Skip to content

data: import RH v4 key on rhel-10.1+ only#2097

Merged
supakeen merged 1 commit intoosbuild:mainfrom
mvo5:new-rh-repo-key-v4-3
Dec 17, 2025
Merged

data: import RH v4 key on rhel-10.1+ only#2097
supakeen merged 1 commit intoosbuild:mainfrom
mvo5:new-rh-repo-key-v4-3

Conversation

@mvo5
Copy link
Contributor

@mvo5 mvo5 commented Dec 16, 2025

There is a new produce signing key (v4) that recently added [0][1] and will be used for rhel-10.1 and rhel-9.7. We do not import it for rhel-9.7 (yet) but we do add it for 10.1+.

Note that this also adds a extra newline (\n) after the -----BEGIN PGP PUBLIC KEY BLOCK----- which is omited in the upstream key but that is apparently a mistake.

[0] https://access.redhat.com/security/team/key
[1] https://security.access.redhat.com/data/6afedf8f.txt

@mvo5
data: import RH v4 key or rhel-10.1+ only
f1245ee 
There is a new produce signing key (v4) that recently added
[0][1] and will be used for rhel-10.1 and rhel-9.7. We do
not import it for rhel-9.7 (yet) but we do add it for 10.1+.

Note that this also adds a extra newline (`\n`) after the
`-----BEGIN PGP PUBLIC KEY BLOCK-----` which is omited in
the upstream key but that is apparently a mistake.

[0] https://access.redhat.com/security/team/key
[1] https://security.access.redhat.com/data/6afedf8f.txt
@mvo5 mvo5 requested a review from a team as a code owner December 16, 2025 15:21
@mvo5 mvo5 requested review from bcl, croissanne and thozza December 16, 2025 15:21
@mvo5 mvo5 mentioned this pull request Dec 16, 2025
Closed
@supakeen supakeen mentioned this pull request Dec 16, 2025
Open
lzap
lzap approved these changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@lzap lzap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

You could use "gpgkeys" instead which is an array that gets folded together with "gpgkey". However, that does not make it readable it is still a mess.

Here is my solution (let's work on that after this is merged): #2098

@supakeen supakeen enabled auto-merge December 16, 2025 20:28
@supakeen supakeen added this pull request to the merge queue Dec 17, 2025
Merged via the queue into osbuild:main with commit 3b13de7 Dec 17, 2025
23 checks passed
@achilleas-k achilleas-k changed the title data: import RH v4 key or rhel-10.1+ only data: import RH v4 key on rhel-10.1+ only Dec 18, 2025
@achilleas-k achilleas-k mentioned this pull request Dec 18, 2025
Merged
croissanne added a commit to croissanne/osbuild-composer that referenced this pull request Jan 21, 2026
@croissanne
go.mod: update images to v0.231.0
b4d54d5 
Changes with 0.231.0
----------------
  - Drop iommu.strict=0 from aarch64 EC2 images (osbuild/images#2090)
    - Author: Achilleas Koutsou, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - bootc: Fix selinux labeling when using separate build container (osbuild/images#2092)
    - Author: Alexander Larsson, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - ci: resolve dubious ownership for git (osbuild/images#2100)
    - Author: Lukáš Zapletal, Reviewers: Achilleas Koutsou, Michael Vogt
  - data: import RH v4 key on rhel-10.1+ only (osbuild/images#2097)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger
  - distrodefs: drop `use_syslinux` as it has no effect (osbuild/images#2088)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger
  - fedora: /boot on btrfs for Fedora Cloud 44 (HMS-9737) (osbuild/images#1960)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Neal Gompa (ニール・ゴンパ), Tomáš Hozza
  - fedora: add `server-network-installer` (osbuild/images#2094)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - installer: only install `syslinux` when needed (osbuild/images#2089)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - manifest: add `set -e` to `bootc switch...` kickstart %post (osbuild/images#2093)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - many: include legal and license files in ISO (osbuild/images#2099)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - osbuild: drop `valueIn` helper (osbuild/images#2086)
    - Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger
  - readme: update link to image definitions (osbuild/images#2070)
    - Author: Anna Vítová, Reviewers: Achilleas Koutsou, Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - test: cross arch build/boot smoke test for ppc64le,s390x (osbuild/images#2069)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
achilleas-k pushed a commit to osbuild/osbuild-composer that referenced this pull request Jan 21, 2026
@croissanne @achilleas-k
go.mod: update images to v0.231.0
e296d0e 
Changes with 0.231.0
----------------
  - Drop iommu.strict=0 from aarch64 EC2 images (osbuild/images#2090)
    - Author: Achilleas Koutsou, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - bootc: Fix selinux labeling when using separate build container (osbuild/images#2092)
    - Author: Alexander Larsson, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - ci: resolve dubious ownership for git (osbuild/images#2100)
    - Author: Lukáš Zapletal, Reviewers: Achilleas Koutsou, Michael Vogt
  - data: import RH v4 key on rhel-10.1+ only (osbuild/images#2097)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger
  - distrodefs: drop `use_syslinux` as it has no effect (osbuild/images#2088)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger
  - fedora: /boot on btrfs for Fedora Cloud 44 (HMS-9737) (osbuild/images#1960)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Neal Gompa (ニール・ゴンパ), Tomáš Hozza
  - fedora: add `server-network-installer` (osbuild/images#2094)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - installer: only install `syslinux` when needed (osbuild/images#2089)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - manifest: add `set -e` to `bootc switch...` kickstart %post (osbuild/images#2093)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - many: include legal and license files in ISO (osbuild/images#2099)
    - Author: Simon de Vlieger, Reviewers: Lukáš Zapletal, Tomáš Hozza
  - osbuild: drop `valueIn` helper (osbuild/images#2086)
    - Author: Michael Vogt, Reviewers: Brian C. Lane, Simon de Vlieger
  - readme: update link to image definitions (osbuild/images#2070)
    - Author: Anna Vítová, Reviewers: Achilleas Koutsou, Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
  - test: cross arch build/boot smoke test for ppc64le,s390x (osbuild/images#2069)
    - Author: Michael Vogt, Reviewers: Lukáš Zapletal, Simon de Vlieger, Tomáš Hozza
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lzap lzap lzap approved these changes

@supakeen supakeen supakeen approved these changes

@bcl bcl Awaiting requested review from bcl bcl is a code owner automatically assigned from osbuild/osbuild-reviewers

@thozza thozza Awaiting requested review from thozza thozza is a code owner automatically assigned from osbuild/osbuild-reviewers

@croissanne croissanne Awaiting requested review from croissanne croissanne is a code owner automatically assigned from osbuild/osbuild-reviewers

@ondrejbudai ondrejbudai Awaiting requested review from ondrejbudai

@achilleas-k achilleas-k Awaiting requested review from achilleas-k

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mvo5 @lzap @supakeen