Beginning with January 2019, the OES update repository and OES packages are signed with 4096 bit key. The oes-build-key patch adds the 4096-bit key to the rpm keyring of the OES server. When this patch is applied, it displays a message to import the new keys to the keyring in the following scenarios:
Post January 2019, if a new OES 2015 SP1 server is installed, the message to import the keys is displayed during the registration of the server to the customer center or to the patch update server.
Post January 2019, if an earlier version of OES is upgraded to the OES 2015 SP1 server, the message to import the keys is displayed during the registration of the server to the customer center or to the patch update server.
On patching the OES 2015 SP1 server post January 2019, the message to import the keys is displayed.
NOTE:If a message to import the keys with the following details is displayed in any other scenario, you can go ahead and accept it to continue with the process:
Key ID: 044ADAEE04881839 Key Fingerprint: F5E39B083E1A8D7CEFF584C4044ADAEE04881839
To import the new keys to the keyring and continue with the process:
In zypper method: When New repository or package signing key received: is displayed, choose the option trust always by entering "a" in the command line.
Figure C-1 Sample prompt in zypper
In YaST method: Click Import.
Figure C-2 Sample prompt in YaST
If SUSE manager is used for managing OES patches, to avoid errors while mirroring, you must perform the following:
Run the command spacewalk-repo-sync -c <any-OES-channels>.
For example, spacewalk-repo-sync -c oes2015-sp1-pool-x86_64.
When prompted to import the keys, import the keys and continue.
See also, TID 7023680