Error on Packman Evergreen Essential "BAD KEY"

Trying to update via the Evergreen Essential 11.1 of Packman and continuing of getting this error on all packages:

Subprocess failed. Error: RPM non riuscito:error: /var/cache/zypp/packages/Packman_Evergreen_Essentials_1/Essentials/i586/ Header V4 RSA/SHA1 signature: BAD, key ID 1abd1afb
error: /var/cache/zypp/packages/Packman_Evergreen_Essentials_1/Essentials/i586/ cannot be installed

where of course the respective package changes.
Any clue on the reason?

On Fri, 11 Mar 2011 21:06:02 +0000, stakanov wrote:

> Trying to update via the Evergreen Essential 11.1 of Packman and
> continuing of getting this error on all packages:
> Code:
> --------------------
> Subprocess failed. Error: RPM non riuscito:error:
> /var/cache/zypp/packages/Packman_Evergreen_Essentials_1/Essentials/
> Header V4 RSA/SHA1 signature: BAD, key ID 1abd1afb
> error:
> /var/cache/zypp/packages/Packman_Evergreen_Essentials_1/Essentials/
> cannot be installed
> --------------------
> where of course the respective package changes.
> Any clue on the reason?

There is an issue they’re working on with the Packman repo keys.


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at

Thank you for the info.

On Fri, 11 Mar 2011 22:36:02 +0000, stakanov wrote:

> Thank you for the info.
> Regards.

No problem - you might take a look at the info posted by Pascal in the
announcements group for more details.


Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at

I have read through the announcement and it seems that the issue should be resolved (as the problem was the NO KEY thing, not the BAD KEY one). Now I have the feeling that my problem is maybe due to some issue in my signatures.
I tried up to now the following:
I erased the old imported packman key, an error probably, but when the repo refreshes no key installation is proposed, I thought of forcing the system to accept the new packman keys. Substantially it seams that the packages in general would install and the repo accepted without asking you to accept the signature of the repo. Maybe because now the packages should be signed directly?
I then tried in a terminal:

rpm -vv --rebuilddb

, ran without error, but did not change a thing on the error described above.
I tried to do with zipper, but this did not work out saying that there i an empty space in the signature.

zypper ar -r
Problem parsing the file at the specified URI:
/var/adm/mount/AP_0x0000000c/suse/Evergreen_11.1: Key in line 1 contains whitespace
Is it a .repo file? See for details.

So since I did not see any new announcement, nobody complains and all the rest works: yast does refresh the repository (without asking for any key - odd that) and shows all the packages correctly. If you want to update there is the error message for every one of the as of above. If I do update from any other repository everything works (but for none I am asked to import a signature file). So maybe my key management has some major problem? I ask that to understand if this is an individual problem or a system wide one since by what is on the announcement page all should be fine now.
Thanks for giving me some insight.

I get this error as well. I wonder if it was anything to do with the packages themselves and some kind of mismatch between new and old versions of Packman. I’m going to remove and reinstall these packages and see if this fixes things.

Just uninstalled all the packages (multimedia ones, not critical for my work computer) and now I can’t reinstall them. Can’t think of anything else I should do.

Try to install the versions of the"frozen" packman repo]( At least they are functional. The essential seems not to work for now. I think there is an error with how the 11.1 packages have been signed.
Ps. never do theis with all packages, always try with one. Just for the next time.

After the PM you sent me (as noted lets stay public in this and no more private PMs please) I queried this on the packman mailing list and got this reply:

From: jschrod at

It seems that 11.1’s rpm cannot handle the current Packman signing key. That’s an rpm issue, not a zypper issue. It was confirmed here a few days ago; look at messages with the subject “RPM problem with packet signatures (not zypper and repomd.xml!)” Maybe that’s because it’s a 4096-bit key, but the root cause has not been established yet.

Since there is no known way to turn off rpm gpg signature check in zypper, Packman repositories cannot be used via zypper / yast for 11.1/Evergreen installations at the time.

Given the state of 11.1, my guess unless Packman change the way they handle their key for repos back to the OLD way for evergreen, this won’t be fixed for Packman (IMHO).

I’m going to investigate the smart package manager and see if I can get it to work here. My wife is using the laptop currently (she is enjoying 11.1 gnome with evergreen) so its difficult to lay my hands on that PC.

I tuned the repostories in Smart Package manager for Evergreen (including the Packman essential for Evergreen), and refreshed the repos, briefly set the rpm-signature check to false in smart, and updated all the packman packager packages with no problem. Then ran then nominal ‘SuSEconfig’ followed by ‘ldconfig’ and it worked fine.

So there is an easy work around in place (in the guise of Smart Package manager).

as noted lets stay public in this and no more private PMs please

As I told you in the PM, since I got no answer on this thread and on another contribution done directly in the thread about the packman reordering of repos I did this inquiry following your remark that you still use 11.1, apparently nobody but me does, nobody complained for this and so I got no answer on whether that was my problem or “a” problem.
I thank you for your work around, admitting that for me this is not a solution. The reason is that the signature of packages has a rational (to check for integrity) and the same is true for the signature of the repos. So I just downgraded what did not work well to the last frozen stadium (with valid repo signature, as it seems… or not). But if this is the status of security now, I will anyway wait for a real solution for the rpm issue and stay with the status quo for now. Sorry for having you written a P.M. If you wish I can paste it here so it gets way public. Not intended to “have something to hide” (as you know I am Dr Jeckyll, Mr Hyde is not allowed out since years lol! ). It was just to avoid to spam the forum with repeated “bumps” without answers while not even knowing whether the problem is of everybody or just a broken system of mine. So at least it worked and I know now where the issue is. Very kind of you for having done this research. Will avoid to send you another PM, promised.

There were a number of complaints on the Evergreen mailing list, but they were all referred to the Packman mailing list. However I did not see any post on the Packman mailing list of those who noted the problem in Evergreen. That does not mean the problem was not noted before on the Packman mailing list. It just means I did not see the post. Apparently there were many packman mailing list posts with subject: “RPM problem with packet signatures (not zypper and repomd.xml!)” and I likely just deleted them all.

I also hope there is a fix comming.

As of today there is no fix to use any of the Packman Evergreen Repos because of the bug / problem with the rpm signature. The evergreen OpenSUSE repo does instead a great job. They delivered updates for Firefox, Flash, Adobe Acrobat Reader and Gimp just to say a few. Thank you very much. I am still hoping the 2.6.37 kernel rpm that works so well on my machine (from Kernel Headers at the time) makes its reappearance with source code. Would be great. Opera and Chrome I get it now from the producer sites.
For who is instead looking for an OpenOffice alternative: LibreOffice if you install it, is broken on 11.1. The “openfile” command freezes the program and the function to save a file opened by clicking on the icon does not work. So you loose whatever you do. OpenOffice 3.3.0 from the Oracle site does instead work still flawlessly on the 11.1. While “politically” I would appreciate LibreOffice I thought it would be correct to share the info since the BuildService Openoffice repos are gone.

Same problem here :

Opensuse 11.1 : packman update impossible claiming key pb

Hello Christophe.
I am sorry I did not see your help request in time and I am somehow astonished about the “intimidating” tone of some folks on a question like this.
To help you a bit in this:
The problem appears to be an error in the rpm function of 11.1. It is not able to handle key with a length greater then 1024 bit, while the rpms of the packman evergreen repository (also in general) are now signed with a 4096 bit key.
There is currently a **discussion **about trying to sign selectively the rpms of the packman evergreen repository with a 1024 bit key. In alternative they think about doing an upgrade of the rpm-program itself, fearing however it may cause breakage (which would be a major problem, as you know very limited human resources, organized by volunteers are dedicated to this aspect). You may bookmark it and follow it up or pass by in this thread from time to time. I will update on the matter.
As for your interest in 11.1: I can understand you. There is nothing “bad” in deciding to stick to a system. If it would be…why put out an evergreen repository.
Good luck and have fun.

the best advice you can get on Evergreen is from its developers–but
they are not here…instead they communicate via their mail list…so,
read their documentation:

on this page:

and on that page there is a link to their mail list…

Tried LibreOffice? Do that and help at
[NNTP via openSUSE 11.3 + KDE4.5.5 + Thunderbird3.1.8]

stakanov > thanks a lot for your input. I’m waiting for a solution, like you.

BTW, your link doesn’t work for me.

Sorry, double http://

Re: [packman] RPM problem with packet signatures (not zypper and repomd.
This one shall do.

find the file
or whatever you call it!!! …
** search for

then change gpgcheck=1 to

Index of /repositories/openSUSE:/Evergreen:/11.1/standard/repodata

I also had to add

to another file, which was
?? !!

You may have to do so for any repo that protests …