Page 1 of 5 123 ... LastLast
Results 1 to 10 of 48

Thread: Checking signatures for installation sources

  1. #1

    Question Checking signatures for installation sources

    The tool “zypper 1.14.4-1.1” shows messages like “File 'repomd.xml' from repository '…' is signed with an unknown key ''. Continue? …” for a while. Now I wonder about the status of further software update possibilities from these installation sources.

    Examples:
    https://download.opensuse.org/reposi...SE_Tumbleweed/
    • filesystems
    • Printing
    • server:/database

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    9,704
    Blog Entries
    3

    Default Re: Checking signatures for installation sources

    I have not been seeing that. However, I'm only using the standard repos (plus packman).

    You can try removing a repo, and then adding it back. It should then prompt for approval of the signing key for that repo.

    There was a recent update/change to some signing keys, though I'm not sure which keys were affected.


    NOTE: one way of removing a repo is to rename the repo definition file (or move it to a different directory). The repo definition files are in "/etc/zypp/repos.d" and have file names that end in ".repo". If you remove a repo this way, you can just as easily restore it.
    opensuse Leap 15.0; KDE Plasma 5;
    opensuse tumbleweed; KDE Plasma 5 (test system);

  3. #3

    Question Re: Checking signatures for installation sources

    Quote Originally Posted by nrickert View Post
    However, I'm only using the standard repos (plus packman).
    I am using an extended selection of available installation sources.

    You can try removing a repo, and then adding it back.
    I would prefer to trigger the refresh for proper management of involved keys by a direct command (instead of such an action).

    There was a recent update/change to some signing keys, though I'm not sure which keys were affected.
    I noticed a few corresponding updates for these keys.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    9,704
    Blog Entries
    3

    Default Re: Checking signatures for installation sources

    There is an "rpmkeys" command for adding (importing) a key. But you first have to find the key.
    opensuse Leap 15.0; KDE Plasma 5;
    opensuse tumbleweed; KDE Plasma 5 (test system);

  5. #5

    Question Re: Checking signatures for installation sources

    Quote Originally Posted by nrickert View Post
    But you first have to find the key.
    How should the appropriate keys be determined for mentioned repository examples?

  6. #6
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    17,551
    Blog Entries
    13

    Default Re: Checking signatures for installation sources

    Quote Originally Posted by elfring View Post
    The tool “zypper 1.14.4-1.1” shows messages like “File 'repomd.xml' from repository '…' is signed with an unknown key ''. Continue? …” for a while. Now I wonder about the status of further software update possibilities from these installation sources.

    Examples:
    https://download.opensuse.org/reposi...SE_Tumbleweed/
    • filesystems
    • Printing
    • server:/database
    I don't see this. I too have the filesystems repo active, but not even on that one. Does
    Code:
    zypper clean && zypper ref
    change anything?

    Also, show
    Code:
    zypper lr -d
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  7. #7

    Question Re: Checking signatures for installation sources

    Quote Originally Posted by Knurpht View Post
    Does
    Code:
    zypper clean && zypper ref
    change anything?
    Not for the desired handling of installation keys on my system.

    Code:
    zypper lr -d
    The additional repositories from my openSUSE build service selection have got different priorities so that the recommended variants should be picked up by default.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    22,802

    Default Re: Checking signatures for installation sources

    Quote Originally Posted by elfring View Post
    The additional repositories from my openSUSE build service selection have got different priorities so that the recommended variants should be picked up by default.
    Is that an explanation why you did not show the
    Code:
    zypper lr-d
    as asked?
    Henk van Velden

  9. #9

    Question Re: Checking signatures for installation sources

    Quote Originally Posted by hcvv View Post
    Is that an explanation why you did not show the
    Code:
    zypper lr-d
    as asked?
    I hope so. - I would like to avoid the distraction because of a special repository selection.

    Which software component is responsible for the information “… is signed with an unknown key ''. …”?

  10. #10
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    17,551
    Blog Entries
    13

    Default Re: Checking signatures for installation sources

    Quote Originally Posted by elfring View Post
    The additional repositories from my openSUSE build service selection have got different priorities so that the recommended variants should be picked up by default.
    A proven method to get a mix of distro and non-distro packages, i.e. an unstable system, and saying absolutely nothing about vendor change of packages. As long as we don't know abiut your repos, I have no option than to guess the blame for the issue lies in described mix of packages.
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

Page 1 of 5 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •