GPG

The MariaDB project signs their MariaDB packages for Debian, Ubuntu, Fedora, and Red Hat. This page documents information about the keys that we use and have used.

MariaDB Community Server Debian / Ubuntu key

Our MariaDB Community Server repositories for Debian "Sid" and the Ubuntu 16.04 and beyond "Xenial" use the following GPG signing key. As detailed in MDEV-9781, APT 1.2.7 (and later) prefers SHA2 GPG keys and now prints warnings when a repository is signed using a SHA1 key like our previous GPG key. We have created a SHA2 key for use with these.

Information about this key:

  • The short Key ID is: 0xC74CD1D8

  • The long Key ID is: 0xF1656F24C74CD1D8

  • The full fingerprint of the key is: 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8

  • The key can be added on Debian-based systems using the following command:

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
  • Usage of the apt-key command is deprecated in the latest versions of Debian and Ubuntu, and the replacement method is to download the keyring file to the /etc/apt/trusted.gpg.d/ directory. This can be done with the following:

sudo curl -LsSo /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg https://supplychain.mariadb.com/mariadb-keyring-2019.gpg

MariaDB Community Server RPM / Source Keys

Beginning in 2023 we migrated the key used to sign our yum/dnf/zypper repositories and to sign our source code and binary tarballs to the same key we use for Debian and Ubuntu.

Key ID and Fingerprint information is in the MariaDB Community Server Debian/Ubuntu Key section, above.

The key can be imported on RPM-based systems using the following command:

sudo rpm --import https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY

or

sudo rpmkeys --import https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY

MariaDB Enterprise GPG Keys

Information about the key we use on most platforms for MariaDB Enterprise Server releases:

  • The short Key ID is: 0xE3C94F49

  • The long Key ID is: 0xCE1A3DD5E3C94F49

  • The full fingerprint of the key is: 4C47 0FFF EFC4 D3DC 5977 8655 CE1A 3DD5 E3C9 4F49

The key can be added on Debian-based systems using the following command:

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xCE1A3DD5E3C94F49
  • Usage of the apt-key command is deprecated in the latest versions of Debian and Ubuntu, and the replacement method is to download the keyring file to the /etc/apt/trusted.gpg.d/ directory. This can be done with the following:

sudo curl -LsSo /etc/apt/trusted.gpg.d/mariadb-keyring-2019.gpg https://supplychain.mariadb.com/mariadb-keyring-2019.gpg

The key can be imported on RPM-based systems using the following command:

sudo rpm --import https://supplychain.mariadb.com/MariaDB-Enterprise-GPG-KEY

or

sudo rpmkeys --import https://supplychain.mariadb.com/MariaDB-Enterprise-GPG-KEY

Configuring Repositories

See the this page for details on using the mariadb_repo_setup and mariadb_es_repo_setup scripts to configure repositories that use these keys.

See the details on configuring MariaDB Foundation repositories that use these keys.

This page is licensed: CC BY-SA / Gnu FDL

Last updated

Was this helpful?