[12.3 x86_64] A security trust relationship is not present

Hello everyone, the last couple of months this little problem appeared in my system.
KDE notifications popup every now and then with “Signature verification for Repository download.opensuse.org-database failed” or any other repo I have in my list.

i) I have tried updating the repos (via Yast > Software Repositories > Refresh) manually which fixes the problem for the next hour or so by reimporting/Trusting the GPG keys during refresh. It does not work… next hour, same thing again.

ii) I have tried updating the repos with zypper up, asks me “New repository or package signing key received:” and I accept it for every repo, fixes the problem for the next hour or so. It does not work… next hour, same thing again.

iii) I have tried deleting all GPG keys and repos I had, add basic opensuse repos again. Nothing… Not only same behaviour with “Signature verification for Repository XXXX…”, but GPG keys list remains empty even though I have multiple times accepted them via yast or zypper. I also got extra zypper warnings like "Additional rpm output:
warning: /var/cache/zypp/packages/ftp.gwdg.de-suse/Essentials/x86_64/chromium-pdf-plugin-14.0.0.145-3.1.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 1abd1afb: NOKEY"

iv) I have tried deleting the contents of the subdirectories under “**/var/cache/zypp/” **and retried steps i,ii,iii to no effect.

I’m running out of ideas, any help?

Could it be that simple?

I just performed “rpm --rebuilddb” with result:

i) GPG keys in yast are now available

ii) So far no errors to updates

Yes, probably.

The keys are stored in the RPM database, so if that is corrupted they might not work.
“rpm --rebuilddb” recreates the database, so might fix such a problem.

But this is only speculation of course… :wink:

On 2014-09-08 09:16, wolfi323 wrote:
>
> nixboom;2663395 Wrote:
>> Could it be that simple?
> Yes, probably.
>
> The keys are stored in the RPM database, so if that is corrupted they
> might not work.
> “rpm --rebuilddb” recreates the database, so might fix such a problem.
>
> But this is only speculation of course… :wink:

Makes sense… but I would not call it “simple”, a database rebuild is
not a last measure, but close. Some data is lost.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)

No, it isn’t.

All the data is in the main database (/var/lib/rpm/Packages). When you run “rpm --rebuild-db” only all the other files in /var/lib/rpm/ are re-created from that one for faster access.
If /var/lib/rpm/Packages itself is corrupt/missing though, nothing can be re-created and “rpm --rebuild-db” will fail.
Then data is lost of course… :wink:

At least that’s how I understand it.