Results 1 to 10 of 10

Thread: More weird problems with repo signatures

  1. #1
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default More weird problems with repo signatures

    Today I had a weird message from zypper. Note that this is the "sane" system with respect to the problems I explained in this thread.
    I was working with packages (to fix a problem in Libreoffice 6) when zypper told me one of my repos was in need of a refresh.


    So I issued a "sudo zypper ref" and got this (italian, sorry):
    Code:
    cristiano@xmper8q3 [~]$ sudo zypper ref 
    Il repository 'Insync' è aggiornato. 
    Recupero dei metadati del repository 'Visual Studio Code' -----------------------------------------------------------------------------------------------------------------------------[\] 
    Verifica della firma errata per il file 'repomd.xml' dal repository 'Visual Studio Code'. 
    
    
       Nota: La firma dei dati consente al ricevente di verificare che non siano occorse modifiche 
       successivamente al momento della firma. L'accettazione di dati senza firma oppure con firma 
       errata o sconosciuta può comportare la corruzione del sistema e in casi estremi può anche 
       comprometterlo. 
    
    
       Nota: Il file 'repomd.xml' è il file di indice mastro dei repository. Assicura l'integrità 
       dell'intero repository. 
    
    
       Avvertenza: Questo file è stato modificato dopo essere stato firmato. Potrebbe trattarsi di una 
       modifica malevola, pertanto potrebbe non essere più attendibile. È sconsigliato continuare a 
       meno che non si sia certi che ciò sia sicuro. 
    
    
    Verifica della firma errata per il file 'repomd.xml' dal repository 'Visual Studio Code'. Continuare? [sì/no] (no): 
    Recupero dei metadati del repository 'Visual Studio Code' ........................................................................................................................[errore] 
    Il repository 'Visual Studio Code' non è valido. 
    [code|https://packages.microsoft.com/yumrepos/vscode] Non sono stati trovati metadati validi all'URL specificato 
    Verificare che gli URI definiti per questo repository puntino a un repository valido. 
    Esclusione del repository 'Visual Studio Code' a causa dell'errore precedente. 
    Il repository 'home:colomboem' è aggiornato. 
    Il repository 'packman' è aggiornato. 
    Il repository 'repo-debug' è aggiornato. 
    Il repository 'repo-non-oss' è aggiornato. 
    Il repository 'repo-oss' è aggiornato. 
    Il repository 'repo-update' è aggiornato. 
    Il repository 'snappy' è aggiornato. 
    Il repository 'Sublime Text - x86_64 - Stable' è aggiornato. 
    Il repository 'telred-opensuse-42.2' è aggiornato. 
    Il repository 'vivaldi-beta' è aggiornato. 
    Alcuni repository non sono stati aggiornati a causa di un errore.

    More or less it says that the signatures for the "Visual Studio Code" repo does not verifies correctly, so that repo file could have been tampered with.


    So I thought about getting the same message in english to post it in this forum. But when I issued "LANG=C sudo zypper ref" I did not get the error:
    Code:
    cristiano@xmper8q3 [~]$ LANG=C sudo zypper ref 
    Repository 'Insync' is up to date. 
    Repository 'Visual Studio Code' is up to date. 
    Repository 'home:colomboem' is up to date. 
    Repository 'packman' is up to date. 
    Repository 'repo-debug' is up to date. 
    Repository 'repo-non-oss' is up to date. 
    Repository 'repo-oss' is up to date. 
    Repository 'repo-update' is up to date.                      
    Repository 'snappy' is up to date.                   
    Repository 'Sublime Text - x86_64 - Stable' is up to date. 
    Repository 'telred-opensuse-42.2' is up to date. 
    Repository 'vivaldi-beta' is up to date. 
    All repositories have been refreshed.

    I issued it another time just to be sure: no error at all (and zypper did not even say that the "Visual Studio Code" repo was in need of a refresh).


    So I issued it another time without the LANG=C env var, and the error was back!!


    I am really puzzled. How can it be that zypper behaves differently based on the locale?


    Please help...
    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

  2. #2
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default Re: More weird problems with repo signatures

    Forgot to add the list of my repos:
    Code:
    cristiano@xmper8q3 [~]$ LANG=C zypper lr -d
    Repository priorities in effect:                                                                                                                          (See 'zypper lr -P' for details)
          98 (raised priority)  :  1 repository
          99 (default priority) : 10 repositories
         100 (lowered priority) :  1 repository
    
    #  | Alias                | Name                           | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                                      
          | Service
    ---+----------------------+--------------------------------+---------+-----------+---------+----------+--------+--------------------------------------------------------------------------------+--------
     1 | Insync               | Insync                         | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://yum.insynchq.com/fedora/25/                                       
          |
     2 | code                 | Visual Studio Code             | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | https://packages.microsoft.com/yumrepos/vscode                           
          |
     3 | dukto                | home:colomboem                 | Yes     | (r ) Yes  | Yes     |  100     | rpm-md | http://download.opensuse.org/repositories/home:/colomboem/openSUSE_Tumbleweed/ |
     4 | packman              | packman                        | Yes     | (r ) Yes  | Yes     |   98     | rpm-md | http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/      
          |
     5 | repo-debug           | repo-debug                     | Yes     | (r ) Yes  | Yes     |   99     | yast2  | http://download.opensuse.org/tumbleweed/repo/debug                       
          |
     6 | repo-non-oss         | repo-non-oss                   | Yes     | (r ) Yes  | Yes     |   99     | yast2  | http://download.opensuse.org/tumbleweed/repo/non-oss                     
          |
     7 | repo-oss             | repo-oss                       | Yes     | (r ) Yes  | Yes     |   99     | yast2  | http://download.opensuse.org/tumbleweed/repo/oss                         
          |
     8 | repo-update          | repo-update                    | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/tumbleweed/                          
          |
     9 | snappy               | snappy                         | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed/  |
    10 | sublime-text         | Sublime Text - x86_64 - Stable | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | https://download.sublimetext.com/rpm/stable/x86_64                       
          |
    11 | telred-opensuse-42.2 | telred-opensuse-42.2           | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | https://tel.red/repos/opensuse/42.2/                                     
          |
    12 | vivaldi-beta         | vivaldi-beta                   | Yes     | ( p) Yes  | Yes     |   99     | rpm-md | http://repo.vivaldi.com/snapshot/rpm/x86_64/
    
    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

  3. #3
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default Re: More weird problems with repo signatures

    ...a couple hours later: zypper does not want me to refresh the "Visual Studio Code" repo anymore

    Oh my, what a mess!

    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

  4. #4
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: More weird problems with repo signatures

    Quote Originally Posted by Cris70 View Post
    ...a couple hours later: zypper does not want me to refresh the "Visual Studio Code" repo anymore

    Oh my, what a mess!

    Cris
    that's a 3rd party repo any issues with that repo should be reported to microsoft only microsoft can fix it there is nothing opensuse can do about it

  5. #5
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default Re: More weird problems with repo signatures

    Hi I_A!

    Quote Originally Posted by I_A View Post
    that's a 3rd party repo any issues with that repo should be reported to microsoft only microsoft can fix it there is nothing opensuse can do about it
    Yes, you're right: it's a third party repo. But to me this is not normal behaviour. Would you expect zypper to behave this way with whatever repository?

    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

  6. #6
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,749

    Default Re: More weird problems with repo signatures

    Sure if the signage is wrong it is wrong you should be told. Could be a cert simply was too old or the rpm was new and the cert had yet to be updated. This is MS you know

  7. #7
    Join Date
    Sep 2008
    Posts
    2,997

    Default Re: More weird problems with repo signatures

    according to google translate the pgp keyfile in https://packages.microsoft.com/yumre...ata/repomd.xml has been altered since the repo was created
    the simplest fix would be to remove and then re-add that repo then the stored key would be the same as the repo key
    I suspect the Visual Studio Code rpm automatically adds the repo during install so remove the repo and reinstall visual studio code
    Code:
    zypper rr 2
    zypper in -f https://packages.microsoft.com/yumrepos/vscode/code-1.19.3-1516876593.el7.x86_64.rpm
    if that doesn't readd the repo you can add it manually
    Code:
    zypper ar -f -n 'Visual Studio Code' https://packages.microsoft.com/yumrepos/vscode code
    or just ignore the error and wait for MS to fix it, this is normal behavior for zypper I'd suggest ignoring the error and waiting for MS to fix it.
    I remember I had similar issues with the Microsoft Skype repo but they got around to fixing

  8. #8
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default Re: More weird problems with repo signatures

    Hi I_A and gogalthorp!

    I suppose my initial message was not clear enough.. I'm not so good at explaining things.

    The problem is not that the repo signage was wrong... it can happen, when a repo maintainer changes the key or he manages to **** up the repo somehow.

    But if you look at my initial message, you'll see that zypper was telling me that there was a problem in that repo only when I was launching it normally. When I was launching it with the LANG=C environment variable, it did not tell me anything, as if the repo was perfectly fine!

    I repeated the experiment a couple of times, switching between the two command lines, to verify the behavior: it would always behave as outlined above! It does not seem normal to me.

    Then, after a while, without messing with zypper or the repository configuration, zypper stopped complaining! This, too, does not seem normal, but could be justified by the fact that the repo maintainer fixed up the repo signage. But what about the inconsistent behavior that zypper showed previously?

    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

  9. #9
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,399
    Blog Entries
    1

    Default Re: More weird problems with repo signatures

    Quote Originally Posted by Cris70 View Post
    Then, after a while, without messing with zypper or the repository configuration, zypper stopped complaining! This, too, does not seem normal, but could be justified by the fact that the repo maintainer fixed up the repo signage. But what about the inconsistent behavior that zypper showed previously?

    Cris
    Bug report?

  10. #10
    Join Date
    May 2015
    Location
    Italy
    Posts
    377

    Default Re: More weird problems with repo signatures

    Hi deano!

    Quote Originally Posted by deano_ferrari View Post
    Bug report?
    Thank you deano, I just wanted to know if anybody else found it strange or if it was just me, before filing a bug.
    I'll wait to see if I can reproduce it next time I have a signing problem, then I'll file a bug report.

    Cris
    Desktop: OpenSUSE Tumbleweed (x86_64) - AMD FX-8350 Eight-Core Processor, 16Gb RAM, 120GB Samsung Evo 840 SSD
    Laptop: OpenSUSE Tumbleweed (x86_64) - Thinkpad T440 - Intel i5-4210U, 12Gb RAM, 250GB Samsung EVO 750 SSD

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •