Results 1 to 8 of 8

Thread: Zypper and GPG Keys hell (one more time)

  1. #1
    Join Date
    Jul 2008
    Location
    Athens
    Posts
    280

    Default Zypper and GPG Keys hell (one more time)

    OK, this starts getting really, really, really annoying.
    Every time I add a non openSUSE repository, the GPG keys are not recognized by zypper or the KDE Software updates applet.
    Let's take the latest example.

    I want to add the repository: https://download.opensuse.org/reposi...USE_Leap_15.2/
    Which, of course, has a GPG Key here: https://download.opensuse.org/reposi...repomd.xml.key

    And:
    Code:
    wget https://download.opensuse.org/repositories/home:/maxrd2/openSUSE_Leap_15.2/repodata/repomd.xml.key
    rpmkeys --import ./repomd.xml.key.1 
    echo $?
    0
    However, when I run zypper, I get this:

    Code:
    zypper clean 
    All repositories have been cleaned up.
    
    
    zypper ref -f
    Forcing raw metadata refresh
    Retrieving repository 'Main Repository (NON-OSS)' metadata ...................................................................................................................................[done]
    Forcing building of repository cache
    Building repository 'Main Repository (NON-OSS)' cache ........................................................................................................................................[done]
    Forcing raw metadata refresh
    Retrieving repository 'Update Repository (Non-Oss)' metadata .................................................................................................................................[done]
    Forcing building of repository cache
    Building repository 'Update Repository (Non-Oss)' cache ......................................................................................................................................[done]
    Forcing raw metadata refresh
    Retrieving repository 'Main Repository (OSS)' metadata .......................................................................................................................................[done]
    Forcing building of repository cache
    Building repository 'Main Repository (OSS)' cache ............................................................................................................................................[done]
    Forcing raw metadata refresh
    Retrieving repository 'Main Update Repository' metadata ......................................................................................................................................[done]
    Forcing building of repository cache
    Building repository 'Main Update Repository' cache ...........................................................................................................................................[done]
    Forcing raw metadata refresh
    Retrieving repository 'Subtitle Composer (openSUSE_Leap_15.2)' metadata -------------------------------------------------------------------------------------------------------------------------[\]
    
    New repository or package signing key received:
    
      Repository:       Subtitle Composer (openSUSE_Leap_15.2)
      Key Name:         home:maxrd2 OBS Project <home:maxrd2@build.opensuse.org>
      Key Fingerprint:  DE85E73C 17AF00C8 E865B04F 0073ABF0 73738FA0
      Key Created:      Wed Nov 25 07:33:00 2020
      Key Expires:      Fri Feb  3 07:32:59 2023
      Rpm Name:         gpg-pubkey-73738fa0-5fbdec8c
    
    
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
    And of course I accept the key, which solves the problem in the CLI but not for the Software Update applet which still asks for the GPG Keys!

    So, the questions are very simple:
    1. Why the GPG Key is not searched in the DB? To me, it looks like zypper is not using the rpm DB for the GPG keys, but it's own!
    2. Why the GPG Key is not trusted when I execute zypper ref -f ? Again, it looks like zypper uses another DB to store information about repositories and their GPG keys instead of the rpm db!
    3. Why the Software Updates applet ignores both zypper settings and rpm DB?

  2. #2
    Join Date
    Jul 2008
    Location
    Athens
    Posts
    280

    Default Απ: Zypper and GPG Keys hell (one more time)

    Just an Update:

    From Yast the GPG Keys are listed and they are the correct ones...

  3. #3
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    28,317

    Default Re: Zypper and GPG Keys hell (one more time)

    It is probably not what you want to hear, but I would say: remove PackageKit and thus disarm (or even remove) the Applet.
    My very personal solution, but I am certainly not the only one that keeps to openSUSE's native software management tools zypper and YaST > Software Management.
    Henk van Velden

  4. #4
    Join Date
    Sep 2014
    Location
    Germany
    Posts
    703

    Default Re: Zypper and GPG Keys hell (one more time)

    Quote Originally Posted by hcvv View Post
    It is probably not what you want to hear, but I would say: remove PackageKit and thus disarm (or even remove) the Applet.
    My very personal solution, but I am certainly not the only one that keeps to openSUSE's native software management tools zypper and YaST > Software Management.
    I agree with hcvv:

    Remove PackageKit and plasma5-pk-updates.

    Although PackageKit might be a valid option to work with your rpm-packages in my experience it only causes problems when used alternately with Yast and zypper.

    Regards

    susejunky

  5. #5
    Join Date
    Sep 2012
    Posts
    6,323

    Default Re: Zypper and GPG Keys hell (one more time)

    Quote Originally Posted by tpe View Post
    I want to add the repository: https://download.opensuse.org/reposi...USE_Leap_15.2/
    Which, of course, has a GPG Key here: https://download.opensuse.org/reposi...repomd.xml.key

    And:
    Code:
    wget https://download.opensuse.org/repositories/home:/maxrd2/openSUSE_Leap_15.2/repodata/repomd.xml.key
    rpmkeys --import ./repomd.xml.key.1 
    echo $?
    0
    However, when I run zypper, I get this:

    Code:
    zypper clean 
    All repositories have been cleaned up.
    
    
    zypper ref -f
    Retrieving repository 'Subtitle Composer (openSUSE_Leap_15.2)' metadata -------------------------------------------------------------------------------------------------------------------------[\]
    
    New repository or package signing key received:
    
      Repository:       Subtitle Composer (openSUSE_Leap_15.2)
      Key Name:         home:maxrd2 OBS Project <home:maxrd2@build.opensuse.org>
      Key Fingerprint:  DE85E73C 17AF00C8 E865B04F 0073ABF0 73738FA0
      Key Created:      Wed Nov 25 07:33:00 2020
      Key Expires:      Fri Feb  3 07:32:59 2023
      Rpm Name:         gpg-pubkey-73738fa0-5fbdec8c
    
    
    Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
    I cannot reproduce it. After importing key "zypper refresh" does not ask for it.

    What is output of "ls -l /var/lib/rpm"?

  6. #6
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,011
    Blog Entries
    3

    Default Re: Zypper and GPG Keys hell (one more time)

    Quote Originally Posted by tpe View Post
    And of course I accept the key, which solves the problem in the CLI but not for the Software Update applet which still asks for the GPG Keys!
    Maybe try running:
    Code:
    pkcon refresh
    in a terminal ("konsole" for example). Perhaps the update applet is just showing cached error information and has to be forced to do a new refresh.

    Personally, I don't use the update applet on my normal desktop, but it is working fine in a virtual machine.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  7. #7
    Join Date
    Jul 2008
    Location
    Athens
    Posts
    280

    Default Απ: Zypper and GPG Keys hell (one more time)

    Nothing solved the issue.
    So, for now I just create a system cronjob to do the update for me.
    And I will see how I will manage the requirement for system reboots.

    Generally speaking, although I like zypper, I strongly believe it's GPG management is broken. DNF/YUM created exactly zero problems to me the last 5 years with a very similar set of repositories between the 2 PCs...

  8. #8
    Join Date
    Dec 2008
    Location
    FL, USA
    Posts
    2,772
    Blog Entries
    1

    Default Re: Απ: Zypper and GPG Keys hell (one more time)

    Quote Originally Posted by tpe View Post
    Nothing solved the issue.
    It's extremely rare that I encounter this or related repo issues. It's also extremely rare that I use zypper ar when I want to add a repo, and I don't use YaST2 either, or any update applet. Instead, e.g.:
    Code:
    Ctrl-Alt-F3
    <login root>
    # cd /etc/zypp/repos.d/
    # https://download.opensuse.org/repositories/home:/maxrd2/openSUSE_Leap_15.2/home:maxrd2.repo
    # zypper ref
    # zypper -v in...
    Virtually always, all is good this way.
    Reg. Linux User #211409 *** multibooting since 1992
    Primary: 15.2, +TW, 15.1, 15.0 & 13.1 on Haswell
    Secondary: eComStation (OS/2) &15.1 on i965P w/ Radeon
    Tertiary: Mageia,Fedora,Debian,more on Kaby Lake,iQ45,iQ43,iG41,iG3X,i965G,AMD,NVidia&&&&&

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •