Results 1 to 10 of 10

Thread: Zypper/Yast Repositories and remembering certificates

  1. #1
    Join Date
    Nov 2008
    Location
    Houston, Texas USA
    Posts
    50

    Default Zypper/Yast Repositories and remembering certificates

    I recently updated to Leap 42.1 (still considering Tumbleweed, though, as I think it's simply the logical next step for all distributions) and hoped a certain behavior would go away, but suspected it wouldn't, because it's been going on for several versions. It didn't, of course, and I'm wondering if I'm doing something wrong or this is just something I have to deal with for some odd reason.

    The following is a link to a screenshot I uploaded to Google Drive; take a look:

    https://drive.google.com/file/d/0B8p...ew?usp=sharing

    As you can see, there are certain repositories that I use that are asking if I want to accept their key. They (a)lways ask that and I (a)lways choose (a)lways accept, as you can see in the screenshot. If this is the expected behavior, I have to wonder why there's an option for (a)lways.

    If I sound a little frustrated, the last time I asked about this (which is why I don't ask about it much, despite the fact that it drives me crazy, especially when I type "zypper up" and walk away to do something else only to come back and find it's still waiting for my input regarding what to do about the stupid key) the question wasn't answered directly. Rather, there were some of the standard (and understandable) warnings about being careful about trusting secondary sources. Which is fine, but I am choosing to trust these. I have used them for a long time and haven't had a problem (beyond the occasional odd version conflict, which is generally easily resolvable on my end or otherwise fixed later by the maintainers).

    So what's going on? Does "(a)lways" not mean what I think it means? Is there a way that I can force it to stop asking me the same thing over and over when I'm just going to hit the same answer every time?

    This happens in both Zypper and Yast, as I indicated in the subject.
    Monkey pants!!

  2. #2
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,918

    Default Re: Zypper/Yast Repositories and remembering certificates

    Does this happen every time you use "zypper up" ?
    On my installation after I choose to always trust I no longer see this unless the certificate expires.
    Best regards,
    Greg

  3. #3
    Join Date
    Nov 2008
    Location
    Houston, Texas USA
    Posts
    50

    Default Re: Zypper/Yast Repositories and remembering certificates

    Well, every time there's a change in the repository (i.e., some package is updated there). If nothing has changed, it doesn't ask, but if it has, it continues to ask. And this has been happening for quite a while. The way it's behaving for you is exactly what I'd expect and want.

    So what might be preventing that from happening?
    Monkey pants!!

  4. #4
    Join Date
    Sep 2010
    Location
    Poland
    Posts
    1,918

    Default Re: Zypper/Yast Repositories and remembering certificates

    Quote Originally Posted by pandarsson View Post
    Well, every time there's a change in the repository (i.e., some package is updated there). If nothing has changed, it doesn't ask, but if it has, it continues to ask. And this has been happening for quite a while. The way it's behaving for you is exactly what I'd expect and want.

    So what might be preventing that from happening?
    I would guess it's some libzypp setting. It looks as though you've got certification verification enabled per package and not per repository. I don't how to change this behavior though.
    Can paste in my settings once I get back to my home PC.
    Best regards,
    Greg

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,932
    Blog Entries
    2

    Default Re: Zypper/Yast Repositories and remembering certificates

    The next time you are asked for a cert, inspect the cert.

    Although most of the repos I connect to don't constantly ask for certificate confirmation, I've found recently for whatever reason the Cloud repo asks for confirmation constantly because the cert is weirdly set for a very short lifetime (about a week or two). So, it seems that a new repo cert is being generated that often which means each time it changes you need to confirm again.

    The screenshot you provided of the Multimedia and Wine repos aren't subject to that short lifetime.
    Recommend you track exactly which repos you're seeing the problem and make sure they're these.

    TSU

  6. #6
    Join Date
    Nov 2008
    Location
    Houston, Texas USA
    Posts
    50

    Default Re: Zypper/Yast Repositories and remembering certificates

    Just now doing a zypper search and again those same two ask what to do with the key: multimedia and Wine.

    Glistwan: I would appreciate seeing your settings.

    Temporarily, I've added the line "repo_gpgcheck=off" to the Wine.repo file in /etc/zypp/repos.d in order to see if that stops the one and not the other. Honestly, I don't like doing that, but I think I like having to answer the same question over and over again a little less. I'm taking a chance either way, since the fact that it continuously asks for no reason means I'm not going to be double checking anyway. Hopefully there's a better solution.
    Monkey pants!!

  7. #7
    Join Date
    Nov 2008
    Location
    Houston, Texas USA
    Posts
    50

    Default Re: Zypper/Yast Repositories and remembering certificates

    Oh, and tsu2: I didn't think to inspect the certificate this time. I will next time.
    Monkey pants!!

  8. #8

    Default Re: Zypper/Yast Repositories and remembering certificates

    I'm having the same problem with "hardware" and "multimedia:libs". It's always the same fingerprint and they don't expire yet. I noticed if you click gpg-keys in the YaST repo manager the keys for those repos aren't there.

  9. #9
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,516
    Blog Entries
    15

    Default Re: Zypper/Yast Repositories and remembering certificates

    Quote Originally Posted by LinAGKar View Post
    I'm having the same problem with "hardware" and "multimedia:libs". It's always the same fingerprint and they don't expire yet. I noticed if you click gpg-keys in the YaST repo manager the keys for those repos aren't there.
    Hi
    Have a read of this thread, you can manually add...
    https://forums.opensuse.org/showthre...n-trust-a-repo
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  10. #10
    Join Date
    Nov 2008
    Location
    Houston, Texas USA
    Posts
    50

    Default Re: Zypper/Yast Repositories and remembering certificates

    Excellent. I learned something new that I really should know. Thank you!

    Now to make sure it worked. I'll come back in a couple of days and say whether it's repeated the same behavior or not.
    Monkey pants!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •