Preventing updates:

warning: /var/cache/yum/Kolab_16/packages/roundcubemail-plugin-kolab_2fa-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 0038d0db: NOKEY

Public key for roundcubemail-plugin-kolab_2fa-assets-3.3.6-2.3.el7.kolab_16.noarch.rpm is not installed

On RPM-based distributions, this can be worked around by using the --nogpgcheck flag.
On Debian and derivatives, the signature check can be disabled by marking the repository as [trusted=yes] and removing /var/lib/apt/lists/obs.kolabsys.com_repositories_*.

In either case, I strongly recommend switching the repository URL to https://.

What is the point in signing the packages if the signature cannot be checked? Why don't you publish the new key?

What is the point in signing the packages if the signature cannot be checked? Why don't you publish the new key?

The current signing-key mixup is not intended - it's an artefact from the upgrade of the OBS software that was performed recently. Unfortunately, the upgrade didn't go as smoothly as hoped for. Most of the resulting fallout has already been cleared without anybody even noticing, but the key issue still remains open at the moment.

Sadly, fixing this is not simply a matter of clicking on one button. If I may quote the person in charge, it takes a lot of "research in what the fsck this build system is doing exactly".

This is being worked on, but it's not going to happen over night. Fortunately a workaround exists; see above.

As far as I can tell, the main problem now appears to be resolved. However, the key distributed at https://ssl.kolabsys.com/community.asc is still the old one.

For now, the new key can be downloaded from either of the following URLs:

• https://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/repomd.xml.key
• https://obs.kolabsys.com/repositories/Kolab:/16/Debian_9.0/Release.key

Please go test and report back.

Hi.
Works nicely. Thanks a lot.

As of today, the following Kolab 16 CentOS_7 packages are signed with 830c2bcf446d5a45, https://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/repomd.xml.key :

kolab-schema
kolab-conf
kolab-ldap
kolab-mta
kolab-webclient
kolab-imap
chwala
kolab
kolab-autoconf

All others are signed with a01d0ca80038d0db, https://ssl.kolabsys.com/community.asc.

Can we get them all signed with the same key? Thanks!

Now that we have the GPG key thing in the OBS sorted, perhaps it is time to rebuild all of Kolab:16 indeed, and refresh what is referred to as community.asc.

Going about it now. Patience may be required.

The manticore project didn't seem to get built, so "setup-kolab manticore" (referenced on https://docs.kolab.org/upgrade-guide/kolab-16.html) gives:

2018-08-22 18:54:51,835 pykolab.setup ERROR [21612] Manticore is not installed on this system

In T4049#62669, @vanmeeuwen wrote:

As the 750+ packages are now rebuilding, I'm going to declare this issue as resolved. Please reopen / create a new ticket should some discrepancies persist.

I just did a fresh Kolab install on CentOS 7 and got this:

warning: /var/cache/yum/x86_64/7/Kolab_16/packages/pytz-2015.7-2.8.el7.kolab_16.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 446d5a45: NOKEY


Public key for pytz-2015.7-2.8.el7.kolab_16.noarch.rpm is not installed

UPDATE: I did try to import the newer key:

# rpm --import https://obs.kolabsys.com/repositories/Kolab:/16/CentOS_7/repodata/repomd.xml.key

But I still get the same error on install.