Results 1 to 6 of 6

Thread: Any way to set it to ignore a signature verification for repository failure?

  1. #1

    Question Any way to set it to ignore a signature verification for repository failure?

    I'm getting "Signature verification for Repository failed" on a repository I added to get a icon set I wanted (from https://software.opensuse.org/downlo...n-theme-circle). I want to keep the icons, so I am hoping there is a way to stop the notification of signature failure every time the machine is turned on. I looked up the project, it's been inactive for 2 years, it's unlikely I can contact the creator to fix the signature. Maybe there is a command I can use to tell it to not look for a signature on that one repository? I am brand new at Linux, so I know almost nothing. Maybe I don't need to keep the repository in my list of whatever you call that file where all those are kept if I already downloaded the icons I want? Options?

  2. #2
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    1,581

    Default Re: Any way to set it to ignore a signature verification for repository failure?

    One option is to copy the icons right from the package into /usr/local/share/icons/. Any icon you want can be kept there. It's a location intended for use by all users on the system but managed by the admin, so won't be disturbed by package management (rpm, zypper or yast in openSUSE). Icons here are supposed to function the same as if they had been installed via package management. If you wish the icons to be available only to an individual user, they can be copied instead into that user's ./icons/ directory.

    Either location can be utilized using a file manager that treats rpm files as though they were directories. One such is MC. In MC, you select/highlight the rpm, press ENTER, and you can see what's in the rpm. That works for any directory in the listing. With regular files, if they are viewable, press the F3 key to view. If you wish to copy, press F5, and the file will be extracted to the location in the opposite pane. You can copy all the files in the rpm by "entering" its CONTENTS.cpio directory as deep as necessary to find the icon files, select all files with the * key, then copy the whole bunch with F5.

    An option that should suppress but not eliminate the error is to use YaST's software repository configuration to turn off autorefresh for the offending repo.
    Reg. Linux User #211409 *** multibooting since 1992
    Primary: 42.3,TW,15.0 & 13.1 on Haswell w/ RAID
    Secondary: eComStation (OS/2)&42.3 on 965P/Radeon
    Tertiary: TW,15.0,42.3,Fedora,Debian,more on Kaby Lake,Q45,Q43,G41,G3X,965G,Cedar,Caicos,Oland,GT218&&&

  3. #3

    Thumbs up Re: Any way to set it to ignore a signature verification for repository failure?

    Quote Originally Posted by mrmazda View Post
    One option is to copy the icons right from the package into /usr/local/share/icons/.

    In MC, you select/highlight the rpm, press ENTER, and you can see what's in the rpm. That works for any directory in the listing. With regular files, if they are viewable, press the F3 key to view. If you wish to copy, press F5, and the file will be extracted to the location in the opposite pane. You can copy all the files in the rpm by "entering" its CONTENTS.cpio directory as deep as necessary to find the icon files, select all files with the * key, then copy the whole bunch with F5.
    Wonderful, I will try this option this weekend and see if that works. I assume I can get MC by doing an "apt search MC"? Would the QT PCMan file manager or Dolphin do it? I have both of those already installed. Once I do that, where is that file I need to edit to remove that repository from the list of things (and what is that thing called)? Or is that something I can just do with a command in the shell prompt?

    Quote Originally Posted by mrmazda View Post
    An option that should suppress but not eliminate the error is to use YaST's software repository configuration to turn off autorefresh for the offending repo.
    This will be my backup plan. I assume there is a security risk in just using abandoned repos with bad signatures, yes? Maybe they have been compromised or something?

  4. #4
    Join Date
    Jun 2008
    Location
    Yorkshire
    Posts
    322

    Default Re: Any way to set it to ignore a signature verification for repository failure?

    You can also add "gpgcheck=0" to the specific repo file in /etc/zypp/repos.d/ if you're sure it hasn't been or can't be tampered with.
    Pete

  5. #5
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    1,581

    Default Re: Any way to set it to ignore a signature verification for repository failure?

    Quote Originally Posted by jdo09280 View Post
    I assume I can get MC by doing an "apt search MC"?
    openSUSE doesn't have apt. We have "zypper se mc" (use search instead of se if you won't remember se is search spelled with two characters) for the cmdline, YaST Software Management for GUI or ncurses (text). Standard repos provide mc. Just do it:
    Code:
    sudo zypper in mc


    Would the QT PCMan file manager or Dolphin do it?
    To search for a software package? I've never heard of doing that.

    where is that file I need to edit to remove that repository from the list of things (and what is that thing called)? Or is that something I can just do with a command in the shell prompt?
    You have multiple choices. YaST (both in GUI and in ncurses modes) manages repos. So does zypper (rr or removerepo). Each repo is a file in /etc/zypp/repos.d/, so you can modify or remove with any tool that has superuser privilege, such as MC (which can edit, remove or copy among other things) logged in as root.

    This will be my backup plan. I assume there is a security risk in just using abandoned repos with bad signatures, yes? Maybe they have been compromised or something?
    I'd call the security risk virtual zero for a BS package you already have used that only has icons anyway.
    Reg. Linux User #211409 *** multibooting since 1992
    Primary: 42.3,TW,15.0 & 13.1 on Haswell w/ RAID
    Secondary: eComStation (OS/2)&42.3 on 965P/Radeon
    Tertiary: TW,15.0,42.3,Fedora,Debian,more on Kaby Lake,Q45,Q43,G41,G3X,965G,Cedar,Caicos,Oland,GT218&&&

  6. #6
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,953
    Blog Entries
    2

    Default Re: Any way to set it to ignore a signature verification for repository failure?

    As @mrmazda describes,
    You can modify your repository entry. You can use the YaST repository management module or the command line.
    If you want to view your options how to do this from the command line, you can run the following command, "mr" is an abbreviation for "modify repo"
    Code:
    zypper mr --help
    Then you only need to run the repo which can be identified a number of different ways... by enumeration number, name, description, etc.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •