oneAPI Registration, Download, Licensing and Installation
Support for Getting Started questions related to download, Installation and licensing for Intel oneAPI Toolkits and software development tools.
1382 Discussions

Expired signing key for Intel oneAPI???

nsmeds
Novice
3,645 Views

I am definitely not an expert on this, but my system (Fedora 38) has started to complain about the oneAPI signing key. This occurred upon upgrading from Fedora 37 and it is known that with Fedora 38 the requirements on the signing key by the DNF tool has become more strict.

 

When trying to manually install the signing (public) key I get the following error:

[nsmeds-x1(nsmeds):~] sudo rpmkeys --import https://yum.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB --nosignature
error: Certificate 1A8497B11911E097:
The certificate is expired: The primary key is not live
error: https://yum.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB: key 1 import failed.
[nsmeds-x1(nsmeds):~] gpg --openpgp  GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2016-09-28 [SC] [expired: 2019-09-27]
      BF4385F91CA5FC005AB39E1C1A8497B11911E097
uid           "CN = Intel(R) Software Development Products", O=Intel Corporation
pub   rsa2048 2019-09-30 [SC] [expires: 2023-09-30]
      52ABD6E87E421793971873FFACFA9FC57E6C5DBE
uid           Intel(R) Software Development Products
pub   rsa2048 2019-07-26 [SC] [expires: 2023-07-26]
      E1BA4ECEFB0656C61BF9794936B9569B3F1A1BC7
uid           KEY-PIDT-PGP-20190726
pub   rsa2048 2020-05-18 [SC] [expires: 2024-05-18]
      6113D31362A0D280FC025AAB640736427872A220
uid           CN=Intel(R) Software Development Products (PREPROD USE ONLY)

 

 

0 Kudos
5 Replies
nsmeds
Novice
3,627 Views

And here is the way to extend/renew the validation of an expired key.

 

https://superuser.com/questions/813421/can-you-extend-the-expiration-date-of-an-already-expired-gpg-key

0 Kudos
ArpanB_Intel
Moderator
3,430 Views

Hi Nils, thank you for reaching out to us. We will check this issue and soon get back to you with our findings.


Metalfreak
Beginner
3,235 Views

Can confirm that its impossible to install oneAPI under Fedora 38. Even if you add the --nogpgcheck flag to the install command you get the following error:

 

  package intel-basekit-2023.1.0-46401.x86_64 does not verify: RSA signature: BAD (package tag 1002: invalid OpenPGP signature: Parsing an OpenPGP packet:
  Failed to parse Signature Packet
      because: Signature appears to be created by a non-conformant OpenPGP implementation, see <https://github.com/rpm-software-management/rpm/issues/2351>.
      because: Malformed MPI: leading bit is not set: expected bit 8 to be set in     1100 (c))
0 Kudos
ArpanB_Intel
Moderator
3,186 Views

Nils, we do not support usage of non-native package managers like yum on Ubuntu or apt on RHEL, only the native ones. We have checked native package managers on all the supported platforms and they are fine:

 

  • ubuntu:22.04 - apt - OK
  • ubuntu:20.04 - apt - OK
  • debian:9 - apt - OK
  • debian:10 - apt - OK
  • debian:11 - apt - OK
  • redhat/ubi8 - dnf - OK
  • redhat/ubi9 - dnf - OK
  • rockylinux:8 - dnf - OK
  • rockylinux:9 - dnf - OK
  • fedora:36 - dnf - OK
  • fedora:37 - dnf - OK
  • amazonlinux:2 - yum - OK
  • amazonlinux:2022 - dnf - OK
  • registry.suse.com/suse/sle15:15.3 - zypper - OK
  • registry.suse.com/suse/sle15:15.4 - zypper - OK

 

The only known system where this issue appears is Fedora 38 which is not yet supported by oneAPI. It's tracked separately and will be resolved by the time a new Intel® oneAPI Toolkit version supporting it is released. Thus, this is not a defect for Intel® oneAPI Toolkit 2023.1.


0 Kudos
ArpanB_Intel
Moderator
3,089 Views

Nils, unfortunately we were unable to hear back from you.


If you have any further query, please post a new question as this thread will no longer be monitored by Intel®.


0 Kudos
Reply