Brave browser installation

bonedriven · October 5, 2019, 1:37pm


sudo zypper install curl
sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
sudo zypper addrepo https://brave-browser-rpm-release.s3.brave.com/x86_64/ brave-browser
sudo zypper install brave-browser

I still get “File ‘repomd.xml’ from repository ‘brave-browser’ is unsigned, continue? [yes/no] (no):”

Any idea?

hcvv · October 5, 2019, 1:53pm

We see only the commands you say you typed and a sort of report about the results.
Please always copy/paste all what you see in your terminal emulator: prompt/command line, all that follows up to and including the new prompt line. Only then can you expect others to understand what you did and got, as who and where you did that, without looking over your shoulder, and then come to their own conclusions instead of being dependent on your interpretation.

bonedriven · October 5, 2019, 4:03pm

No error when executing the installation instruction, but there’s the same error when “zypper ref” or “zypper install brave-browser” the package:

~:sudo zypper ref      
Retrieving repository 'brave-browser' metadata ----------------------------------------------------------------------------------------------------------------------------------------------------------------\]
Warning: File 'repomd.xml' from repository 'brave-browser' is unsigned.

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
    whole repo.

    Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
    anymore! You should not continue unless you know it's safe.

**File 'repomd.xml' from repository 'brave-browser' is unsigned, continue? [yes/no] (no):**

hcvv · October 5, 2019, 4:42pm

Say “yes” when you are sure this is the repo you want. Somewhere you have to trust somebody if you want this product

tannington · October 5, 2019, 4:44pm

Well, if the file is unsigned it makes little difference if you have the signing key or not.

Your call as to if you proceed.

Why not contact the repo owner and enquire as to why it’s not signed…

Edit: or as Henk says just “trust somebody”