Description of problem: validate-sat-cert.pl ignores the fact the PGP public key expired and successfully validates the entitlements certificate Version-Release number of selected component (if applicable): sat560 How reproducible: always Steps to Reproduce: 1. Our current pgp public key in webapp-keyring.gpg expires at: 2014-02-15 $ gpg --list-keys --no-default-keyring --keyring spacewalk/config/etc/webapp-keyring.gpg spacewalk/config/etc/webapp-keyring.gpg --------------------------------------- pub 1024D/06947932 2004-02-18 [expires: 2014-02-15] uid Red Hat Network (Satellite Certificate Signing Key) <rhn-feedback> sub 2048g/C71F2F5C 2004-02-18 [expires: 2014-02-15] Let's set the current date after this date ... # date -s 'Aug 01 2015' Sat Aug 1 00:00:00 EDT 2015 2. validate current entitlements certificate # validate-sat-cert --keyring=/etc/webapp-keyring.gpg /etc/sysconfig/rhn/rhn-entitlement-cert.xml && echo $? gpg: Signature made Fri 07 Jun 2013 11:40:36 AM EDT using DSA key ID 06947932 gpg: Good signature from "Red Hat Network (Satellite Certificate Signing Key) <rhn-feedback>" gpg: Note: This key has expired! Primary key fingerprint: 3E7B 88A8 BD63 A59F FCD6 8B58 9E72 9DAF 0694 7932 Certificate validated successfully. 0 Actual results: See the note - "gpg: Note: This key has expired!" And return value: 0 Expected results: The certificate actually should not be successfully validated, the validation should fail.
Based on Comment 1 I'm closing the BZ WONTFIX.