I’m getting “Signature verification for Repository failed” on a repository I added to get a icon set I wanted (from https://software.opensuse.org/download.html?project=home%3Akkirill&package=numix-icon-theme-circle). I want to keep the icons, so I am hoping there is a way to stop the notification of signature failure every time the machine is turned on. I looked up the project, it’s been inactive for 2 years, it’s unlikely I can contact the creator to fix the signature. Maybe there is a command I can use to tell it to not look for a signature on that one repository? I am brand new at Linux, so I know almost nothing. Maybe I don’t need to keep the repository in my list of whatever you call that file where all those are kept if I already downloaded the icons I want? Options?
One option is to copy the icons right from the package into /usr/local/share/icons/. Any icon you want can be kept there. It’s a location intended for use by all users on the system but managed by the admin, so won’t be disturbed by package management (rpm, zypper or yast in openSUSE). Icons here are supposed to function the same as if they had been installed via package management. If you wish the icons to be available only to an individual user, they can be copied instead into that user’s ./icons/ directory.
Either location can be utilized using a file manager that treats rpm files as though they were directories. One such is MC. In MC, you select/highlight the rpm, press ENTER, and you can see what’s in the rpm. That works for any directory in the listing. With regular files, if they are viewable, press the F3 key to view. If you wish to copy, press F5, and the file will be extracted to the location in the opposite pane. You can copy all the files in the rpm by “entering” its CONTENTS.cpio directory as deep as necessary to find the icon files, select all files with the * key, then copy the whole bunch with F5.
An option that should suppress but not eliminate the error is to use YaST’s software repository configuration to turn off autorefresh for the offending repo.
Wonderful, I will try this option this weekend and see if that works. I assume I can get MC by doing an “apt search MC”? Would the QT PCMan file manager or Dolphin do it? I have both of those already installed. Once I do that, where is that file I need to edit to remove that repository from the list of things (and what is that thing called)? Or is that something I can just do with a command in the shell prompt?
This will be my backup plan. I assume there is a security risk in just using abandoned repos with bad signatures, yes? Maybe they have been compromised or something?
You can also add “gpgcheck=0” to the specific repo file in /etc/zypp/repos.d/ if you’re sure it hasn’t been or can’t be tampered with.
openSUSE doesn’t have apt. We have “zypper se mc” (use search instead of se if you won’t remember se is search spelled with two characters) for the cmdline, YaST Software Management for GUI or ncurses (text). Standard repos provide mc. Just do it:
sudo zypper in mc
Would the QT PCMan file manager or Dolphin do it?
To search for a software package? I’ve never heard of doing that.
where is that file I need to edit to remove that repository from the list of things (and what is that thing called)? Or is that something I can just do with a command in the shell prompt?
You have multiple choices. YaST (both in GUI and in ncurses modes) manages repos. So does zypper (rr or removerepo). Each repo is a file in /etc/zypp/repos.d/, so you can modify or remove with any tool that has superuser privilege, such as MC (which can edit, remove or copy among other things) logged in as root.
This will be my backup plan. I assume there is a security risk in just using abandoned repos with bad signatures, yes? Maybe they have been compromised or something?
I’d call the security risk virtual zero for a BS package you already have used that only has icons anyway.
As @mrmazda describes,
You can modify your repository entry. You can use the YaST repository management module or the command line.
If you want to view your options how to do this from the command line, you can run the following command, “mr” is an abbreviation for “modify repo”
zypper mr --help
Then you only need to run the repo which can be identified a number of different ways… by enumeration number, name, description, etc.
HTH,
TSU