devel-32bit, freetype2-devel-32bit, hal-32bit, hal-devel, <br />
<br />
{{Info|This list may not contain every requirement and may vary between openSUSE versions.}}<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine> --x-libraries{{=}}/usr/X11R6/lib --x-includes{{=}}/usr/include/X11/ --with-x}}<br />
<br />
== Configuration ==<br />
Wine is configured by typing <code>winecfg</code> on the command line. This will map all drives for wine and create a .wine on your home folder the first time it's run and then open the Wine configuration dialog. It's recommended that you eject all removable drives before running <code>winecfg</code> as these may confuse the installation.<br />
<br />
The file user.reg inside the .wine folder controls wine's appearance.<br />
<br />
Here is a "How to" by minio that shows how to make wine look more like the GTK industrial theme: http://ubuntuforums.org/showthread.php?t=55286 <br />
<br />
Sometimes, an application can depend on a Windows font that is not directly available by wine; it will then use to alphabetically the first font available, which might be some obscure fixed-space font, hebrew font or something. Try to<br />
{{Shell|cp /usr/share/wine/fonts/* ~/.wine/drive_c/windows/fonts/}}<br />
in case you hit this problem.<br />
<br />
===Configuration of Windows programs===<br />
If you run Wine from a terminal command line you will get an idea of how often calls are failing, even when the program runs.<br />
<br />
Check http://bugs.winehq.org/ for solutions.<br />
<br />
Wine Doors might help as you can load some extra microsoft dlls but will change the configuration quite markedly.<br />
<br />
====ChemSketch====<br />
[[SDB:ChemSketch with wine|ChemSketch]] (version 12 and before) has a windowing bug which means set up is slightly challenging, although it may seem to have worked fine the first time on a KDE session. After this ChemSketch and associated programs are unusable with a hidden window unless you take the steps in [[SDB:ChemSketch with wine]].<br />
<br />
[[Category:Emulators]]<br />
<br />
[[de:Wine]]<br />
[[es:Wine]]<br />
[[fr:Wine]]<br />
[[it:Wine]]<br />
[[ru:Wine]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=ECO&diff=159092ECO2021-08-17T12:41:50Z<p>Msmeissn: </p>
<hr />
<div>== Engineering Change Order ==<br />
<br />
This could be best understood as an approval for late Feature request against SUSE Linux Enterprise and therefore about ~4000/~12000 openSUSE Leap packages as well. This gets even more obvious and important by adoption of a following proposal [[Portal:Leap/FAQ/ClosingTheLeapGap]].<br />
<br />
Late Feature means that request is planned to be executed/implemented in a post-development phase of given release, this includes maintenance updates. Example of target milestone for given feature which would be treated as a Late Feature request would be Public Beta, Release Candidate, GMC, GM, Maintenance update.<br />
<br />
=== Why ===<br />
<br />
SUSE Linux Enterprise promises stability and predictability to customers, as in no changes in ABI, API or configuration during the lifetime of a service pack ... So "no surprises" when applying updates.<br />
<br />
Any kind of derivation from the stability promise need to go through a change management process, e.g. the ECO process, with clear determination of need, risk and what will change how.<br />
<br />
=== How this is done ===<br />
<br />
Current process implementation happens in internal [https://jira.suse.com SUSE JIRA].<br />
<br />
It's essentially a request for an approval from all stakeholders (Engineering, L3, Security, Maintenance, QA (in fact mostly Maintenance QA), documentation and Legal team. <br />
<br />
A Feature request will not be implemented in given Service Pack unless it has an approval from all of previously mentioned stakeholders.<br />
ECO process can be generally avoided if request is submitted early in the development phase. Which is the preferred scenario for all features as introducing features late in the release introduces some risks.<br />
<br />
Rejecting ECO does not mean that feature itself is rejected, it only means that it will not be implemented as a late feature request in given Service Pack.<br />
<br />
=== Community involvement ===<br />
<br />
This change process can also be used for features coming from Leap, but in this case would need a project management sponsor inside SUSE. Reach out to the Release Manager of Leap (Lubos) for help.</div>Msmeissnhttps://en.opensuse.org/index.php?title=ECO&diff=159089ECO2021-08-17T12:40:28Z<p>Msmeissn: adjust to match reality a bit better</p>
<hr />
<div>== Engineering Change Order ==<br />
<br />
This could be best understood as an approval for late Feature request against SUSE Linux Enterprise and therefore about ~4000/~12000 openSUSE Leap packages as well. This gets even more obvious and important by adoption of a following proposal [[Portal:Leap/FAQ/ClosingTheLeapGap]].<br />
<br />
Late Feature means that request is planned to be executed/implemented in a post-development phase of given release, this includes maintenance updates. Example of target milestone for given feature which would be treated as a Late Feature request would be Public Beta, Release Candidate, GMC, GM, Maintenance update.<br />
<br />
=== Why ===<br />
<br />
SUSE Linux Enterprise promises stability and predictability to customers, as in no changes in ABI, API or configuration during the lifetime of a service pack ... So "no surprises" when applying updates.<br />
<br />
Any kind of derivations from this stability promises need to go through a change management process, e.g. the ECO process.<br />
<br />
=== How this is done ===<br />
<br />
Current process implementation happens in internal [https://jira.suse.com SUSE JIRA].<br />
<br />
It's essentially a request for an approval from all stakeholders (Engineering, L3, Security, Maintenance, QA (in fact mostly Maintenance QA), documentation and Legal team. <br />
<br />
A Feature request will not be implemented in given Service Pack unless it has an approval from all of previously mentioned stakeholders.<br />
ECO process can be generally avoided if request is submitted early in the development phase. Which is the preferred scenario for all features as introducing features late in the release introduces some risks.<br />
<br />
Rejecting ECO does not mean that feature itself is rejected, it only means that it will not be implemented as a late feature request in given Service Pack.<br />
<br />
=== Community involvement ===<br />
<br />
This change process can also be used for features coming from Leap, but in this case would need a project management sponsor inside SUSE. Reach out to the Release Manager of Leap (Lubos) for help.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Maintenance_update_process&diff=156042openSUSE:Maintenance update process2021-06-02T08:57:20Z<p>Msmeissn: </p>
<hr />
<div>{{Navbar_Factory_submissions}}<br />
<br />
{{Intro|Maintenance requests are requests by packagers to release an update for an already released distribution. This page gives on overview of the process of handling these requests.}}<br />
<br />
__TOC__<br />
<br />
==Overview==<br />
<br />
Knowing the process behind a maintenance release allows to understand the importance of the steps of the process and should help with submitting packages that can be quickly pushed through the process.<br />
<br />
The following flow-chart diagram illustrates the maintenance package update process. It includes several different OBS projects: <br />
[[File:Maintenance_update_process.png]]<br />
<br />
Let's look a bit closer at some of the steps:<br />
<br />
==Check if a Leap package is inherited from SLE==<br />
<br />
Some packages from openSUSE Leap are shared with SLE. Those packages are automatically merged after the SLE-update is released.<br />
To check if your package is inherited you can look in the following package:<br />
<br />
<b>openSUSE Leap 15.3:</b><br />
<br />
openSUSE Leap 15.3 has 4 seperate updates sources.<br />
<br />
* OSS repo (openSUSE:Leap:15.3:Update): largely branding and config packages only<br />
* Non-OSS repo (openSUSE:Leap:15.3:Update:NonFree): non-free but redistributable packages like Opera<br />
* Backports repo (openSUSE:Backports:SLE-15-SP3:Update): all non SLE packages in openSUSE Leap 15.3<br />
* SLE repo (via download.opensuse.org/update/leap/15.3/sle/): all SLE imported binary packages for openSUSE Leap 15.3<br />
<br />
How to find out:<br />
<br />
<code>osc sm PACKAGE</code><br />
<br />
If the package comes from openSUSE:Leap:15.3:Update or openSUSE:Backports:SLE-15-SP3:Update , submit to these ones. The openSUSE Maintenance team will process it.<br />
<br />
If there is a SUSE:SLE-15:Update entry (or 15-SP1 , 15-SP2 or 15-SP3), submit it there. It will be mirrored into the SUSE Internal Buildservice and processed there.<br />
<br />
<b>openSUSE Leap 15.2:</b> (requires ''osc-plugin-origin'' package)<br />
<br />
$osc origin --project openSUSE:Leap:15.2 package $package<br />
<br />
<br />
==Write a meaningful changelog-entry==<br />
<br />
For the [[openSUSE:Maintenance_team|maintenance team]] it's important, that a meaningful changelog-entry is provided to prepare the patch-documentation and rating. For a detailed description, please refer to the [[openSUSE:Packaging_Patches_guidelines|patches guideline]], but here is a list of the most important information:<br />
<br />
* Bug reference (boo#123456, CVE-2016-1234,...)<br />
* short description for the fix<br />
* Added/modified/dropped patchnames<br />
<br />
==Open a maintenance request==<br />
<br />
After the package is ready to submit, you need to open a maintenance-request. You can achieve this with the following commands:<br />
<br />
<b>One package for one openSUSE release:</b><br />
$osc mr $prj $pkg $release_target<br />
<b>Several packages for one openSUSE release:</b><br />
$osc mr $prj $list $of $packages $release_target<br />
<b>Several packages for several openSUSE releases:</b><br />
<br />
(This only works if your packages are in one project and the packages were branched with '$osc mbranch $pkg' or '$osc branch -M $prj $pkg')<br />
$osc mr $prj<br />
<br />
==Maintenance team review==<br />
<br />
The [[openSUSE:Maintenance_team|maintenance team]] decides whether an update will be released. They authorize the initiation of the maintenance process and start the ball rolling. They interact directly with the packager to coordinate the submission of the package that contains the fix. They ensure that the bugs being fixed are what are actually being put into the maintenance update. The decision making process is outlined in more detail below.<br />
<br />
==Source Review ==<br />
<br />
The [[openSUSE:openSUSE review team|openSUSE review team]] does a manual review of the submission following [[openSUSE:Factory_review|these guidelines]]. Those of the review team who intend to review the maintenance submissions will find the SRs in each project's "Update" sub-project. For example, to review the submissions for openSUSE Leap 15.1, the reviewer would find the submissions in the "openSUSE:Leap:15.1:Update" project. (In reference to the graph above, note the differences between the "openSUSE:Maintenance" project and the "openSUSE:Leap:15.1:Update" project. Reviewers shouldn't be looking in the "openSUSE:Maintenance" project to do their reviews.)<br />
<br />
==QA review==<br />
openSUSE maintenance updates are tested with openQA and by our community. We are waiting around 5 days, to see if issues are reported, before we release the update.<br />
<br />
If you want to test all pending updates, you need to register the following repository:<br />
<b>openSUSE Leap 15.2:</b><br />
http://download.opensuse.org/update/leap/15.2-test/<br />
<br />
<b>openSUSE Leap 15.1:</b><br />
http://download.opensuse.org/update/leap/15.1-test/<br />
<br />
<b>openSUSE Leap 15.0:</b><br />
http://download.opensuse.org/update/leap/15.0-test/<br />
<br />
[[ja:openSUSE:メンテナンス更新プロセス]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Lifetime&diff=149140Lifetime2020-11-10T10:40:55Z<p>Msmeissn: 15.1 eol now fixed on january 2021</p>
<hr />
<div>{{Intro|<br />
'''[[Portal:Leap|openSUSE Leap]]''', the new Regular Release, brings with it a new '''lifetime'''.<br />
<br />
Each Leap '''Major Release''' (42, 15, etc.) is expected to be maintained for at least 36 months, until the next major version of Leap is available.<br />
<br />
A Leap '''Minor Release''' (42.1, 42.2, etc.) is expected to be released annually. Users are expected to upgrade to the latest minor release within 6 months of its availability, leading to a maintenance life cycle of 18 months.<br />
}}<br />
<br />
== openSUSE Leap ==<br />
<br />
[[Portal:Leap|openSUSE Leap]] is the new name for openSUSE's regular releases, which were previously known as just 'openSUSE' for versions 13.2 and earlier.<br />
<br />
During the lifetime for Leap you will receive:<br />
* security updates for all included packages<br />
* critical bugfix updates (usually these are found and fixed in the first few months of its lifetime)<br />
<br />
The following distributions are expected to receive updates until the specified date:<br />
* [[Portal:15.1|Leap 15.1]] - is maintained until end of January 2021 [https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00040.html Advance discontinuation notice]<br />
* [[Portal:15.2|Leap 15.2]] - is expected to be maintained until end of December 2021<br />
<br />
<br />
== openSUSE Tumbleweed ==<br />
<br />
[[Portal:Tumbleweed|openSUSE Tumbleweed]] is a rolling release which has a lifetime of 'forever'<sup>1</sup>, assuming you are running the latest updated packages. <br />
<br />
It receives security updates, bug fixes and new features (most often as new software versions) as soon as they are integrated and tested by the openSUSE community.<br />
<br />
Critical security updates for packages may also be provided in situations where new software versions may not yet address major security issues.<br />
<br />
{{Info|1: Given the declining usage of i586 devices, there have been discussions over [https://lists.opensuse.org/opensuse-factory/2017-08/msg00092.html whether or not to drop support for Tumbleweed i586]. While there is no concrete plan to drop i586 support now, do note this may change in the future.}}<br />
----<br />
<br />
== Discontinued distributions ==<br />
<br />
Users running a (soon-to-be) discontinued version of openSUSE should [[SDB:System upgrade|upgrade]] their systems to a supported release to receive [[Portal:Maintenance|security updates]] and [[openSUSE:Communication channels|community support]]. Since eventually [[Package repositories|package repositories]] for discontinued releases are removed from [[openSUSE:Mirrors|download servers]] as well as the build target list of the [[Portal:Build Service|Build Service]], it will be increasingly difficult to install new software on such distributions.<br />
<br />
The following distributions have reached their end of life and should not be used:<br />
<br />
* [[Portal:15.0|openSUSE Leap 15.0]] - Dec 3rd 2019 - ([https://lists.opensuse.org/opensuse-security-announce/2019-12/msg00007.html done])<br />
* [[Portal:42.3|openSUSE Leap 42.3]] - Jul 1st 2019 - ([https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00000.html done])<br />
* [[Portal:42.2|openSUSE Leap 42.2]] - Jan 26th 2018 - ([https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00103.html done])<br />
* [[Portal:42.1|openSUSE Leap 42.1]] - May 17th 2017 - ([http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00053.html done])<br />
* [[Portal:13.2|openSUSE 13.2]] - Jan 17th 2017 - ([https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00033.html done])<br />
* [[Portal:13.1|openSUSE 13.1]] - Feb 3rd 2016 - ([http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00004.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 13.1 had been ended.)<br />
* [[Portal:12.3|openSUSE 12.3]] - Jan 29th 2015 ([http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00003.html done])<br />
* [[Portal:12.2|openSUSE 12.2]] - Jan 15th 2014 ([http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00008.html done])<br />
* [[Portal:12.1|openSUSE 12.1]] - May 15th 2013 ([http://lists.opensuse.org/opensuse-announce/2013-06/msg00000.html done])<br />
* [[Portal:11.4|openSUSE 11.4]] - November 5th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-11/msg00000.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.4 had been ended.)<br />
* [[Portal:11.3|openSUSE 11.3]] - January 20th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-01/msg00001.html done])<br />
* [[Portal:11.2|openSUSE 11.2]] - May 12th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00003.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.2 had been ended.)<br />
* [[Portal:11.1|openSUSE 11.1]] - January 14th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00005.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.1 had been ended.)<br />
* [http://en.opensuse.org/Archive:OpenSUSE_11.0 openSUSE 11.0] - July 26th, 2010 ([http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00007.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.3 openSUSE 10.3] - October 31st 2009 ([http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00008.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.2 openSUSE 10.2] - November 30th 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.1 SUSE Linux 10.1] - May 31st 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.0 SUSE Linux 10.0] - November 30st 2007 ([http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00000.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.3 SUSE Linux 9.3] - April 30th 2007 ([http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00005.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.2 SUSE Linux 9.2] - October 31st 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Nov/0009.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.1 SUSE Linux 9.1] - June 30th 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Jul/0006.html done])<br />
<br />
openSUSE versions up to and including 11.1 had a lifetime of two years, and versions up to and including 13.2 had a lifetime of two releases plus an extra two month overlap.<br />
<br />
Discontinuation announcements will be sent to these mailing lists:<br />
* [http://lists.opensuse.org/opensuse-security-announce/ opensuse-security-announce] and <br />
* [http://lists.opensuse.org/opensuse-announce/ opensuse-announce].<br />
<br />
Images of discontinued images can still be downloaded from [[openSUSE:Mirrors#EOL mirrors|this list of mirrors]].<br />
<br />
=== Evergreen (long-term maintenance) ===<br />
<br />
The [[openSUSE:Evergreen|Evergreen]] project was a community effort for continued maintenance of selected openSUSE releases prior to openSUSE Leap.<br />
<br />
All previous Evergreen versions of openSUSE are now out of support.<br />
<br />
----<br />
<br />
== SUSE Linux Enterprise products ==<br />
<br />
The lifetime of SUSE Enterprise products is listed on the [https://www.suse.com/lifecycle/ SUSE website]. Customers are able to receive support, security and maintenance updates for these products.<br />
<br />
[[Category:Distribution]]<br />
<br />
[[cs:SUSE Linux Lifetime]]<br />
[[de:Produktlebensdauer]]<br />
[[es:Ciclo de vida]]<br />
[[fr:SUSE_Linux_Lifetime]]<br />
[[it:Lifetime]]<br />
[[hu:SUSE Linux élettartam]]<br />
[[ru:Сроки поддержки]]<br />
[[ja:ライフタイム]]<br />
[[zh:使用期限]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Portal:Jump/Leap15.2.1:GoNogo&diff=148609Portal:Jump/Leap15.2.1:GoNogo2020-10-20T07:31:45Z<p>Msmeissn: </p>
<hr />
<div>== What is the Go-NoGo decision for? ==<br />
<br />
'''We're deciding whether we want to release openSUSE Jump as openSUSE Leap 15.2.1. The current [[openSUSE:Roadmap|Roadmap]] proposes that openSUSE Leap 15.2.1 release would be the 4th of November 2020.'''<br />
<br />
If we decide for (conditional) Go, then openSUSE Leap 15.2.1 will be released as an intermediate release in between openSUSE Leap 15.2 and 15.3. If we decide for No-Go then we'll move directly to openSUSE Leap 15.3 development according to the [[openSUSE:Roadmap|roadmap]]. openSUSE Leap 15.3 would then be based on the same proposed [[Portal:Jump]] concept.<br />
<br />
We'd like to make our decision based on openSUSE Jump alignment with [https://etherpad.opensuse.org/p/ClosingTheLeapGap-20200924-interlock-discussion preagreed conditions] discussed with Product Management for SUSE Linux Enterprise. These points were provided for a review to the community as part of an announcement to opensuse-factory@ and opensuse-project@<br />
<br />
== When does the decision happen? ==<br />
October 20th 2020 - 9-10am CEST. Stakeholders received a link to the virtual event.<br />
<br />
== Conditions that Jump is expected to meet before release ==<br />
<br />
I have categorized items however they're the same as in https://etherpad.opensuse.org/p/ClosingTheLeapGap-20200924-interlock-discussion<br />
<br />
=== SLE Product Management ===<br />
<br />
=== Release Management and Release Engineering ===<br />
* Currently proposed release day for Leap 15.2.1 according to the [[openSUSE:Roadmap|roadmap]] is November 4th 2020.<br />
* The Availability of SUSE signed rpms without a geolocation limit. Simplified can we ship it?<br />
* The community can raise feature requests for packages inherited from SUSE Linux Enterprise<br />
** https://en.opensuse.org/Portal:Jump/Policy/SubmitRequests<br />
** https://en.opensuse.org/Portal:Jump/Policy/CommunitySLEChangeRequests<br />
<br />
* No Build build failures unless an exception was granted for a particular package.<br />
* The release is based on SUSE Linux Enterprise 15 SP2 Updates and related openSUSE Backports.<br />
** With exception of features that were rejected and the openSUSE community agreed to drop feature (currently only qemu-kvm/SDL2 integration)<br />
* All features that are implemented in SLE-15-SP3 need to be currently rebuilt in openSUSE Jump (with is_opensuse) so we do not regress in features.<br />
<br />
=== The Build Service ===<br />
<br />
* Sign off on the current setup Jump build infrastructure as far as submission and pre-integration workflow goes.<br />
* The community can create code change requests for packages inherited from SUSE Linux Enterprise<br />
** https://en.opensuse.org/Portal:Jump:OBS:SRMirroring<br />
<br />
=== Quality ===<br />
* No blockers on openQA https://openqa.opensuse.org/group_overview/75, https://openqa.opensuse.org/group_overview/76<br />
** Soft fails or documented known issues are okay<br />
<br />
=== Migrations ===<br />
<br />
* Migration of Leap 15.2 to Leap 15.2.1 works.<br />
** Not necessarily the older releases even when we test them.<br />
** Our docs say you need to migrate from release to release and follow the n+1 migration scenario (do not skip any release in between).<br />
* Migration from Leap 15.2.1 -> SLE 15 SP2 is working<br />
** We need to document that the user needs to enable update repositories, or the user has to use the image for the latest Quarterly Update<br />
<br />
=== Maintenance and Security ===<br />
* Maintenance setup is set up and tested<br />
<br />
== Go / NoGo decision ==<br />
<br />
Please make your decision based on the openSUSE Jump alignment to the group of conditions that belong to your work area. <br />
<br />
'''Legend'''<br />
* Please enter 'Go' if conditions (or their combination) belonging to your work area are met on the day of the Signoff (20th October).<br />
<br />
* Please enter 'Conditional Go' If conditions belonging to your work are not met on the day of sign-off but there is a chance that it would be met until the expected GA (4th November). Please enter problematic conditions into the "Reasoning" column.<br />
<br />
* Please enter 'Conditional NoGo' If conditions belonging to your work are not met on the day of sign-off but there might be a chance that it would be met until the expected GA (4th November). Please enter problematic conditions into the "Reasoning" column.<br />
<br />
* Please choose 'No-Go' in case that conditions belonging to your work area are not met and you don't see how it could be met until the expected GA. Please enter problematic conditions into the "Reasoning" column.<br />
<br />
{| class="wikitable"<br />
|-<br />
! Team !! Stakeholder !! Decision (Go/Conditional Go/Conditional NoGo/NoGo) !! Reasoning<br />
|-<br />
| openSUSE Release Team || Lubos Kocman || Conditional NoGo || Leap forks are documented here https://en.opensuse.org/Portal:Jump/Leap15.2.1:Forks. No Seamless migration yet bsc#1173582 / jsc#SLE-14807. Maintenance setup is yet untested. SR mirroring works but is still in-progress, ETA is end of the October jsc#OBS-63. Selected community members can open JIRA features against SLE/Leap. <br />
|-<br />
| openSUSE Release Team || Max Lin || Conditional NoGo || Migrations does work before GA. Online repositories setup is done.<br />
|-<br />
| openSUSE Release Team || Guillaume Gardet || NoGo || Too much incertinity. See Lubos comments + some packages are missing for aarch64, VLC is an example, but I suspect there are more missing packages for non-x86 archs (From PackageHub). Could we have something to check this kind of problems?<br />
|-<br />
| openSUSE Release Team || Michel Normand || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| openSUSE Release Team || Dirk Müller || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| openSUSE Release Team || Dominique Leuenberger|| Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| SLE Release Management || Alexander Herzig || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| SLE Release Management || Stefan Weiberg || Go || Not all CTLG features are yet delivered in 15 SP3<br />
|-<br />
| Autobuild team || Rüdiger Oertel || Conditional NoGo || neither update nor product repo is in place with currently agreed name and version, so clearly missing target for RC phase<br />
|-<br />
| Autobuild team || Adrian Schröter || Conditional NoGo || Non final update meta data. product data needs discussion, broken IMHO atm. No collaboration possible yet due missing features. Atm too early decide atm.<br />
|-<br />
| Maintenance team || Stephan Barth, Marcus Meissner || Conditional NoGo || ECOs not approved, zchunk maintainer missing, Marcus: maintenance and repo setup not finished, only 3 weeks left<br />
|-<br />
| Security team || Marcus Meissner || Conditional NoGo || Secure boot: cannot mix opensuse and suse kernel modules or other secure boot packages, security is otherwise conditional go<br />
|-<br />
| Package Hub || Wolfgang Engel, || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Package Hub || Scott Bahling || Go || <br />
|-<br />
| Beta Program || Vincent Moutoussamy || Go || On Vacation but said that it's a Go on behalf of him and his area of interest.<br />
|-<br />
| Engineering - Product Migration|| Jiří Šrain || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Engineering - Kernel || Libor Pecháček || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Engineering - Desktop || Frederic Crozat || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Quality Assurance || Marita Werner || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Quality Assurance Maintenance || Heiko Rommel || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| Quality Assurance Migrations || Wei Gao || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| SLE Architect || Thorsten Kukuk || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|-<br />
| SLE Product Management || Stefan Behlert || Go/Conditional Go/Conditional NoGo/NoGo || Reason for decision if not Go<br />
|}</div>Msmeissnhttps://en.opensuse.org/index.php?title=Portal:Security/Topics&diff=145933Portal:Security/Topics2020-08-07T09:44:17Z<p>Msmeissn: replaced some novell urls by current ones, remove 1 non relevant</p>
<hr />
<div>{{Point here|[[Image:Icon-package.png|48px|link=]]|<br />
'''Features'''<br />
<br />
openSUSE's [[openSUSE:Security Features|Security Features]] help to prevent bugs from being exploitable.<br />
}}<br />
{{Point here|[[Image:LibreOffice-document symbol.png|48px|link=]]|<br />
'''Documentation'''<br />
<br />
For information about SUSE specific security features and their configuration see [[openSUSE:Security Documentation|Security Documentation]].<br />
}}<br />
{{Point here|[[Image:Icon-keyboard.png|48px|link=]]|<br />
'''Updates'''<br />
<br />
Security updates for openSUSE Leap stable releases are provided by the SUSE Security Team, with the help of community maintainers and developers. See the openSUSE [[Lifetime]] page for details on currently maintained stable releases and lifetime details.<br />
<br />
For packages in Leap that are inherited from [https://www.suse.com/products/server/ SUSE Linux Enterprise], the updates built from the same sources will be released for openSUSE Leap. <br />
<br />
A well defined [[openSUSE:Security_Incident_Handling|Incident Handling Process]]<br />
is used to track, coordinate and release updates.<br />
<br />
Security announcements are sent to the<br />
[mailto:opensuse-security-announce%2Bsubscribe@opensuse.org opensuse-security-announce]<br />
mailinglist. An [http://lists.opensuse.org/opensuse-security-announce/ archive] is also available.<br />
This security announcement lists only important features and critical updates to keep traffic low. <br />
To get all openSUSE updates subscribe to the [mailto:opensuse-updates%2Bsubscribe@opensuse.org opensuse-updates] mailinglist, or look at its [http://lists.opensuse.org/opensuse-updates/ archive].<br />
<br />
SUSE Linux Enterprise specific announcements can be found via the SUSE Customer Center, via [http://lists.suse.com/mailman/listinfo/sle-security-updates this mailinglist],<br />
or on the [https://www.suse.com/support/update/ Update Notices page].<br />
<br />
openSUSE updates are freely available on our [[Package_repositories#Update|Update Mirrors]]. Desktop applets warn users about new updates and offer to install them with just some mouse clicks. Alternatively command line update tools ([[Portal:Zypper|zypper]]) or graphical package management tools ([[Portal:YaST|YaST]]) are also available for installing updates, or you can even turn on fully automatic update installation.<br />
}}<br />
{{Point here|[[Image:Icon-distribution.png|48px|link=]]|<br />
'''Links'''<br />
<br />
openSUSE security related links on the SUSE website:<br />
<br />
* [https://www.suse.com/support/update/ SUSE Linux Enterprise Updates Notices]<br />
* [https://www.suse.com/security/cve/ SUSE security problems by CVE index]<br />
<br />
'''Other references'''<br />
* [http://www.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Benchmark_v2.0.pdf Center for Internet Security: SUSE Linux Benchmark]<br />
}}</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Security_team&diff=145930openSUSE:Security team2020-08-07T09:38:54Z<p>Msmeissn: added katia</p>
<hr />
<div>{{Security navbar}}<br />
<div class="center"><br />
[[File:Icon-security.png|48px]]<br />
</div><br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Introduction ===<br />
</div><br />
The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Contact Details ===<br />
</div><br />
<br />
* You can mail us at [mailto:security@suse.de security@suse.de]<br />
{{mailinglist|opensuse-security-announce|Publication of security announcements}}<br />
{{mailinglist|opensuse-security|Discussion forum for security topics}}<br />
* There is also security related IRC channel [irc://irc.opensuse.org/openSUSE-security #openSUSE-security]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Members ===<br />
</div><br />
The security team includes the following SUSE employees:<br />
<br />
* [[User:Abergmann|Alexander Bergmann]]<br />
* Alexandros Toptsoglou<br />
* Johannes Segitz<br />
* Malte Kraus<br />
* Matthias Gerstner<br />
* Robert Frohl<br />
* Wolfgang Frisch<br />
* Hans L&oouml;hr<br />
<br />
Project manager Security:<br />
* [[User:Msmeissn|Marcus Mei&szlig;ner]]<br />
<br />
Project manager Security Certifications:<br />
* Katia Rojas<br />
<br />
Teamlead:<br />
* [[User:Jone_it|Ivan Teblin]]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Areas of work ===<br />
</div><br />
We work in following large areas:<br />
<br />
=== Reactive work ===<br />
<br />
Thats what you see as security updates. We monitor mailinglist,<br />
coordinate between vendors, check software releases, and receive<br />
reports and drive the security update process of the openSUSE and SUSE Linux based products during their [[Lifetime|lifetime]].<br />
<br />
This is summarized on the page [[openSUSE:Security_Incident_Handling|incident handling]].<br />
<br />
* Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/<br />
* If you want to report an incident, mail [mailto:security@suse.de security@suse.de]<br />
* Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)<br />
<br />
Fingerprint:<br />
<pre><br />
pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10]<br />
Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922<br />
uid [ full ] SUSE Security Team <security@suse.com><br />
uid [ full ] SUSE Security Team <security@suse.de><br />
sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2022-03-10]<br />
</pre><br />
(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)<br />
<br />
=== Proactive work ===<br />
<br />
We regularly check packages contained in our Linux distributions.<br />
We focus on security critical packages, network daemons, setuid<br />
programs and similar. We also work on the [[openSUSE:Security Features|Security Features]].<br />
<br />
We also try to replace security critical daemons or setuid binaries<br />
by technologies less prone to attacks.<br />
<br />
Please see our [[openSUSE:Security disclosure policy|policy]] on details how and when we disclose security issues found by us.<br />
<br />
=== Research ===<br />
<br />
We research security related technologies.<br />
<br />
[[Category:Team pages]]<br />
[[Category:Security]]<br />
<br />
[[de:Sicherheits-Team]]<br />
[[ru:Security_Team]]<br />
<br />
__NOTOC__</div>Msmeissnhttps://en.opensuse.org/index.php?title=User:Msmeissn&diff=143065User:Msmeissn2020-06-08T12:36:39Z<p>Msmeissn: </p>
<hr />
<div>I am working for SUSE since 2002.<br />
<br />
My current role is ''Technical Project Manager Security''.<br />
<br />
For openSUSE I am part of (the [[openSUSE:Security_team|security team]]) that is taking care of security, and I am also part of the [[openSUSE:Maintenance_team|Maintenance Team]].<br />
<br />
I also maintain some packages, notably the [[Wine]] and gphoto ones.<br />
<br />
If you are curious, you can find me on facebook, twitter, flickr, xing, linkedin, github, sourceforge etc.<br />
<br />
My GPG key is: <br />
<br />
<pre><br />
pub rsa4096/0x2209D6902F969C95 2015-01-12 [SC]<br />
Schl.-Fingerabdruck = 7C4A FD61 D8AA E757 0796 A517 2209 D690 2F96 9C95<br />
uid [ ultimativ ] Marcus Meißner (german spelling) <meissner@suse.de><br />
uid [ ultimativ ] Marcus Meissner (SUSE) <meissner@suse.com><br />
uid [ ultimativ ] Marcus Meissner (SUSE) <meissner@suse.de><br />
sub rsa4096/0x9889B3EAF58CA51C 2015-01-12 [E]<br />
</pre></div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Security_team&diff=143062openSUSE:Security team2020-06-08T12:35:23Z<p>Msmeissn: </p>
<hr />
<div>{{Security navbar}}<br />
<div class="center"><br />
[[File:Icon-security.png|48px]]<br />
</div><br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Introduction ===<br />
</div><br />
The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Contact Details ===<br />
</div><br />
<br />
* You can mail us at [mailto:security@suse.de security@suse.de]<br />
{{mailinglist|opensuse-security-announce|Publication of security announcements}}<br />
{{mailinglist|opensuse-security|Discussion forum for security topics}}<br />
* There is also security related IRC channel [irc://irc.opensuse.org/openSUSE-security #openSUSE-security]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Members ===<br />
</div><br />
The security team includes the following SUSE employees:<br />
<br />
* [[User:Abergmann|Alexander Bergmann]]<br />
* Alexandros Toptsoglou<br />
* Johannes Segitz<br />
* Malte Kraus<br />
* Matthias Gerstner<br />
* Robert Frohl<br />
* Wolfgang Frisch<br />
* Hans L&oouml;hr<br />
<br />
Project manager Security:<br />
* [[User:Msmeissn|Marcus Mei&szlig;ner]]<br />
<br />
Teamlead:<br />
* [[User:Jone_it|Ivan Teblin]]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Areas of work ===<br />
</div><br />
We work in following large areas:<br />
<br />
=== Reactive work ===<br />
<br />
Thats what you see as security updates. We monitor mailinglist,<br />
coordinate between vendors, check software releases, and receive<br />
reports and drive the security update process of the openSUSE and SUSE Linux based products during their [[Lifetime|lifetime]].<br />
<br />
This is summarized on the page [[openSUSE:Security_Incident_Handling|incident handling]].<br />
<br />
* Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/<br />
* If you want to report an incident, mail [mailto:security@suse.de security@suse.de]<br />
* Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)<br />
<br />
Fingerprint:<br />
<pre><br />
pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10]<br />
Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922<br />
uid [ full ] SUSE Security Team <security@suse.com><br />
uid [ full ] SUSE Security Team <security@suse.de><br />
sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2022-03-10]<br />
</pre><br />
(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)<br />
<br />
=== Proactive work ===<br />
<br />
We regularly check packages contained in our Linux distributions.<br />
We focus on security critical packages, network daemons, setuid<br />
programs and similar. We also work on the [[openSUSE:Security Features|Security Features]].<br />
<br />
We also try to replace security critical daemons or setuid binaries<br />
by technologies less prone to attacks.<br />
<br />
Please see our [[openSUSE:Security disclosure policy|policy]] on details how and when we disclose security issues found by us.<br />
<br />
=== Research ===<br />
<br />
We research security related technologies.<br />
<br />
[[Category:Team pages]]<br />
[[Category:Security]]<br />
<br />
[[de:Sicherheits-Team]]<br />
[[ru:Security_Team]]<br />
<br />
__NOTOC__</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Security_team&diff=143059openSUSE:Security team2020-06-08T12:33:59Z<p>Msmeissn: new sec key</p>
<hr />
<div>{{Security navbar}}<br />
<div class="center"><br />
[[File:Icon-security.png|48px]]<br />
</div><br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Introduction ===<br />
</div><br />
The SUSE Security Team takes care of the security of the Linux products, both the community products (openSUSE distribution, the buildservice code, etc.) and enterprise products (e.g. SUSE Linux Enterprise Server and Desktop).<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#000000"><br />
=== Contact Details ===<br />
</div><br />
<br />
* You can mail us at [mailto:security@suse.de security@suse.de]<br />
{{mailinglist|opensuse-security-announce|Publication of security announcements}}<br />
{{mailinglist|opensuse-security|Discussion forum for security topics}}<br />
* There is also security related IRC channel [irc://irc.opensuse.org/openSUSE-security #openSUSE-security]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Members ===<br />
</div><br />
The security team includes the following SUSE employees:<br />
<br />
* [[User:Abergmann|Alexander Bergmann]]<br />
* Alexandros Toptsoglou<br />
* Johannes Segitz<br />
* Malte Kraus<br />
* Matthias Gerstner<br />
* Robert Frohl<br />
* Wolfgang Frisch<br />
<br />
Project manager Security:<br />
* [[User:Msmeissn|Marcus Mei&szlig;ner]]<br />
<br />
Teamlead:<br />
* [[User:Jone_it|Ivan Teblin]]<br />
<br />
<div style="background-color:#E5E5E6;text-align:center;color:#0b5147"><br />
<br />
=== Areas of work ===<br />
</div><br />
We work in following large areas:<br />
<br />
=== Reactive work ===<br />
<br />
Thats what you see as security updates. We monitor mailinglist,<br />
coordinate between vendors, check software releases, and receive<br />
reports and drive the security update process of the openSUSE and SUSE Linux based products during their [[Lifetime|lifetime]].<br />
<br />
This is summarized on the page [[openSUSE:Security_Incident_Handling|incident handling]].<br />
<br />
* Our SUSE Linux Enterprise security page can be found at https://www.suse.com/security/<br />
* If you want to report an incident, mail [mailto:security@suse.de security@suse.de]<br />
* Our GPG key is on the website above, every CD 1 and on the keyservers. (new key ID: 0xB205E69BAB2FD922, old key ID: 0x21FE92322BA9E067)<br />
<br />
Fingerprint:<br />
<pre><br />
pub rsa4096/0xB205E69BAB2FD922 2020-03-10 [SC] [expires: 2022-03-10]<br />
Key fingerprint = 2BAB 445F B9B4 F0D3 30E4 7CB0 B205 E69B AB2F D922<br />
uid [ full ] SUSE Security Team <security@suse.com><br />
uid [ full ] SUSE Security Team <security@suse.de><br />
sub rsa4096/0xA679ED66FD417627 2020-03-10 [E] [expires: 2022-03-10]<br />
</pre><br />
(as this is a community editable Wiki page, please cross check against other sources, like our DVD and that the key is signed by trusted parties)<br />
<br />
=== Proactive work ===<br />
<br />
We regularly check packages contained in our Linux distributions.<br />
We focus on security critical packages, network daemons, setuid<br />
programs and similar. We also work on the [[openSUSE:Security Features|Security Features]].<br />
<br />
We also try to replace security critical daemons or setuid binaries<br />
by technologies less prone to attacks.<br />
<br />
Please see our [[openSUSE:Security disclosure policy|policy]] on details how and when we disclose security issues found by us.<br />
<br />
=== Research ===<br />
<br />
We research security related technologies.<br />
<br />
[[Category:Team pages]]<br />
[[Category:Security]]<br />
<br />
[[de:Sicherheits-Team]]<br />
[[ru:Security_Team]]<br />
<br />
__NOTOC__</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Security_Features&diff=132724openSUSE:Security Features2019-03-19T13:45:23Z<p>Msmeissn: /* Compiler and Toolchain */</p>
<hr />
<div>{{Security navbar}}<br />
{{Intro|Various security features are included in the openSUSE distribution.}}<br />
<br />
== Compiler and Toolchain ==<br />
<br />
* glibc malloc heap corruption checking to avoid double-free and similar attacks. These checks have existed in glibc for several years now and are active for all our distributions starting with SUSE Linux Enterprise Server 9.<br />
* The "Fortify Source" extensions in gcc and glibc are enabled for all packages by default (using -D_FORTIFY_SOURCE=2) since SUSE Linux 10.0 and SUSE Linux Enterprise 10. This extension brings:<br />
** Compile buffer overflow checking for various C string / memory functions. On a overflow of a buffer that is already provable at compile time a warning is emitted by the compiler and caught by our build processes.<br />
** Runtime buffer overflow checking for the C string / memory functions for destination buffers whose size is known at compile time. An overflow here triggers a controlled abort of the program. <br />
** Exploitation of format string problems trigger a controlled abort of the program.<br />
** Specific warnings on missing return value checks of dangerous library functions.<br />
* Runtime stack overflow checking using -fstack-protector is used in some critical packages in SUSE Linux 10.1 and SUSE Linux Enterprise 10 and enabled by default for all packages starting with openSUSE 10.2.<br />
* Marking stack and heap non-executable to make NX possible is done for nearly all packages for some time now.<br />
* -z relro is enabled by default since SUSE Linux 10.1, which makes attacks on specific ELF sections no longer work.<br />
* While a number of selected binaries were built as Position Independend Executables (PIE) for a while, on May 2017 Tumbleweed was switched to enabling PIE per default for all binaries. SUSE Linux Enterprise 15 and openSUSE Leap 15.0 and later have all binaries built with PIE enabled.<br />
* Stack Clash Protection ( -fstack-clash-protection) is enabled in SUSE Linux Enterprise 15 and later and also on Leap 15.0 and later, and for freshly released updates in SUSE Linux Enterprise 12 and openSUSE Leap 42.3.<br />
----<br />
<br />
== Kernel ==<br />
* Hardware based NX (No eXecute, also known as DEP) support is enabled for Stack and Heap since SUSE Linux Enterprise Server 9 on:<br />
** all AMD64/EM64T processors.<br />
** on x86 machines using the "bigsmp" or "pae" kernel and the processor being able to support the NX bit.<br />
* We do not include Software NX at this time, since it is not in the mainline kernel and likely never will be.<br />
<br />
* Address Space Randomization is used for the stack and library mappings since SUSE Linux Enterprise 10 and SUSE Linux 10.1.<br />
* Address Space Randomization for PIE binaries and their heaps since openSUSE 11.1 and SUSE Linux Enterprise 11. (randomize_va_space=1)<br />
* Address Space Randomization for binaries seperated from heaps and for the VDSO segment starting with openSUSE 12.2. (COMPAT_VDSO and COMPAT_BRK turned off, randomize_va_space=2)<br />
<br />
<br />
* "ExecShield" and "PAX" contain several features including the ones listed above. This means that we implement parts of the "ExecShield" and "PAX" functions already at this time.<br />
<br />
----<br />
<br />
== AppArmor ==<br />
We included the Mandatory Access Control System [[SDB:AppArmor|AppArmor]] to confine potentially endangered applications.<br />
<br />
SELinux is enabled in the kernel, though there is no default policy provided.<br />
<br />
----<br />
<br />
== Firewall ==<br />
Since SUSE Linux 9.3 the iptables based [[SuSEfirewall2]] is enabled by default, including a very restrictive inbound filtering.<br />
<br />
nftables is available for installation starting with 13.2 onwards.<br />
<br />
----<br />
== Software choice ==<br />
We chose to run only a minimal set of daemons in the default configuration. Only the following are listening<br />
to the network:<br />
* SSH daemon<br />
* portmap daemon<br />
* avahi/mDNSResponder<br />
* cups print server<br />
<br />
All of them are blocked by the firewall by default though.<br />
<br />
----<br />
== setuid binaries ==<br />
Setuid/setgid binaries are:<br />
* kept to a minimum. We try to replace them by more secure methods of user - root privilege passing or even get rid of them at all.<br />
* new ones are required to be source audited by the [[openSUSE:Security_team|Security Team]], old ones are audited again after some time.<br />
<br />
----<br />
== Source code audits ==<br />
System services, setuid binaries, PAM modules, DBUS Services and other security relevant software is audited by the security team and the findings reported to the upstream maintainers and fixed.<br />
<br />
----<br />
== Misc <br />
<br />
crypt(3) algorithm: DES until ..., Blowfish since ..., SHA512 since ...<br />
<br />
[[Category:Security]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Wine&diff=126342Wine2018-05-29T08:48:53Z<p>Msmeissn: /* Repositories */</p>
<hr />
<div>{{Intro|[http://www.winehq.org/ Wine] is an open-source implementation of Windows API for Linux. This enables you to run your favorite Windows programs on Linux.<br />
<br />
Wine makes Linux "pose" as Windows. Unlike VMWare, Xen and others which pretend to be a computer, on which you then run the real Microsoft Windows as you would on a physical machine, Wine instead just pretends to be Windows, by offering applications the Windows API and functions they use, and mapping them to the corresponding Linux API.<br />
<br />
Given that Wine pretends to be Windows, and Windows is complex and convoluted, this posing works only to a certain degree, and varies a lot depending on which Windows application you use, which functions it uses and how complete the Wine implementation is. You can check the [http://appdb.winehq.org/ Wine Application Database] for other people's experiences with your application.<br />
Both regular office apps and games are supported by the standard Open-Source Wine shipped with openSUSE.<br />
There are also some non-free versions of Wine which support other applications.}}<br />
<br />
__TOC__<br />
<br />
== Use ==<br />
<br />
Of course, Wine needs to be installed, see Repositories below.<br />
<br />
To use the Windows program, first Linux needs to have access to it. The preferred (more reliable and secure) way is to install it from the Windows program's installation CD, by running the setup.exe with Wine, i.e. when openSUSE recognizes the inserted CD and opens it in Konqueror, you just click on setup.exe.<br />
<br />
By default, the emulated drive C: will be a directory on the Linux partition, and you can install your program there. You don't need to have Microsoft Windows installed nor to access any possibly existing Windows partition.<br />
<br />
Afterwards, you start the program via one of the ways listed below.<br />
<br />
=== From Konqueror/Nautilus ===<br />
<br />
You should be able to just click on a Windows .exe file in your file manager (e.g. Konqueror). That should start the program in Wine (TODO verify common file managers).<br />
<br />
CDs that you insert should appear under /media/, and the C: drive in Wine is mapped by default to <code>~/.wine/drive_c/</code> - paste that in your Konqueror address bar and make a bookmark.<br />
<br />
=== From shell ===<br />
<br />
If you open a [[SDB:What_is_a_console|terminal]] (e.g. Konsole or Gnome Terminal), you can also type <code>wine "<i>/media/dvd/setup.exe</i>"</code> or <code>wine "<i>/media/c/Program Files/Mozilla Firefox/firefox.exe</i>"</code>, where the <i>italics</i> part is the path to the program you want to start, and it depends on your system and your application. The quotes are needed if you have spaces in the pathname.<br />
<br />
=== From start menu ===<br />
<br />
Most Windows programs will create menu and desktop entries during their installation and these will show up in either the GNOME or KDE start menus somewhere.<br />
<br />
If you want to have an entry for the program in your start / KDE / SuSE menu, you can open the menu folder where want to place it, then click the right mouse button for the context menu, and select "Edit menu". You should see an application "KDE menu editor" opening. Click File | New element..., enter a name and description for it, and enter as "command" the same command as described under "From shell" above. Test the command in a shell first before adding it to the menu.<br />
<br />
== Commercial Wine versions ==<br />
<br />
You can just install the Open-Source Wine for SUSE - see below. There are also two commercial products based to a large part on Wine: Crossover Office and Cedega. Both have made changes to Wine to improve the execution of some specific applications on which they concentrate. You should check their list of supported applications.<br />
<br />
Crossover Office (from [http://www.codeweavers.com CodeWeavers]) supports use of some office software like MS Office and Adobe Photoshop on Linux. See the [http://www.codeweavers.com/compatibility/search Compatibility list]. There also is Crossover Games focusing on games.<br />
<br />
== Repositories ==<br />
<br />
WINE is available for all openSUSE versions on the standard installation.<br />
<br />
Up to date Wine RPMs are available from:<br />
<br />
<br />
{{Version note|Factory|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Factory/}}<br />
{{Version note|Tumbleweed|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/}}<br />
{{Version note|Leap 15.0|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_15.0/}}<br />
{{Version note|Leap 42.3|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.3/}}<br />
{{Version note|Leap 42.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.2/}}<br />
{{Version note|Leap 42.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.1/}}<br />
{{Version note|13.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.2/}}<br />
{{Version note|13.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.1/}}<br />
{{Version note|SLE 12 SP3|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP3/}}<br />
{{Version note|SLE 12 SP2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP2/}}<br />
{{Version note|SLE 12 SP1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP1/}}<br />
{{Version note|SLE 12 GA|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-GA/}}<br />
<br />
Above URLs provide both "YUM" and old style "YAST" repositories and can be added by the YAST Installation Sources module, zypper or smart.<br />
<br />
Starting with openSUSE 11.3 there is a 64-bit Wine version, with a 32-bit compatibility package. Installing <code>wine</code> with your package manager will do the right thing and the 64bit version can run 32bit binaries just fine.<br />
<br />
Following packages are available:<br />
* wine: Builds of the biweekly WINE snapshot releases. This is the recommended version for most users.<br />
* wine-staging: Builds of Wine + Staging patchset, which brings lot of experimental improvements that are prepared for the regular Wine.<br />
* wine-snapshot: Daily builds of the current WINE GIT state. Only for the experienced user, can potentially be broken!<br />
<br />
The SUSE Wine packages are maintained by [[User:Msmeissn|Marcus]], [mailto:meissner@suse.de here to send e-mail]<br />
<br />
== Utilities ==<br />
<br />
=== winetricks ===<br />
<br />
Winetricks a small shell program which is included in the above packages. Just start <code>winetricks</code>.<br />
It will open a dialog offering to automatically download and install various common programs like Win32 Firefox,<br />
Apple QuickTime / iTunes, multimedia codecs, various truetype fonts, and also helper runtime dlls like the Visual C runtimes.<br />
<br />
The snapshot packages always contain the latest <code>winetricks</code>, a description can be found [http://wiki.winehq.org/winetricks here].<br />
<br />
=== Wine Doors ===<br />
[http://www.wine-doors.org/ Wine Doors] is a menu driven installer for standard Windows components, with option of downloading components.<br />
<br />
Wine Doors is in the <code>wine-doors</code> package in above repositories.<br />
<br />
=== Internet Explorer on Wine ===<br />
<br />
As a frequently asked question, how to install Internet Explorer on Wine ... <br />
<br />
Run:<br />
<br />
{{Shell|winetricks ie6}}<br />
<br />
(for IE 6) or<br />
<br />
{{Shell|winetricks ie7}}<br />
(for IE7).<br />
<br />
(In former times there was a tool called "ies4linux", but this script is not maintained nor working anymore with current Wine.)<br />
<br />
=== Picasa ===<br />
Google Labs ported the Picasa2 photo organizer through its own implementation of Wine.<br /><br />
This installation is now deprecated, one could instead install Picasa 3.9 thorough Wine. In this case it appears that [[#Internet Explorer on Wine|Internet Explorer 6]] should be installed, in order to have full functionality in Linux.<br />
<br />
== Source ==<br />
The possibility to install from source is also an option. This is usually needed only if you are debugging Wine, or if you want to compile an older separate version of wine for different programs.<br />
<br />
=== Building on x86 (32bit) ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel, giflib-devel, liblcms-devel, libxslt-devel, Mesa-devel, libpng-devel, libxml2-devel, freeglut-devel, zlib-devel, glibc-devel, fontconfig-devel, xorg-x11-devel, libjpeg-devel, unixODBC-devel, freetype2-devel, openssl-devel, openldap2-devel<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine>}}<br />
<br />
=== 64-bit ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel-32bit, giflib-devel-32bit, liblcms-devel-32bit, <br />
libxslt-devel-32bit, Mesa-devel-32bit, libpng-devel-32bit, libxml2-devel-32bit, freeglut-devel-32bit, <br />
zlib-devel-32bit, glibc-devel-32bit, fontconfig-devel-32bit, xorg-x11-devel-32bit, xorg-x11-libXext-32bit, <br />
xorg-x11-libXp-32bit, xorg-x11-libXt-32bit, capi4linux-32bit, xorg-x11-libICE-32bit, xorg-x11-libXext-devel-32bit, sane-32bit, cups-libs-32bit, libjpeg-devel-32bit, unixODBC-devel-32bit, freetype2-devel-32bit, openssl-devel-32bit, openldap2-devel-32bit, freetype2-devel-32bit, hal-32bit, hal-devel, <br />
<br />
{{Info|This list may not contain every requirement and may vary between openSUSE versions.}}<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine> --x-libraries{{=}}/usr/X11R6/lib --x-includes{{=}}/usr/include/X11/ --with-x}}<br />
<br />
== Configuration ==<br />
Wine is configured by typing <code>winecfg</code> on the command line. This will map all drives for wine and create a .wine on your home folder the first time it's run and then open the Wine configuration dialog. It's recommended that you eject all removable drives before running <code>winecfg</code> as these may confuse the installation.<br />
<br />
The file user.reg inside the .wine folder controls wine's appearance.<br />
<br />
Here is a "How to" by minio that shows how to make wine look more like the GTK industrial theme: http://ubuntuforums.org/showthread.php?t=55286 <br />
<br />
Sometimes, an application can depend on a Windows font that is not directly available by wine; it will then use to alphabetically the first font available, which might be some obscure fixed-space font, hebrew font or something. Try to<br />
{{Shell|cp /usr/share/wine/fonts/* ~/.wine/drive_c/windows/fonts/}}<br />
in case you hit this problem.<br />
<br />
===Configuration of Windows programs===<br />
If you run Wine from a terminal command line you will get an idea of how often calls are failing, even when the program runs.<br />
<br />
Check http://bugs.winehq.org/ for solutions.<br />
<br />
Wine Doors might help as you can load some extra microsoft dlls but will change the configuration quite markedly.<br />
<br />
====ChemSketch====<br />
[[SDB:ChemSketch with wine|ChemSketch]] (version 12 and before) has a windowing bug which means set up is slightly challenging, although it may seem to have worked fine the first time on a KDE session. After this ChemSketch and associated programs are unusable with a hidden window unless you take the steps in [[SDB:ChemSketch with wine]].<br />
<br />
[[Category:Emulators]]<br />
<br />
[[de:Wine]]<br />
[[es:Wine]]<br />
[[fr:Wine]]<br />
[[it:Wine]]<br />
[[ru:Wine]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Wine&diff=126340Wine2018-05-29T08:47:19Z<p>Msmeissn: added 15.0</p>
<hr />
<div>{{Intro|[http://www.winehq.org/ Wine] is an open-source implementation of Windows API for Linux. This enables you to run your favorite Windows programs on Linux.<br />
<br />
Wine makes Linux "pose" as Windows. Unlike VMWare, Xen and others which pretend to be a computer, on which you then run the real Microsoft Windows as you would on a physical machine, Wine instead just pretends to be Windows, by offering applications the Windows API and functions they use, and mapping them to the corresponding Linux API.<br />
<br />
Given that Wine pretends to be Windows, and Windows is complex and convoluted, this posing works only to a certain degree, and varies a lot depending on which Windows application you use, which functions it uses and how complete the Wine implementation is. You can check the [http://appdb.winehq.org/ Wine Application Database] for other people's experiences with your application.<br />
Both regular office apps and games are supported by the standard Open-Source Wine shipped with openSUSE.<br />
There are also some non-free versions of Wine which support other applications.}}<br />
<br />
__TOC__<br />
<br />
== Use ==<br />
<br />
Of course, Wine needs to be installed, see Repositories below.<br />
<br />
To use the Windows program, first Linux needs to have access to it. The preferred (more reliable and secure) way is to install it from the Windows program's installation CD, by running the setup.exe with Wine, i.e. when openSUSE recognizes the inserted CD and opens it in Konqueror, you just click on setup.exe.<br />
<br />
By default, the emulated drive C: will be a directory on the Linux partition, and you can install your program there. You don't need to have Microsoft Windows installed nor to access any possibly existing Windows partition.<br />
<br />
Afterwards, you start the program via one of the ways listed below.<br />
<br />
=== From Konqueror/Nautilus ===<br />
<br />
You should be able to just click on a Windows .exe file in your file manager (e.g. Konqueror). That should start the program in Wine (TODO verify common file managers).<br />
<br />
CDs that you insert should appear under /media/, and the C: drive in Wine is mapped by default to <code>~/.wine/drive_c/</code> - paste that in your Konqueror address bar and make a bookmark.<br />
<br />
=== From shell ===<br />
<br />
If you open a [[SDB:What_is_a_console|terminal]] (e.g. Konsole or Gnome Terminal), you can also type <code>wine "<i>/media/dvd/setup.exe</i>"</code> or <code>wine "<i>/media/c/Program Files/Mozilla Firefox/firefox.exe</i>"</code>, where the <i>italics</i> part is the path to the program you want to start, and it depends on your system and your application. The quotes are needed if you have spaces in the pathname.<br />
<br />
=== From start menu ===<br />
<br />
Most Windows programs will create menu and desktop entries during their installation and these will show up in either the GNOME or KDE start menus somewhere.<br />
<br />
If you want to have an entry for the program in your start / KDE / SuSE menu, you can open the menu folder where want to place it, then click the right mouse button for the context menu, and select "Edit menu". You should see an application "KDE menu editor" opening. Click File | New element..., enter a name and description for it, and enter as "command" the same command as described under "From shell" above. Test the command in a shell first before adding it to the menu.<br />
<br />
== Commercial Wine versions ==<br />
<br />
You can just install the Open-Source Wine for SUSE - see below. There are also two commercial products based to a large part on Wine: Crossover Office and Cedega. Both have made changes to Wine to improve the execution of some specific applications on which they concentrate. You should check their list of supported applications.<br />
<br />
Crossover Office (from [http://www.codeweavers.com CodeWeavers]) supports use of some office software like MS Office and Adobe Photoshop on Linux. See the [http://www.codeweavers.com/compatibility/search Compatibility list]. There also is Crossover Games focusing on games.<br />
<br />
== Repositories ==<br />
<br />
WINE is available for all openSUSE versions on the standard installation.<br />
<br />
Up to date Wine RPMs are available from:<br />
<br />
<br />
{{Version note|Factory|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Factory/}}<br />
{{Version note|Tumbleweed|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/}}<br />
{{Version note|Leap 15.0|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_15.0/}}<br />
{{Version note|Leap 42.3|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.3/}}<br />
{{Version note|Leap 42.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.2/}}<br />
{{Version note|Leap 42.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.1/}}<br />
{{Version note|13.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.2/}}<br />
{{Version note|13.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.1/}}<br />
{{Version note|12.3|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_12.3/}}<br />
{{Version note|12.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_12.2/}}<br />
{{Version note|SLE 12 SP2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP2/}}<br />
{{Version note|SLE 12 SP1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP1/}}<br />
{{Version note|SLE 12 GA|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-GA/}}<br />
<br />
Above URLs provide both "YUM" and old style "YAST" repositories and can be added by the YAST Installation Sources module, zypper or smart.<br />
<br />
Up to openSUSE 11.2 on AMD64 and EM64T systems the i586 packages are supposed to be used, since a 32bit WINE version is required to run Win32 binaries at this time.<br />
Starting with openSUSE 11.3 there is a 64bit Wine version, with a 32bit compatibility package. Installing <code>wine</code> with your package manager will do the right thing and the 64bit version can run 32bit binaries just fine.<br />
<br />
Following packages are available:<br />
* wine: Builds of the biweekly WINE snapshot releases. This is the recommended version for most users.<br />
* wine-staging: Builds of Wine + Staging patchset, which brings lot of experimental improvements that are prepared for the regular Wine.<br />
* wine-snapshot: Daily builds of the current WINE GIT state. Only for the experienced user, can potentially be broken!<br />
<br />
The SUSE Wine packages are maintained by [[User:Msmeissn|Marcus]], [mailto:meissner@suse.de here to send e-mail]<br />
<br />
== Utilities ==<br />
<br />
=== winetricks ===<br />
<br />
Winetricks a small shell program which is included in the above packages. Just start <code>winetricks</code>.<br />
It will open a dialog offering to automatically download and install various common programs like Win32 Firefox,<br />
Apple QuickTime / iTunes, multimedia codecs, various truetype fonts, and also helper runtime dlls like the Visual C runtimes.<br />
<br />
The snapshot packages always contain the latest <code>winetricks</code>, a description can be found [http://wiki.winehq.org/winetricks here].<br />
<br />
=== Wine Doors ===<br />
[http://www.wine-doors.org/ Wine Doors] is a menu driven installer for standard Windows components, with option of downloading components.<br />
<br />
Wine Doors is in the <code>wine-doors</code> package in above repositories.<br />
<br />
=== Internet Explorer on Wine ===<br />
<br />
As a frequently asked question, how to install Internet Explorer on Wine ... <br />
<br />
Run:<br />
<br />
{{Shell|winetricks ie6}}<br />
<br />
(for IE 6) or<br />
<br />
{{Shell|winetricks ie7}}<br />
(for IE7).<br />
<br />
(In former times there was a tool called "ies4linux", but this script is not maintained nor working anymore with current Wine.)<br />
<br />
=== Picasa ===<br />
Google Labs ported the Picasa2 photo organizer through its own implementation of Wine.<br /><br />
This installation is now deprecated, one could instead install Picasa 3.9 thorough Wine. In this case it appears that [[#Internet Explorer on Wine|Internet Explorer 6]] should be installed, in order to have full functionality in Linux.<br />
<br />
== Source ==<br />
The possibility to install from source is also an option. This is usually needed only if you are debugging Wine, or if you want to compile an older separate version of wine for different programs.<br />
<br />
=== Building on x86 (32bit) ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel, giflib-devel, liblcms-devel, libxslt-devel, Mesa-devel, libpng-devel, libxml2-devel, freeglut-devel, zlib-devel, glibc-devel, fontconfig-devel, xorg-x11-devel, libjpeg-devel, unixODBC-devel, freetype2-devel, openssl-devel, openldap2-devel<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine>}}<br />
<br />
=== 64-bit ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel-32bit, giflib-devel-32bit, liblcms-devel-32bit, <br />
libxslt-devel-32bit, Mesa-devel-32bit, libpng-devel-32bit, libxml2-devel-32bit, freeglut-devel-32bit, <br />
zlib-devel-32bit, glibc-devel-32bit, fontconfig-devel-32bit, xorg-x11-devel-32bit, xorg-x11-libXext-32bit, <br />
xorg-x11-libXp-32bit, xorg-x11-libXt-32bit, capi4linux-32bit, xorg-x11-libICE-32bit, xorg-x11-libXext-devel-32bit, sane-32bit, cups-libs-32bit, libjpeg-devel-32bit, unixODBC-devel-32bit, freetype2-devel-32bit, openssl-devel-32bit, openldap2-devel-32bit, freetype2-devel-32bit, hal-32bit, hal-devel, <br />
<br />
{{Info|This list may not contain every requirement and may vary between openSUSE versions.}}<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine> --x-libraries{{=}}/usr/X11R6/lib --x-includes{{=}}/usr/include/X11/ --with-x}}<br />
<br />
== Configuration ==<br />
Wine is configured by typing <code>winecfg</code> on the command line. This will map all drives for wine and create a .wine on your home folder the first time it's run and then open the Wine configuration dialog. It's recommended that you eject all removable drives before running <code>winecfg</code> as these may confuse the installation.<br />
<br />
The file user.reg inside the .wine folder controls wine's appearance.<br />
<br />
Here is a "How to" by minio that shows how to make wine look more like the GTK industrial theme: http://ubuntuforums.org/showthread.php?t=55286 <br />
<br />
Sometimes, an application can depend on a Windows font that is not directly available by wine; it will then use to alphabetically the first font available, which might be some obscure fixed-space font, hebrew font or something. Try to<br />
{{Shell|cp /usr/share/wine/fonts/* ~/.wine/drive_c/windows/fonts/}}<br />
in case you hit this problem.<br />
<br />
===Configuration of Windows programs===<br />
If you run Wine from a terminal command line you will get an idea of how often calls are failing, even when the program runs.<br />
<br />
Check http://bugs.winehq.org/ for solutions.<br />
<br />
Wine Doors might help as you can load some extra microsoft dlls but will change the configuration quite markedly.<br />
<br />
====ChemSketch====<br />
[[SDB:ChemSketch with wine|ChemSketch]] (version 12 and before) has a windowing bug which means set up is slightly challenging, although it may seem to have worked fine the first time on a KDE session. After this ChemSketch and associated programs are unusable with a hidden window unless you take the steps in [[SDB:ChemSketch with wine]].<br />
<br />
[[Category:Emulators]]<br />
<br />
[[de:Wine]]<br />
[[es:Wine]]<br />
[[fr:Wine]]<br />
[[it:Wine]]<br />
[[ru:Wine]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_source_verification&diff=125058openSUSE:Package source verification2018-04-27T08:51:46Z<p>Msmeissn: /* Creating a .keyring file */</p>
<hr />
<div>{{Packaging_docnav}}<br />
= Package Source Verification =<br />
== Why ==<br />
<br />
The Open Build Service and the openSUSE distribution projects (Tumbleweed and Leap) are made of thousands of packages from numerous upstream sites.<br />
<br />
Generally, software is packaged in "good faith", relying on the upstream not to add malicious code in their software releases. However, occasionally there have been hackers trying to backdoor released software tarballs.<br />
<br />
As during the regular package integration of packages it is very hard and even impossible for us to review all the changes in upstream tarballs, we want to rely on some form of integrity guarantee from the upstream communities. The most suitable established process on relying is signing the released tarballs using GPG (GNU Pretty Good Privacy).<br />
<br />
A large number of projects already do so to provide us with an established means to automatically check these signatures.<br />
<br />
== Source including verification ==<br />
<br />
The GPG signature and the GPG keyring is included alongside the source package, and listed in its sources.<br />
<br />
So looking at GNU Hello (RPM package "hello"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz<br />
Source1: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz.sig<br />
Source2: %{name}.keyring<br />
<br />
The source URL given must be valid and the file must also be included as a local copy in the OBS repository. This is because when the package is submitted to Factory, the source files will be downloaded again and verified against the uploaded version.<br />
<br />
If you wish to rename a source file, use the following URL syntax (where the file is uploaded to OBS as "some-other-name-%{version}.tar.gz"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz#/some-other-name-%{version}.tar.gz<br />
<br />
== Source without verification ==<br />
<br />
If the source URL no longer exists (is "dead") or the tarball has to be modified before uploading for some reason, just list the name of the package in the "Source:" tag. Make sure to leave a comment about where you last retrieved the file from or how to recreate the modified tarball.<br />
<br />
# URL no longer exists, last downloaded from http://example.com/mypackage-v0.5.9.tar.xz on 22 Nov 2016<br />
Source: mypackage-v%{version}.tar.xz<br />
<br />
== Creating a .keyring file ==<br />
<br />
In order to create a keyring file, you must have imported the public key that corresponds to the key used to sign the release.<br />
<br />
The keyring should be retrieved from a reliable source (usually from the website). If possible, comment the URL where you got it from, placing it above the Source line in the .spec file.<br />
<br />
You can also verify if the key is in the GPG web of trust and chain to more accounts, although this is usually lacking.<br />
<br />
It is '''very''' important that this key comes from a trusted source and is not a malicious key -- please use due diligence in verifying this.<br />
<br />
Any changes to the keyring should be documented in the .changes file of the package to avoid replacement with bad keys.<br />
<br />
The keyring file can just be whatever GPG could import, like an exported public keyring. The commong '''mypackage.asc''' can<br />
just be copied to the '''mypackage.keyring''' as-is.<br />
<br />
If possible use the exact copy from the software provider, and specify the download URL or location in the spec file, similar to the Sources tag.<br />
<br />
If you are downloading the public key from a GPG keyserver, verify that it really is the correct key and then use '''gpg --export -a KEYID > mypackage.keyring'''<br />
<br />
== Validating signature in source tag (recommended) ==<br />
<br />
As the method during build takes time to check and also pulls in GnuPG in the build dependencies, we have implemented<br />
the checking of the signatures in the "source_validator" service (in the "obs-service-source_validator" RPM).<br />
<br />
This service is not just run during package check in, but also by the factory bot checking scripts. The script<br />
checks the signatures against the %name.keyring file in the source directory. It can handle .asc and .sig(n) extensions of the tarballs.<br />
<br />
If the signature does not validate, the checkin or the submission will be declined.<br />
<br />
You can run it locally on your submissions using:<br />
<br />
osc service localrun source_validator<br />
<br />
The code lives in the obs-service-source_validator RPM package, in the script /usr/lib/obs/service/source_validators/20-files-present-and-referenced.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_source_verification&diff=125056openSUSE:Package source verification2018-04-27T08:50:51Z<p>Msmeissn: /* Creating a .keyring file */</p>
<hr />
<div>{{Packaging_docnav}}<br />
= Package Source Verification =<br />
== Why ==<br />
<br />
The Open Build Service and the openSUSE distribution projects (Tumbleweed and Leap) are made of thousands of packages from numerous upstream sites.<br />
<br />
Generally, software is packaged in "good faith", relying on the upstream not to add malicious code in their software releases. However, occasionally there have been hackers trying to backdoor released software tarballs.<br />
<br />
As during the regular package integration of packages it is very hard and even impossible for us to review all the changes in upstream tarballs, we want to rely on some form of integrity guarantee from the upstream communities. The most suitable established process on relying is signing the released tarballs using GPG (GNU Pretty Good Privacy).<br />
<br />
A large number of projects already do so to provide us with an established means to automatically check these signatures.<br />
<br />
== Source including verification ==<br />
<br />
The GPG signature and the GPG keyring is included alongside the source package, and listed in its sources.<br />
<br />
So looking at GNU Hello (RPM package "hello"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz<br />
Source1: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz.sig<br />
Source2: %{name}.keyring<br />
<br />
The source URL given must be valid and the file must also be included as a local copy in the OBS repository. This is because when the package is submitted to Factory, the source files will be downloaded again and verified against the uploaded version.<br />
<br />
If you wish to rename a source file, use the following URL syntax (where the file is uploaded to OBS as "some-other-name-%{version}.tar.gz"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz#/some-other-name-%{version}.tar.gz<br />
<br />
== Source without verification ==<br />
<br />
If the source URL no longer exists (is "dead") or the tarball has to be modified before uploading for some reason, just list the name of the package in the "Source:" tag. Make sure to leave a comment about where you last retrieved the file from or how to recreate the modified tarball.<br />
<br />
# URL no longer exists, last downloaded from http://example.com/mypackage-v0.5.9.tar.xz on 22 Nov 2016<br />
Source: mypackage-v%{version}.tar.xz<br />
<br />
== Creating a .keyring file ==<br />
<br />
In order to create a keyring file, you must have imported the public key that corresponds to the key used to sign the release.<br />
<br />
The keyring should be retrieved from a reliable source (usually from the website). If possible, comment the URL where you got it from, placing it above the Source line in the .spec file.<br />
<br />
You can also verify if the key is in the GPG web of trust and chain to more accounts, although this is usually lacking.<br />
<br />
It is '''very''' important that this key comes from a trusted source and is not a malicious key -- please use due diligence in verifying this.<br />
<br />
Any changes to the keyring should be documented in the .changes file of the package to avoid replacement with bad keys.<br />
<br />
The keyring file can just be whatever GPG could import, like an exported public keyring. The commong "foo.asc" can<br />
just be copied to the .keyring as-is.<br />
<br />
If possible use the exact copy from the software provider, and specify the download URL or location in the spec file, similar to the Sources tag.<br />
<br />
If you are downloading from a keyserver, use '''gpg --export -a KEYID > foo.keyring'''<br />
<br />
== Validating signature in source tag (recommended) ==<br />
<br />
As the method during build takes time to check and also pulls in GnuPG in the build dependencies, we have implemented<br />
the checking of the signatures in the "source_validator" service (in the "obs-service-source_validator" RPM).<br />
<br />
This service is not just run during package check in, but also by the factory bot checking scripts. The script<br />
checks the signatures against the %name.keyring file in the source directory. It can handle .asc and .sig(n) extensions of the tarballs.<br />
<br />
If the signature does not validate, the checkin or the submission will be declined.<br />
<br />
You can run it locally on your submissions using:<br />
<br />
osc service localrun source_validator<br />
<br />
The code lives in the obs-service-source_validator RPM package, in the script /usr/lib/obs/service/source_validators/20-files-present-and-referenced.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_source_verification&diff=125054openSUSE:Package source verification2018-04-27T08:49:27Z<p>Msmeissn: remove gpg-offline</p>
<hr />
<div>{{Packaging_docnav}}<br />
= Package Source Verification =<br />
== Why ==<br />
<br />
The Open Build Service and the openSUSE distribution projects (Tumbleweed and Leap) are made of thousands of packages from numerous upstream sites.<br />
<br />
Generally, software is packaged in "good faith", relying on the upstream not to add malicious code in their software releases. However, occasionally there have been hackers trying to backdoor released software tarballs.<br />
<br />
As during the regular package integration of packages it is very hard and even impossible for us to review all the changes in upstream tarballs, we want to rely on some form of integrity guarantee from the upstream communities. The most suitable established process on relying is signing the released tarballs using GPG (GNU Pretty Good Privacy).<br />
<br />
A large number of projects already do so to provide us with an established means to automatically check these signatures.<br />
<br />
== Source including verification ==<br />
<br />
The GPG signature and the GPG keyring is included alongside the source package, and listed in its sources.<br />
<br />
So looking at GNU Hello (RPM package "hello"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz<br />
Source1: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz.sig<br />
Source2: %{name}.keyring<br />
<br />
The source URL given must be valid and the file must also be included as a local copy in the OBS repository. This is because when the package is submitted to Factory, the source files will be downloaded again and verified against the uploaded version.<br />
<br />
If you wish to rename a source file, use the following URL syntax (where the file is uploaded to OBS as "some-other-name-%{version}.tar.gz"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz#/some-other-name-%{version}.tar.gz<br />
<br />
== Source without verification ==<br />
<br />
If the source URL no longer exists (is "dead") or the tarball has to be modified before uploading for some reason, just list the name of the package in the "Source:" tag. Make sure to leave a comment about where you last retrieved the file from or how to recreate the modified tarball.<br />
<br />
# URL no longer exists, last downloaded from http://example.com/mypackage-v0.5.9.tar.xz on 22 Nov 2016<br />
Source: mypackage-v%{version}.tar.xz<br />
<br />
== Creating a .keyring file ==<br />
<br />
In order to create a keyring file, you must have imported the public key that corresponds to the key used to sign the release.<br />
<br />
The keyring should be retrieved from a reliable source (usually from the website). If possible, comment the URL where you got it from, placing it above the Source line in the .spec file.<br />
<br />
You can also verify if the key is in the GPG web of trust and chain to more accounts, although this is usually lacking.<br />
<br />
It is '''very''' important that this key comes from a trusted source and is not a malicious key -- please use due diligence in verifying this.<br />
<br />
Any changes to the keyring should be documented in the .changes file of the package to avoid replacement with bad keys.<br />
<br />
The keyring file can just be whatever GPG could import, like an exported public keyring. The commong "foo.asc" can<br />
just be copied to the .keyring as-is.<br />
<br />
If possible use the exact copy from the software provider, and specify the download URL or location in the spec file, similar to the Sources tag.<br />
<br />
== Validating signature in source tag (recommended) ==<br />
<br />
As the method during build takes time to check and also pulls in GnuPG in the build dependencies, we have implemented<br />
the checking of the signatures in the "source_validator" service (in the "obs-service-source_validator" RPM).<br />
<br />
This service is not just run during package check in, but also by the factory bot checking scripts. The script<br />
checks the signatures against the %name.keyring file in the source directory. It can handle .asc and .sig(n) extensions of the tarballs.<br />
<br />
If the signature does not validate, the checkin or the submission will be declined.<br />
<br />
You can run it locally on your submissions using:<br />
<br />
osc service localrun source_validator<br />
<br />
The code lives in the obs-service-source_validator RPM package, in the script /usr/lib/obs/service/source_validators/20-files-present-and-referenced.</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_source_verification&diff=125052openSUSE:Package source verification2018-04-27T08:49:10Z<p>Msmeissn: /* Creating a .keyring file */</p>
<hr />
<div>{{Packaging_docnav}}<br />
= Package Source Verification =<br />
== Why ==<br />
<br />
The Open Build Service and the openSUSE distribution projects (Tumbleweed and Leap) are made of thousands of packages from numerous upstream sites.<br />
<br />
Generally, software is packaged in "good faith", relying on the upstream not to add malicious code in their software releases. However, occasionally there have been hackers trying to backdoor released software tarballs.<br />
<br />
As during the regular package integration of packages it is very hard and even impossible for us to review all the changes in upstream tarballs, we want to rely on some form of integrity guarantee from the upstream communities. The most suitable established process on relying is signing the released tarballs using GPG (GNU Pretty Good Privacy).<br />
<br />
A large number of projects already do so to provide us with an established means to automatically check these signatures.<br />
<br />
== Source including verification ==<br />
<br />
The GPG signature and the GPG keyring is included alongside the source package, and listed in its sources.<br />
<br />
So looking at GNU Hello (RPM package "hello"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz<br />
Source1: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz.sig<br />
Source2: %{name}.keyring<br />
<br />
The source URL given must be valid and the file must also be included as a local copy in the OBS repository. This is because when the package is submitted to Factory, the source files will be downloaded again and verified against the uploaded version.<br />
<br />
If you wish to rename a source file, use the following URL syntax (where the file is uploaded to OBS as "some-other-name-%{version}.tar.gz"):<br />
<br />
Source0: http://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz#/some-other-name-%{version}.tar.gz<br />
<br />
== Source without verification ==<br />
<br />
If the source URL no longer exists (is "dead") or the tarball has to be modified before uploading for some reason, just list the name of the package in the "Source:" tag. Make sure to leave a comment about where you last retrieved the file from or how to recreate the modified tarball.<br />
<br />
# URL no longer exists, last downloaded from http://example.com/mypackage-v0.5.9.tar.xz on 22 Nov 2016<br />
Source: mypackage-v%{version}.tar.xz<br />
<br />
== Creating a .keyring file ==<br />
<br />
In order to create a keyring file, you must have imported the public key that corresponds to the key used to sign the release.<br />
<br />
The keyring should be retrieved from a reliable source (usually from the website). If possible, comment the URL where you got it from, placing it above the Source line in the .spec file.<br />
<br />
You can also verify if the key is in the GPG web of trust and chain to more accounts, although this is usually lacking.<br />
<br />
It is '''very''' important that this key comes from a trusted source and is not a malicious key -- please use due diligence in verifying this.<br />
<br />
Any changes to the keyring should be documented in the .changes file of the package to avoid replacement with bad keys.<br />
<br />
The keyring file can just be whatever GPG could import, like an exported public keyring. The commong "foo.asc" can<br />
just be copied to the .keyring as-is.<br />
<br />
If possible use the exact copy from the software provider, and specify the download URL or location in the spec file, similar to the Sources tag.<br />
<br />
== Validating signature in source tag (recommended) ==<br />
<br />
As the method during build takes time to check and also pulls in GnuPG in the build dependencies, we have implemented<br />
the checking of the signatures in the "source_validator" service (in the "obs-service-source_validator" RPM).<br />
<br />
This service is not just run during package check in, but also by the factory bot checking scripts. The script<br />
checks the signatures against the %name.keyring file in the source directory. It can handle .asc and .sig(n) extensions of the tarballs.<br />
<br />
If the signature does not validate, the checkin or the submission will be declined.<br />
<br />
You can run it locally on your submissions using:<br />
<br />
osc service localrun source_validator<br />
<br />
The code lives in the obs-service-source_validator RPM package, in the script /usr/lib/obs/service/source_validators/20-files-present-and-referenced.<br />
<br />
=== Previous method (DO NOT USE) === <br />
<br />
'''This method is obsolete and is only provided for reference.'''<br />
<br />
Originally, verification was performed using an explicit call to the %gpg_verify macro.<br />
<br />
In the GNU hello case you would use:<br />
<br />
BuildRequires: gpg-offline<br />
<br />
and in the %prep phase:<br />
<br />
%gpg_verify %{SOURCE1}<br />
<br />
Where %SOURCE0 has to be the signature file. The program looks for the %name.keyring file to locally verify the signature during build. If the signature does not validate, the build will fail.<br />
<br />
The code and macro can be found in the gpg-offline package.<br />
<br />
[[Category:Packaging]]<br />
[[Category:Packaging documentation]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Security_Features&diff=119714openSUSE:Security Features2017-06-19T07:28:33Z<p>Msmeissn: /* Compiler and Toolchain */</p>
<hr />
<div>{{Security navbar}}<br />
{{Intro|Various security features are included in the openSUSE distribution.}}<br />
<br />
== Compiler and Toolchain ==<br />
<br />
* glibc malloc heap corruption checking to avoid double-free and similar attacks. These checks have existed in glibc for several years now and are active for all our distributions starting with SUSE Linux Enterprise Server 9.<br />
* The "Fortify Source" extensions in gcc and glibc are enabled for all packages by default (using -D_FORTIFY_SOURCE=2) since SUSE Linux 10.0 and SUSE Linux Enterprise 10. This extension brings:<br />
** Compile buffer overflow checking for various C string / memory functions. On a overflow of a buffer that is already provable at compile time a warning is emitted by the compiler and caught by our build processes.<br />
** Runtime buffer overflow checking for the C string / memory functions for destination buffers whose size is known at compile time. An overflow here triggers a controlled abort of the program. <br />
** Exploitation of format string problems trigger a controlled abort of the program.<br />
** Specific warnings on missing return value checks of dangerous library functions.<br />
* Runtime stack overflow checking using -fstack-protector is used in some critical packages in SUSE Linux 10.1 and SUSE Linux Enterprise 10 and enabled by default for all packages starting with openSUSE 10.2.<br />
* Marking stack and heap non-executable to make NX possible is done for nearly all packages for some time now.<br />
* -z relro is enabled by default since SUSE Linux 10.1, which makes attacks on specific ELF sections no longer work.<br />
* While a number of selected binaries were built as Position Independend Executables (PIE) for a while, on May 2017 Tumbleweed was switched to enabling PIE per default for all binaries.<br />
<br />
----<br />
<br />
== Kernel ==<br />
* Hardware based NX (No eXecute, also known as DEP) support is enabled for Stack and Heap since SUSE Linux Enterprise Server 9 on:<br />
** all AMD64/EM64T processors.<br />
** on x86 machines using the "bigsmp" or "pae" kernel and the processor being able to support the NX bit.<br />
* We do not include Software NX at this time, since it is not in the mainline kernel and likely never will be.<br />
<br />
* Address Space Randomization is used for the stack and library mappings since SUSE Linux Enterprise 10 and SUSE Linux 10.1.<br />
* Address Space Randomization for PIE binaries and their heaps since openSUSE 11.1 and SUSE Linux Enterprise 11. (randomize_va_space=1)<br />
* Address Space Randomization for binaries seperated from heaps and for the VDSO segment starting with openSUSE 12.2. (COMPAT_VDSO and COMPAT_BRK turned off, randomize_va_space=2)<br />
<br />
<br />
* "ExecShield" and "PAX" contain several features including the ones listed above. This means that we implement parts of the "ExecShield" and "PAX" functions already at this time.<br />
<br />
----<br />
<br />
== AppArmor ==<br />
We included the Mandatory Access Control System [[SDB:AppArmor|AppArmor]] to confine potentially endangered applications.<br />
<br />
SELinux is enabled in the kernel, though there is no default policy provided.<br />
<br />
----<br />
<br />
== Firewall ==<br />
Since SUSE Linux 9.3 the iptables based [[SuSEfirewall2]] is enabled by default, including a very restrictive inbound filtering.<br />
<br />
nftables is available for installation starting with 13.2 onwards.<br />
<br />
----<br />
== Software choice ==<br />
We chose to run only a minimal set of daemons in the default configuration. Only the following are listening<br />
to the network:<br />
* SSH daemon<br />
* portmap daemon<br />
* avahi/mDNSResponder<br />
* cups print server<br />
<br />
All of them are blocked by the firewall by default though.<br />
<br />
----<br />
== setuid binaries ==<br />
Setuid/setgid binaries are:<br />
* kept to a minimum. We try to replace them by more secure methods of user - root privilege passing or even get rid of them at all.<br />
* new ones are required to be source audited by the [[openSUSE:Security_team|Security Team]], old ones are audited again after some time.<br />
<br />
----<br />
== Source code audits ==<br />
System services, setuid binaries, PAM modules, DBUS Services and other security relevant software is audited by the security team and the findings reported to the upstream maintainers and fixed.<br />
<br />
----<br />
== Misc <br />
<br />
crypt(3) algorithm: DES until ..., Blowfish since ..., SHA512 since ...<br />
<br />
[[Category:Security]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Wine&diff=118889Wine2017-02-13T08:29:51Z<p>Msmeissn: added 42.2, remove sle11 as non-building ... added wine-0staging</p>
<hr />
<div>{{Intro|[http://www.winehq.org/ Wine] is an open-source implementation of Windows API for Linux. This enables you to run your favorite Windows programs on Linux.<br />
<br />
Wine makes Linux "pose" as Windows. Unlike VMWare, Xen and others which pretend to be a computer, on which you then run the real Microsoft Windows as you would on a physical machine, Wine instead just pretends to be Windows, by offering applications the Windows API and functions they use, and mapping them to the corresponding Linux API.<br />
<br />
Given that Wine pretends to be Windows, and Windows is complex and convoluted, this posing works only to a certain degree, and varies a lot depending on which Windows application you use, which functions it uses and how complete the Wine implementation is. You can check the [http://appdb.winehq.org/ Wine Application Database] for other people's experiences with your application.<br />
Both regular office apps and games are supported by the standard Open-Source Wine shipped with openSUSE.<br />
There are also some non-free versions of Wine which support other applications.}}<br />
<br />
__TOC__<br />
<br />
== Use ==<br />
<br />
Of course, Wine needs to be installed, see Repositories below.<br />
<br />
To use the Windows program, first Linux needs to have access to it. The preferred (more reliable and secure) way is to install it from the Windows program's installation CD, by running the setup.exe with Wine, i.e. when openSUSE recognizes the inserted CD and opens it in Konqueror, you just click on setup.exe.<br />
<br />
By default, the emulated drive C: will be a directory on the Linux partition, and you can install your program there. You don't need to have Microsoft Windows installed nor to access any possibly existing Windows partition.<br />
<br />
Afterwards, you start the program via one of the ways listed below.<br />
<br />
=== From Konqueror/Nautilus ===<br />
<br />
You should be able to just click on a Windows .exe file in your file manager (e.g. Konqueror). That should start the program in Wine (TODO verify common file managers).<br />
<br />
CDs that you insert should appear under /media/, and the C: drive in Wine is mapped by default to <code>~/.wine/drive_c/</code> - paste that in your Konqueror address bar and make a bookmark.<br />
<br />
=== From shell ===<br />
<br />
If you open a [[SDB:What_is_a_console|terminal]] (e.g. Konsole or Gnome Terminal), you can also type <code>wine "<i>/media/dvd/setup.exe</i>"</code> or <code>wine "<i>/media/c/Program Files/Mozilla Firefox/firefox.exe</i>"</code>, where the <i>italics</i> part is the path to the program you want to start, and it depends on your system and your application. The quotes are needed if you have spaces in the pathname.<br />
<br />
=== From start menu ===<br />
<br />
Most Windows programs will create menu and desktop entries during their installation and these will show up in either the GNOME or KDE start menus somewhere.<br />
<br />
If you want to have an entry for the program in your start / KDE / SuSE menu, you can open the menu folder where want to place it, then click the right mouse button for the context menu, and select "Edit menu". You should see an application "KDE menu editor" opening. Click File | New element..., enter a name and description for it, and enter as "command" the same command as described under "From shell" above. Test the command in a shell first before adding it to the menu.<br />
<br />
== Commercial Wine versions ==<br />
<br />
You can just install the Open-Source Wine for SUSE - see below. There are also two commercial products based to a large part on Wine: Crossover Office and Cedega. Both have made changes to Wine to improve the execution of some specific applications on which they concentrate. You should check their list of supported applications.<br />
<br />
Crossover Office (from [http://www.codeweavers.com CodeWeavers]) supports use of some office software like MS Office and Adobe Photoshop on Linux. See the [http://www.codeweavers.com/compatibility/search Compatibility list]. There also is Crossover Games focusing on games.<br />
<br />
Cedega (from [http://www.transgaming.com TransGaming]) can be used to play certain supported Windows based games on Linux. See the [http://games.cedega.com/gamesdb/ Cedega Games Database]. Note that both Cedega and Open-Source Wine support playing DirectX and OpenGL games, but the gaming related codebases are very different since they forked some years ago.<br />
<br />
== Repositories ==<br />
<br />
WINE is available for all openSUSE versions on the standard installation.<br />
<br />
Up to date Wine RPMs are available from:<br />
<br />
<br />
{{Version note|Factory|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Factory/}}<br />
{{Version note|Tumbleweed|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Tumbleweed/}}<br />
{{Version note|Leap 42.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.2/}}<br />
{{Version note|Leap 42.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_Leap_42.1/}}<br />
{{Version note|13.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.2/}}<br />
{{Version note|13.1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_13.1/}}<br />
{{Version note|12.3|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_12.3/}}<br />
{{Version note|12.2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/openSUSE_12.2/}}<br />
{{Version note|SLE 12 SP2|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP2/}}<br />
{{Version note|SLE 12 SP1|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-SP1/}}<br />
{{Version note|SLE 12 GA|<br><br>http://download.opensuse.org/repositories/Emulators:/Wine/SLE-12-GA/}}<br />
<br />
Above URLs provide both "YUM" and old style "YAST" repositories and can be added by the YAST Installation Sources module, zypper or smart.<br />
<br />
Up to openSUSE 11.2 on AMD64 and EM64T systems the i586 packages are supposed to be used, since a 32bit WINE version is required to run Win32 binaries at this time.<br />
Starting with openSUSE 11.3 there is a 64bit Wine version, with a 32bit compatibility package. Installing <code>wine</code> with your package manager will do the right thing and the 64bit version can run 32bit binaries just fine.<br />
<br />
Following packages are available:<br />
* wine: Builds of the biweekly WINE snapshot releases. This is the recommended version for most users.<br />
* wine-staging: Builds of Wine + Staging patchset, which brings lot of experimental improvements that are prepared for the regular Wine.<br />
* wine-snapshot: Daily builds of the current WINE GIT state. Only for the experienced user, can potentially be broken!<br />
<br />
The SUSE Wine packages are maintained by [[User:Msmeissn|Marcus]], [mailto:meissner@suse.de here to send e-mail]<br />
<br />
== Utilities ==<br />
<br />
=== winetricks ===<br />
<br />
Winetricks a small shell program which is included in the above packages. Just start <code>winetricks</code>.<br />
It will open a dialog offering to automatically download and install various common programs like Win32 Firefox,<br />
Apple QuickTime / iTunes, multimedia codecs, various truetype fonts, and also helper runtime dlls like the Visual C runtimes.<br />
<br />
The snapshot packages always contain the latest <code>winetricks</code>, a description can be found [http://wiki.winehq.org/winetricks here].<br />
<br />
=== Wine Doors ===<br />
[http://www.wine-doors.org/ Wine Doors] is a menu driven installer for standard Windows components, with option of downloading components.<br />
<br />
Wine Doors is in the <code>wine-doors</code> package in above repositories.<br />
<br />
=== Internet Explorer on Wine ===<br />
<br />
As a frequently asked question, how to install Internet Explorer on Wine ... <br />
<br />
Run:<br />
<br />
{{Shell|winetricks ie6}}<br />
<br />
(for IE 6) or<br />
<br />
{{Shell|winetricks ie7}}<br />
(for IE7).<br />
<br />
(In former times there was a tool called "ies4linux", but this script is not maintained nor working anymore with current Wine.)<br />
<br />
=== Picasa ===<br />
Google Labs ported the Picasa2 photo organizer through its own implementation of Wine.<br /><br />
This installation is now deprecated, one could instead install Picasa 3.9 thorough Wine. In this case it appears that [[#Internet Explorer on Wine|Internet Explorer 6]] should be installed, in order to have full functionality in Linux.<br />
<br />
== Source ==<br />
The possibility to install from source is also an option. This is usually needed only if you are debugging Wine, or if you want to compile an older separate version of wine for different programs.<br />
<br />
=== Building on x86 (32bit) ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel, giflib-devel, liblcms-devel, libxslt-devel, Mesa-devel, libpng-devel, libxml2-devel, freeglut-devel, zlib-devel, glibc-devel, fontconfig-devel, xorg-x11-devel, libjpeg-devel, unixODBC-devel, freetype2-devel, openssl-devel, openldap2-devel<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine>}}<br />
<br />
=== 64-bit ===<br />
Necessary RPM: gcc, make, flex, bison, ncurses-devel-32bit, giflib-devel-32bit, liblcms-devel-32bit, <br />
libxslt-devel-32bit, Mesa-devel-32bit, libpng-devel-32bit, libxml2-devel-32bit, freeglut-devel-32bit, <br />
zlib-devel-32bit, glibc-devel-32bit, fontconfig-devel-32bit, xorg-x11-devel-32bit, xorg-x11-libXext-32bit, <br />
xorg-x11-libXp-32bit, xorg-x11-libXt-32bit, capi4linux-32bit, xorg-x11-libICE-32bit, xorg-x11-libXext-devel-32bit, sane-32bit, cups-libs-32bit, libjpeg-devel-32bit, unixODBC-devel-32bit, freetype2-devel-32bit, openssl-devel-32bit, openldap2-devel-32bit, freetype2-devel-32bit, hal-32bit, hal-devel, <br />
<br />
{{Info|This list may not contain every requirement and may vary between openSUSE versions.}}<br />
<br />
Configure:<br />
{{Shell|./configure --prefix{{=}}<where to install wine> --x-libraries{{=}}/usr/X11R6/lib --x-includes{{=}}/usr/include/X11/ --with-x}}<br />
<br />
== Configuration ==<br />
Wine is configured by typing <code>winecfg</code> on the command line. This will map all drives for wine and create a .wine on your home folder the first time it's run and then open the Wine configuration dialog. It's recommended that you eject all removable drives before running <code>winecfg</code> as these may confuse the installation.<br />
<br />
The file user.reg inside the .wine folder controls wine's appearance.<br />
<br />
Here is a "How to" by minio that shows how to make wine look more like the GTK industrial theme: http://ubuntuforums.org/showthread.php?t=55286 <br />
<br />
Sometimes, an application can depend on a Windows font that is not directly available by wine; it will then use to alphabetically the first font available, which might be some obscure fixed-space font, hebrew font or something. Try to<br />
{{Shell|cp /usr/share/wine/fonts/* ~/.wine/drive_c/windows/fonts/}}<br />
in case you hit this problem.<br />
<br />
===Configuration of Windows programs===<br />
If you run Wine from a terminal command line you will get an idea of how often calls are failing, even when the program runs.<br />
<br />
Check http://bugs.winehq.org/ for solutions.<br />
<br />
Wine Doors might help as you can load some extra microsoft dlls but will change the configuration quite markedly.<br />
<br />
====ChemSketch====<br />
[[SDB:ChemSketch with wine|ChemSketch]] (version 12 and before) has a windowing bug which means set up is slightly challenging, although it may seem to have worked fine the first time on a KDE session. After this ChemSketch and associated programs are unusable with a hidden window unless you take the steps in [[SDB:ChemSketch with wine]].<br />
<br />
[[Category:Emulators]]<br />
<br />
[[de:Wine]]<br />
[[es:Wine]]<br />
[[fr:Wine]]<br />
[[it:Wine]]<br />
[[ru:Wine]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Lifetime&diff=118088Lifetime2016-12-01T10:00:18Z<p>Msmeissn: 6 months after 42.2 release is May 16 2017</p>
<hr />
<div>{{Intro|<br />
'''[[Portal:Leap|openSUSE Leap]]''', the new Regular Release, brings with it a new '''lifetime'''.<br />
<br />
Each Leap '''Major Release''' (42, 43, etc.) is expected to be supported for at least 36 months, until the next major version of Leap is available.<br />
<br />
A Leap '''Minor Release''' (42.1, 42.2, etc.) is expected to be released annually. Users are expected to upgrade to the latest minor release within 6 months of its availability, leading to a support life cycle of 18 months.<br />
<br />
Previous openSUSE regular releases (13.2 and earlier) have a '''lifetime''' of 2 releases + 2 months overlap.}}<br />
<br />
== openSUSE Leap and 13.x ==<br />
<br />
[[Portal:Leap|openSUSE Leap]] is the new name for openSUSE's regular releases, which were previously known as just 'openSUSE' for versions 13.2 and earlier.<br />
<br />
During the lifetime for Leap and our older Regular Release you will receive:<br />
* security updates for all included packages<br />
* critical bugfix updates (usually these are found and fixed in the first few months of its lifetime)<br />
<br />
== Maintained Regular distributions ==<br />
<br />
The following distributions are expected to receive updates until the specified date:<br />
* [[Portal:13.2|openSUSE 13.2]] - will be maintained until 2 months after release of Leap 42.2 (January 16th 2017)<br />
* [[Portal:42.1|Leap 42.1]] - will be maintained until 6 months after 42.2 (May 16th 2017)<br />
* [[Portal:42.2|Leap 42.2]] - will be maintained until 6 months after 42.3 (EXPECTED Second Quarter of 2018)<br />
<br />
== openSUSE Tumbleweed ==<br />
<br />
[[Portal:Tumbleweed|openSUSE Tumbleweed]] is a rolling release which has a lifetime of 'forever', assuming you are running the latest updated packages. <br />
<br />
It receives security updates, bug fixes, new features, most often in the form of new software versions, as soon as they are integrated and tested by the openSUSE community.<br />
<br />
Critical security updates for packages may also be provided in situations where new software versions may not yet address major security issues.<br />
<br />
----<br />
<br />
== Discontinued distributions ==<br />
<br />
Users running a (soon-to-be) discontinued version of openSUSE should [[SDB:System upgrade|upgrade]] their systems to a supported release to receive [[Portal:Maintenance|security updates]] and [[openSUSE:Communication channels|community support]]. Since eventually [[Package repositories|package repositories]] for discontinued releases are be removed from [[openSUSE:Mirrors|download servers]] as well as the build target list of the [[Portal:Build Service|Build Service]] it will be increasingly difficult to install new software on such distributions.<br />
<br />
The following distributions have reached their end of life and should not be used:<br />
<br />
* [[Portal:13.1|openSUSE 13.1]] - Feb 3rd 2016 - ([http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00004.html done]) ('''Note:''' 13.1 continues to be unofficially supported by the [[openSUSE:Evergreen|Evergreen]] community.)<br />
* [[Portal:12.3|openSUSE 12.3]] - Jan 29th 2015 ([http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00003.html done])<br />
* [[Portal:12.2|openSUSE 12.2]] - Jan 15th 2014 ([http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00008.html done])<br />
* [[Portal:12.1|openSUSE 12.1]] - May 15th 2013 ([http://lists.opensuse.org/opensuse-announce/2013-06/msg00000.html done])<br />
* [[Portal:11.4|openSUSE 11.4]] - November 5th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-11/msg00000.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.4 has ended.)<br />
* [[Portal:11.3|openSUSE 11.3]] - January 20th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-01/msg00001.html done])<br />
* [[Portal:11.2|openSUSE 11.2]] - May 12th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00003.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.2 has ended.)<br />
* [[Portal:11.1|openSUSE 11.1]] - January 14th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00005.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.1 has ended.)<br />
* [http://en.opensuse.org/Archive:OpenSUSE_11.0 openSUSE 11.0] - July 26th, 2010 ([http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00007.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.3 openSUSE 10.3] - October 31st 2009 ([http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00008.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.2 openSUSE 10.2] - November 30th 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.1 SUSE Linux 10.1] - May 31st 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.0 SUSE Linux 10.0] - November 30st 2007 ([http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00000.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.3 SUSE Linux 9.3] - April 30th 2007 ([http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00005.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.2 SUSE Linux 9.2] - October 31st 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Nov/0009.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.1 SUSE Linux 9.1] - June 30th 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Jul/0006.html done])<br />
<br />
openSUSE versions up to and including 11.1 had a lifetime of 2 years.<br />
<br />
Discontinuation announcements will be sent to these mailing lists:<br />
* [http://lists.opensuse.org/opensuse-security-announce/ opensuse-security-announce] and <br />
* [http://lists.opensuse.org/opensuse-announce/ opensuse-announce].<br />
<br />
Images of discontinued images can still be downloaded from [[openSUSE:Mirrors#EOL mirrors|this list of mirrors]].<br />
<br />
=== Evergreen (LTS) ===<br />
<br />
The [[openSUSE:Evergreen|Evergreen]] project is a community effort for continued support of selected openSUSE releases. Only 13.1 is currently supported by Evergreen.<br />
<br />
----<br />
<br />
== SUSE Linux Enterprise products ==<br />
<br />
The lifetime of the Enterprise products is listed on [https://www.suse.com/lifecycle/ suse.com]. Customers are able to receive support, security and maintenance updates for these products.<br />
<br />
[[Category:Distribution]]<br />
<br />
[[cs:SUSE Linux Lifetime]]<br />
[[de:Produktlebensdauer]]<br />
[[es:Ciclo de vida]]<br />
[[fr:SUSE_Linux_Lifetime]]<br />
[[it:Lifetime]]<br />
[[hu:SUSE Linux élettartam]]<br />
[[ru:Сроки поддержки]]<br />
[[ja:ライフタイム]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=Lifetime&diff=117910Lifetime2016-11-18T13:10:32Z<p>Msmeissn: /* Maintained Regular distributions */</p>
<hr />
<div>{{Intro|<br />
'''[[Portal:Leap|openSUSE Leap]]''', the new Regular Release, brings with it a new '''lifetime'''.<br />
<br />
Each Leap '''Major Release''' (42, 43, etc.) is expected to be supported for at least 36 months, until the next major version of Leap is available.<br />
<br />
A Leap '''Minor Release''' (42.1, 42.2, etc.) is expected to be released annually. Users are expected to upgrade to the latest minor release within 6 months of its availability, leading to a support life cycle of 18 months.<br />
<br />
Previous openSUSE regular releases (13.2 and earlier) have a '''lifetime''' of 2 releases + 2 months overlap.}}<br />
<br />
== openSUSE Leap and 13.x ==<br />
<br />
[[Portal:Leap|openSUSE Leap]] is the new name for openSUSE's regular releases, which were previously known as just 'openSUSE' for versions 13.2 and earlier.<br />
<br />
During the lifetime for Leap and our older Regular Release you will receive:<br />
* security updates for all included packages<br />
* critical bugfix updates (usually these are found and fixed in the first few months of its lifetime)<br />
<br />
== Maintained Regular distributions ==<br />
<br />
The following distributions are expected to receive updates until the specified date:<br />
* [[Portal:13.2|openSUSE 13.2]] - will be maintained until 2 months after release of Leap 42.2 (January 16th 2017)<br />
* [[Portal:42.1|Leap 42.1]] - will be maintained until 6 months after 42.2 (EXPECTED Second Quarter of 2017)<br />
* [[Portal:42.2|Leap 42.2]] - will be maintained until 6 months after 42.3 (EXPECTED Second Quarter of 2018)<br />
<br />
== openSUSE Tumbleweed ==<br />
<br />
[[Portal:Tumbleweed|openSUSE Tumbleweed]] is a rolling release which has a lifetime of 'forever', assuming you are running the latest updated packages. <br />
<br />
It receives security updates, bug fixes, new features, most often in the form of new software versions, as soon as they are integrated and tested by the openSUSE community.<br />
<br />
Critical security updates for packages may also be provided in situations where new software versions may not yet address major security issues.<br />
<br />
----<br />
<br />
== Discontinued distributions ==<br />
<br />
Users running a (soon-to-be) discontinued version of openSUSE should [[SDB:System upgrade|upgrade]] their systems to a supported release to receive [[Portal:Maintenance|security updates]] and [[openSUSE:Communication channels|community support]]. Since eventually [[Package repositories|package repositories]] for discontinued releases are be removed from [[openSUSE:Mirrors|download servers]] as well as the build target list of the [[Portal:Build Service|Build Service]] it will be increasingly difficult to install new software on such distributions.<br />
<br />
The following distributions have reached their end of life and should not be used:<br />
<br />
* [[Portal:13.1|openSUSE 13.1]] - Feb 3rd 2016 - ([http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00004.html done]) ('''Note:''' 13.1 continues to be unofficially supported by the [[openSUSE:Evergreen|Evergreen]] community.)<br />
* [[Portal:12.3|openSUSE 12.3]] - Jan 29th 2015 ([http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00003.html done])<br />
* [[Portal:12.2|openSUSE 12.2]] - Jan 15th 2014 ([http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00008.html done])<br />
* [[Portal:12.1|openSUSE 12.1]] - May 15th 2013 ([http://lists.opensuse.org/opensuse-announce/2013-06/msg00000.html done])<br />
* [[Portal:11.4|openSUSE 11.4]] - November 5th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-11/msg00000.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.4 has ended.)<br />
* [[Portal:11.3|openSUSE 11.3]] - January 20th 2012 ([http://lists.opensuse.org/opensuse-announce/2012-01/msg00001.html done])<br />
* [[Portal:11.2|openSUSE 11.2]] - May 12th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00003.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.2 has ended.)<br />
* [[Portal:11.1|openSUSE 11.1]] - January 14th 2011 ([http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00005.html done]) ('''Note:''' [[openSUSE:Evergreen|Evergreen]] community support for 11.1 has ended.)<br />
* [http://en.opensuse.org/Archive:OpenSUSE_11.0 openSUSE 11.0] - July 26th, 2010 ([http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00007.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.3 openSUSE 10.3] - October 31st 2009 ([http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00008.html done])<br />
* [http://en.opensuse.org/Archive:OpenSUSE_10.2 openSUSE 10.2] - November 30th 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.1 SUSE Linux 10.1] - May 31st 2008 ([http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00004.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_10.0 SUSE Linux 10.0] - November 30st 2007 ([http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00000.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.3 SUSE Linux 9.3] - April 30th 2007 ([http://lists.opensuse.org/opensuse-security-announce/2007-06/msg00005.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.2 SUSE Linux 9.2] - October 31st 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Nov/0009.html done])<br />
* [http://en.opensuse.org/Archive:SUSE_Linux_9.1 SUSE Linux 9.1] - June 30th 2006 ([http://lists.opensuse.org/opensuse-security-announce/2006-Jul/0006.html done])<br />
<br />
openSUSE versions up to and including 11.1 had a lifetime of 2 years.<br />
<br />
Discontinuation announcements will be sent to these mailing lists:<br />
* [http://lists.opensuse.org/opensuse-security-announce/ opensuse-security-announce] and <br />
* [http://lists.opensuse.org/opensuse-announce/ opensuse-announce].<br />
<br />
Images of discontinued images can still be downloaded from [[openSUSE:Mirrors#EOL mirrors|this list of mirrors]].<br />
<br />
=== Evergreen (LTS) ===<br />
<br />
The [[openSUSE:Evergreen|Evergreen]] project is a community effort for continued support of selected openSUSE releases. Only 13.1 is currently supported by Evergreen.<br />
<br />
----<br />
<br />
== SUSE Linux Enterprise products ==<br />
<br />
The lifetime of the Enterprise products is listed on [https://www.suse.com/lifecycle/ suse.com]. Customers are able to receive support, security and maintenance updates for these products.<br />
<br />
[[Category:Distribution]]<br />
<br />
[[cs:SUSE Linux Lifetime]]<br />
[[de:Produktlebensdauer]]<br />
[[es:Ciclo de vida]]<br />
[[fr:SUSE_Linux_Lifetime]]<br />
[[it:Lifetime]]<br />
[[hu:SUSE Linux élettartam]]<br />
[[ru:Сроки поддержки]]<br />
[[ja:ライフタイム]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Most_annoying_bugs_42.1&diff=84869openSUSE:Most annoying bugs 42.12016-06-09T13:30:14Z<p>Msmeissn: </p>
<hr />
<div>{{Bug navbar}}<br />
{{Intro|The most annoying bugs and their suggested workarounds:<br>For general information about reporting bugs, see [[openSUSE:Submitting_bug_reports|Submit a Bug]]. <br />
Also see the [[openSUSE:Localization guide|Localization Guide]].}}<br />
<br />
To directly report a bug against openSUSE Leap 42.1 - use "openSUSE Distribution". Here's a [https://bugzilla.opensuse.org/enter_bug.cgi?&product=openSUSE%20Distribution&cf_foundby=Customer&op_sys=openSUSE+42.1&version=Leap+42.1 shortcut].<br />
<br />
You can also view the [https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Distribution&version=Leap%2042.1 list of all bugs]<br />
<br />
When adding a bug to this page, please always include a link to the bugreport in bugzilla.<br />
<br />
== openSUSE 42.1 ==<br />
<br />
* [https://bugzilla.opensuse.org/show_bug.cgi?id=955167 Bug #955167]<br />
** '''Symptoms:''' X cannot be started with gdm using fglrx<br />
** '''Problem:''' Unknown<br />
** '''Workaround:''' Switch to a different displaymanager like xdm, lightdm, sddm<br />
<br />
* [https://bugzilla.opensuse.org/show_bug.cgi?id=953778 Bug #953778]<br />
** '''Symptoms:''' KDE displaymanager unusable with lots of users<br />
** '''Problem:''' No user name entry, trying to mount every user's home<br />
** '''Workaround:''' modify /etc/sddm.conf and define a different theme and maximum UID<br />
** '''See also:''' [https://bugzilla.opensuse.org/show_bug.cgi?id=953778#c3 Bug #953778]<br />
<br />
* [https://bugzilla.opensuse.org/show_bug.cgi?id=953778 Bug #953737]<br />
** '''Symptoms:''' KDE displaymanager fails in VirtualBox guest<br />
** '''Workaround:''' Turn off 3D acceleration in VirtualBox manager<br />
<br />
<br />
* [https://bugzilla.opensuse.org/show_bug.cgi?id=967666 Bug #967666]<br />
** '''Symptoms:''' Updates not available for ppc64le and ARM<br />
** '''Workaround:''' Add the following URL as UPDATE repo <code>http://download.opensuse.org/ports/update/42.1/</code><br />
<br />
[[Category:Most annoying bugs]]<br />
[[Category:42.1|Bugs dev]]</div>Msmeissnhttps://en.opensuse.org/index.php?title=openSUSE:Package_source_verification&diff=84554openSUSE:Package source verification2016-05-18T14:53:36Z<p>Msmeissn: /* How */</p>
<hr />
<div>= Package Source Verification =<br />
<br />
== Why ==<br />
<br />
The openbuildservice and the openSUSE distribution projects Tumbleweed and Leap are made out of thousands of packages <br />
coming from lots of upstream sites.<br />
<br />
In general software is packaged in "good faith", relying on the upstream not to add malicious code in their software releases.<br />
<br />
Occasionally however there have been hackers trying to backdoor released software tarballs.<br />
<br />
As during the regular package integration of packages it is very hard and even impossible for us <br />
to review all the changes in upstream tarballs, we want to rely on some form of integrity guarantee from the upstream communities.<br />
<br />
The most suited established process on relying is signing the released tarballs using GPG (GNU Pretty Good Privacy).<br />
<br />
A high number of projects is doing that already, so we have established means to automatically check these signatures.<br />
<br />
== How ==<br />
<br />
The GPG signature and the GPG keyring is included alongside the source package, and listed in its sources.<br />
<br />
So looking at GNU Hello (RPM package "hello"):<br />
<br />
Source0: ftp://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz<br />
Source1: ftp://ftp.gnu.org/pub/gnu/hello/hello-%{version}.tar.gz.sig<br />
Source2: %{name}.keyring<br />
<br />
The keyring should be gotten from a reliable source (usually from the website). If possible comment the URL where you got it<br />
from above the Source line in the .spec file.<br />
<br />
You can also verify if the key is in the GPG web of trust and chains to more accounts, although this is usually lacking.<br />
<br />
Any changes to the keyring should be documented in the .changes file of the package to avoid replacement with bad keys.<br />
<br />
== in spec file method (deprecated) == <br />
<br />
(please note: this method is deprecated)<br />
<br />
The original idea of verification was using specific spec file macro called %gpg_verify<br />
<br />
In the GNU hello case you would use:<br />
<br />
BuildRequires: gpg-offline<br />
<br />
and in the %prep phase:<br />
<br />
%gpg_verify %{SOURCE0}<br />
<br />
This automatically appends .asc / .sig to the filename in %SOURCE0, and also looks for the %name.keyring file to<br />
locally verify the signature during build.<br />
<br />
If the signature does not validate, the build will fail.<br />
<br />
The code and macro can be found in the gpg-offline package.<br />
<br />
== source validator method (current method) ==<br />
<br />
As the method during build takes time to check and also pulls in GnuPG in the build dependencies, we have implemented<br />
the checking of the signatures in the "source_validator" service (in the "obs-service-source_validator" RPM).<br />
<br />
This service is not just run during package check in, but also by the factory bot checking scripts. The script<br />
checks the signatures against the name.keyring file in the source directory. It can handle .asc and .sig suffixes of the tarballs.<br />
<br />
If the signature does not validate, the checkin or the submission is declined.<br />
<br />
You can run it locally on your submissions using:<br />
<br />
osc service localrun source_validator<br />
<br />
The code lives in the obs-service-source_validator RPM package, in the script /usr/lib/obs/service/source_validators/20-files-present-and-referenced.<br />
<br />
[[Category:Packaging]]<br />
[[Category:Packaging documentation]]</div>Msmeissn