drivers.suse.com usage

<
>
^

Package Signing Key

NOTE: Prior to November 12, 2013 the “SUSE SolidDriver Program” was known as the “Partner Linux Driver Program” (PLDP). Though the signing key still reflects the old name, it remains valid as described here.

Some of the packages and installation repositories hosted on drivers.suse.com are digitally signed with a package signing key. In order for SUSE installer to verify the authenticity and integrity of the packages or repositories the public key needs to be installed on the system.

Purpose

The purpose of the signing key is to enable users to validate the authenticity and integrity of the packages or repositories to be installed. The SolidDriver Signing key authenticates the following:

  • Package or repository was built in the official SUSE SolidDriver Program build service.

  • Packages are fully supported by SUSE and Partner company under the same terms of support delivered with SUSE Linux Enterprise server products.

  • The contents of the package has not been tampered or modified by a third party

Installation

SUSE recommends verifying all package signatures of all software before deploying on SUSE Linux Enterprise installations. The SUSE package installer (YaST or zypper) will do this automatically. The public key must be installed as trusted before the installer can verify packages signed with the key. If they key is not installed rpm will output the following warning when installing a package signed with this key:

warning: example.rpm: Header V3 RSA/SHA256 signature: NOKEY, key ID c2bea7e6

Also rpm --checksig will fail with the following output:

# rpm --checksig example.rpm
example.rpm: RSA sha1 (MD5) (PGP) md5 NOT OK (MISSING KEYS: PGP#c2bea7e6)

To avoid the installation warning, and to be able to verify packages signed with the SUSE SolidDriver key, Download the public key from here and install it using the following command:

# rpm --import gpg-pubkey-c2bea7e6-4c2de264.asc

The key can also be installed directly from the drivers.suse.com server:

# rpm --import http://drivers.suse.com/keys/gpg-pubkey-c2bea7e6-4c2de264.asc

After the key is imported, you can validate the packages by running the rpm --checksig command. A valid signed package would give the following:

# rpm --checksig pldp-example.rpm
pldp-example.rpm: rsa sha1 (md5) pgp md5 OK

Installing Driver Kits

Driver kits (driver installation repositories) hosted on drivers.suse.com may also be signed with this key When installing the driver kit on a system where this key was not previously installed, the following (or simlar) message will occur:

New repository or package signing key received:
Key ID: 79144284C2BEA7E6
Key Name: PLDP Signing Key 
Key Fingerprint: D59857D5CA0058DA627C5D7779144284C2BEA7E6

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?](r):

In this case, the key’s fingerprint is displayed and can be used to validate the signature manually. Find the SUSE SolidDriver (PLDP) signing key fingerprint below.

Signing key fingerprint

pub   rsa2048/C2BEA7E6 2010-07-02 [expires: 2024-05-02]
      Key fingerprint = D598 57D5 CA00 58DA 627C  5D77 7914 4284 C2BE A7E6
uid       [ unknown] PLDP Signing Key <pldp@suse.de>

Public key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2

mQENBEwt4mQBCACj+PiwTSoAXAo5bIaH5pyn3XuapCCgYFB7NFcNfS0DJiCbKCh0
835VKX52ThL85KGcJ3dKmyXiUAK/DVO9gWotUBkHo9vBhpOygyWEf2RHntSACRYc
L/ffykl0QjRm9dUX5/0aj6H9OI0lsPInSkkfX04EhmhytdK8dPHKlB1SoBGY0ERX
Y/gmfXp77dyisB1VnOeHHWnag6hynUSBsenYUoBs7TZYNeat93clLOWisH1sQnS4
BB51n6RtKy1IrA8CXds7prFdDKgN4YinGlGNVxDGcM9rC7yE+vl/WqgXYMKSz2Gq
+HrMvoGrx1xdeNhXceCNh+6CTmRzzh0W3VU7ABEBAAG0H1BMRFAgU2lnbmluZyBL
ZXkgPHBsZHBAc3VzZS5kZT6JATwEEwECACYFAkwt4mQCGwMFCQeEzgAGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRB5FEKEwr6n5mz6B/4ucUNWl4UY+1r2cBtPy2qm
UZPPuLibkoyaI6mRyU1acqgjyMb79EFAX9SMc3EY5Pp6VeIlvPSf09EVZsnTSOH/
CcEv00h1fYHPRuZOUnvtGEWnEbBWDq1GFjUy0mz6M6xGdswpPX8PAAaDYJcjbt4w
vtv6D+xhZv8we3mIR1GME7uRExqVO9PPOcRMDyvT6uTPWmasxVCxukSWy0NqfmJx
fCvXjXPaQOEBOYu6Cg+gpMyeMvbBYHNZrmzgX8MMmL6KwhUCp9hbsNUWqB1rLJ+g
fxKqgE1uoaur/npCFaZTIBsiCPsIKp7Ne7jzrER8QNx0JLq9ZnGhXLs4PffxFdP+
iQE8BBMBAgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAlNnTnEFCRoFbw0A
CgkQeRRChMK+p+ZQmAf+JFWMEaRNC7/4Xebid3yLOfiDDEzGumWuU0S5tFymv2xG
RWD/pxCUh3i54uRVMmMjwbHlmWUK//dfiu554KGdxHkpYTgJFU9QWJ+W7jRNtbkK
S17OSJpziOIcwZ2CpJsOMqSUFQNMm0X9qglkHoR+4grI9f+sKbviYgBwFScTpJHt
tLSP4COidVn7Jn6AOHFiIXQLr+OXTBv07H0WXRE88f4OGdqjn8KXz1oDM1Prx81B
qCvxkEEWXHGxS4UpyfGySPDQFA9rGwF1AZaR14XtD1QdzT+RB+WKJb2sdfqBIn/g
mtpIbrRlcn4tdP5/ZjRxr3Fd66c62lCVSYon+rhiQQ==
=4Rwe
-----END PGP PUBLIC KEY BLOCK-----

download public key

<
>
^