Results 1 to 6 of 6

Thread: NVIDIA Repository signature verify failed in Zypper!

  1. #1

    Default NVIDIA Repository signature verify failed in Zypper!

    Any idea what's causing this and what I should do?

    Code:
    Retrieving repository 'NVIDIA Repository' metadata [\]
    Signature verification failed for file 'repomd.xml' from repository 'NVIDIA Repository'.
    Warning: This might be caused by a malicious change in the file!
    Continuing might be risky. Continue anyway? [yes/no] (no): no

  2. #2
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: NVIDIA Repository signature verify failed in Zypper!

    As the message sais, it is probable that the repo.xml has been damaged or altered. I would wait for the repo be updated or refreshed and try again later. Often the error is corrected. But then, what do you do. Since you do not know the real fingerprint of the signature you will then have to blindly accept it. If you do not feel comfortable with this situation you may register in openFATE (the openSUSE feature request site) and vote for the feature that I pass on in my signature. So the next time it will even have more success to wait. (There are already 19 votes, we may finally get this through, .... if we are enough to make our voice be heard).
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  3. #3

    Default Re: NVIDIA Repository signature verify failed in Zypper!

    You might want to have a look at this script - doesn't help for keys that are not installed though: list, export and remove RPM GPG keys..

    I added my vote.

  4. #4
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: NVIDIA Repository signature verify failed in Zypper!

    Quote Originally Posted by please_try_again View Post
    You might want to have a look at this script - doesn't help for keys that are not installed though: list, export and remove RPM GPG keys..

    I added my vote.
    Thank you for the script and for voting. Together with the page to control for the key versions this script can be very interesting. We really have to get a better infrastructure. And it would take little to get it done, IMO.
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

  5. #5

    Default Re: NVIDIA Repository signature verify failed in Zypper!

    I voted. Apparently, it got fixed because the error no longer shows up in zypper.

  6. #6
    Join Date
    Jan 2009
    Location
    Somewhere in Fictionland
    Posts
    1,479

    Default Re: NVIDIA Repository signature verify failed in Zypper!

    Quote Originally Posted by 6tr6tr View Post
    I voted. Apparently, it got fixed because the error no longer shows up in zypper.
    Thank you for adding your voice and your vote. When errors of this kind occur it is advisable to wait. Either somebody forgot to sign a package or the repo is being updated. In the worst case scenario somebody may have altered the repo. It was a good choice to wait for the error not to show up any more.
    Just "clicking away" security warnings about a change in repo signature ? Not able to control?
    Then please vote for
    https://features.opensuse.org/312047
    openSUSE should have an efficient web of trust.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •