Results 1 to 7 of 7

Thread: Signature Verification for Repository Security Failed

  1. #1

    Default Signature Verification for Repository Security Failed

    Hello,

    Started getting this notification a few days ago 'Signature Verification for Repository Security Failed'. Not sure what is causing this, but below I have listed my repo list.
    Thanks in Advance,


    zypper lr -d
    # | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service
    ---+---------------------------+------------------------------------+---------+---------+----------+----------+---------------------------------------------------------------------------------+--------
    1 | SuSE | SuSE | Yes | Yes | 99 | rpm-md | http://download.videolan.org/SuSE/13.1/ |
    2 | backintime-1.0.36 | backintime-1.0.36 | Yes | Yes | 99 | plaindir | dir:///home/rW/Documents/backintime-1.0.36 |
    3 | ftp.gwdg.de-suse | Packman Repository | Yes | Yes | 99 | rpm-md | http://ftp.gwdg.de/pub/linux/packman...openSUSE_13.1/ |
    4 | openSUSE-13.1-1.10 | openSUSE-13.1-1.10 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-MATSHITADVD-RAM_UJ-841S_HA29_536751,/dev/sr0 |
    5 | opensuse-guide.org-repo | libdvdcss repository | Yes | Yes | 99 | rpm-md | http://opensuse-guide.org/repo/13.1/ |
    6 | repo-debug | openSUSE-13.1-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/d...13.1/repo/oss/ |
    7 | repo-debug-update | openSUSE-13.1-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/13.1/ |
    8 | repo-debug-update-non-oss | openSUSE-13.1-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/13.1-non-oss/ |
    9 | repo-non-oss | openSUSE-13.1-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distrib.../repo/non-oss/ |
    10 | repo-oss | openSUSE-13.1-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distrib...13.1/repo/oss/ |
    11 | repo-source | openSUSE-13.1-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/...13.1/repo/oss/ |
    12 | repo-update | openSUSE-13.1-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/13.1/ |
    13 | repo-update-non-oss | openSUSE-13.1-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/13.1-non-oss/ |
    14 | security | security | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/reposit...openSUSE_13.1/

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,311
    Blog Entries
    2

    Default Re: Signature Verification for Repository Security Failed

    Usually the error you describe would occur immediately after the problem repo, or are you suggesting that the error is displayed after <every> repo in you list?

    TSU

  3. #3

    Default Re: Signature Verification for Repository Security Failed

    Sorry about that. Jumping the gun a little. I did a search and found this thread
    https://forums.opensuse.org/showthre...ecurity+Failed

    Instructions given were to list the repos, so I thought this would help.

    there was a pop up message 'A security trust relationship is not present', then below it 'Signature Verification for Repository Security Failed'.

  4. #4
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,311
    Blog Entries
    2

    Default Re: Signature Verification for Repository Security Failed

    Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.

    I haven't had a problem with a corrupted (or non-working) repo key personally, but I'd expect it would be considered part of the repo metadata. If so, then the following command should remove the corrupted key and next time prompt you to accept the key
    Code:
    zypper clean -m reponame_or_number
    So, for instance if you had a corrupted key for the Packman repo in your list, the following should remove your old keys and prompt for new (again, I'm guessing the keys are metadata)
    Code:
    zypper clean -m 3
    Even if I might be wrong about whether the keys are considered metadata or not, cleaning should be a fairly non-critical try since recovering would only require re-building what was removed.

    If you are experiencing a larger problem, then the problem might be something else.

    TSU

  5. #5

    Default Re: Signature Verification for Repository Security Failed

    Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.
    Sorry if I wasn't clear in answering, I didn't read it very well. Eyes were very tire from computer at work all day.
    I answered with 'there was a pop up message 'A security trust relationship is not present', then below it 'Signature Verification for Repository Security Failed'.



    Usually the error you describe would occur immediately after the problem repo,
    No, there was no problem repo displayed, just 'A security trust relationship is not present', then below it 'Signature Verification for Repository Security Failed'.

    or are you suggesting that the error is displayed after <every> repo in you list?
    No, as stated previously, I searched and saw another thread asking for a list of repos and thought they would be useful some how.

    So, I don't know which repo caused the issue.

    Thanks TSU





    Quote Originally Posted by tsu2 View Post
    Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.

    I haven't had a problem with a corrupted (or non-working) repo key personally, but I'd expect it would be considered part of the repo metadata. If so, then the following command should remove the corrupted key and next time prompt you to accept the key
    Code:
    zypper clean -m reponame_or_number
    So, for instance if you had a corrupted key for the Packman repo in your list, the following should remove your old keys and prompt for new (again, I'm guessing the keys are metadata)
    Code:
    zypper clean -m 3
    Even if I might be wrong about whether the keys are considered metadata or not, cleaning should be a fairly non-critical try since recovering would only require re-building what was removed.

    If you are experiencing a larger problem, then the problem might be something else.

    TSU

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,647
    Blog Entries
    3

    Default Re: Signature Verification for Repository Security Failed

    Quote Originally Posted by opensuse13 View Post
    Started getting this notification a few days ago 'Signature Verification for Repository Security Failed'. Not sure what is causing this, but below I have listed my repo list.
    It looks to me as if the message is about the "security" repo (number 14 on your list).

    You can test this by disabling that repo, then see if the message goes away.

    As to what the problem might be - that, I do not know. Maybe the PGP key for the repo was changed. You could try deleting that repo and then adding it back.
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  7. #7

    Default Re: Signature Verification for Repository Security Failed

    Quote Originally Posted by nrickert View Post
    It looks to me as if the message is about the "security" repo (number 14 on your list).

    You can test this by disabling that repo, then see if the message goes away.

    As to what the problem might be - that, I do not know. Maybe the PGP key for the repo was changed. You could try deleting that repo and then adding it back.

    nrickert,

    I was about to disable the 'Security' repo, but decided to do a zypper refresh instead. The repository/package signing key needed to be update/accepted.
    Once I did this and rebooted my system, the error did not re-appear.

    linux-ry0g:/home/rW # zypper ref
    Repository 'SuSE' is up to date.
    Retrieving repository 'backintime-1.0.36' metadata ........................................................................................................[done]
    Repository 'Packman Repository' is up to date.
    Repository 'openSUSE-13.1-1.10' is up to date.
    Repository 'libdvdcss repository' is up to date.
    Repository 'openSUSE-13.1-Non-Oss' is up to date.
    Repository 'openSUSE-13.1-Oss' is up to date.
    Repository 'openSUSE-13.1-Update' is up to date.
    Repository 'openSUSE-13.1-Update-Non-Oss' is up to date.
    Retrieving repository 'security' metadata --------------------------------------------------------------------------------------------------------------------[\]

    New repository or package signing key received:
    Key ID: 69D1B2AAEE3D166A
    Key Name: security OBS Project <security@build.opensuse.org>
    Key Fingerprint: AAF3EB044C49C402A9E7B9AE69D1B2AAEE3D166A
    Key Created: Mon 26 May 2014 04:04:43 AM CDT
    Key Expires: Wed 03 Aug 2016 04:04:42 AM CDT
    Repository: security

    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): a
    Retrieving repository 'security' metadata .................................................................................................................[done]
    Building repository 'security' cache ......................................................................................................................[done]
    All repositories have been refreshed.


    Thank you TSU & nrickert for your assistance.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •