failed app install

I saw an interesting looking app in my news feed. It’s a multifaceted system monitor called Stacer. Among other things, it cleans out cache items. That was recommended to me in another thread for solving an issue with the audio widget.

Stacer is not in our repos. I downloaded it from github. I never did that before. In fact, I’ve been chicken to use ANYTHING that doesn’t come from the official repos (except GOOGLE). When I tried zypper in, the install failed with this error

stacer-1.1.0-1.x86_64 (Plain RPM files cache): Signature verification failed [6-File is unsigned]

I went back to the download page and saw nothing else to download; thinking there was a signature file or security key. So, two questions: 1) should I being going to github?; 2) how can I get this to install? I DID have the option to ignore the error.

I guess you have to trust it if you want to install it and therefor ignore the error about the signature.

Downloaded stacer-1.1.0-amd64.rpm from https://sourceforge.net/projects/stacer/files/latest/download and installed by running “rpm -i ~karl/Downloads/stacer-1.1.0-amd64.rpm”. No errors encountered.

The reason is:
All packages in a Repository will be signed with the Repository key in the file repo.xml.key.
If you add a Repository, zypper/Yast ask to downolad the key and ask you to trust.
If you trust the key, you can install all packages signed with this key without any question once more.

But if you download an app from anywhere, you will not have inserted the key and Yast/zypper is asking you:

LANG=C zypper in -f ./areca-7.5-lp150.12.1.x86_64.rpm 
Loading repository data...
Reading installed packages...
Forcing installation of 'areca-7.5-lp150.12.1.x86_64' from repository 'Plain RPM files cache'.
Resolving package dependencies...

The following NEW package is going to be installed:
  areca

1 new package to install.
Overall download size: 2,7 MiB. Already cached: 0 B. After the operation, additional 4,0 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): 
Retrieving package areca-7.5-lp150.12.1.x86_64                       (1/1),   2,7 MiB (  4,0 MiB unpacked)
areca-7.5-lp150.12.1.x86_64.rpm:
    Header V3 DSA/SHA1 Signature, key ID 725a0c43: NOKEY
    V3 DSA/SHA1 Signature, key ID 725a0c43: NOKEY

Looking for gpg key ID 725A0C43 in cache /var/cache/zypp/pubkeys.
Repository Plain RPM files cache does not define additional 'gpgkey=' URLs.
areca-7.5-lp150.12.1.x86_64 (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]
Abort, retry, ignore? [a/r/i] (a): 

Therefore you have no key you have to ignore it here by typing i, because you want to install it.

I followed the link and it downloaded an app image. I don’t know what that is or what to do with it. So, I revisited the page and saw the .rpm package; downloaded it from souuceforge not github and used zypper in to install. I got the same error. This time, I was brave and ignored the error message.

It installed very rapidly and works well. I wait to see if it does one thing I really want: make boincmgr run at startup.

Thanks for your responses.

An AppImage is another format for distributing apps on Linux like the newer ones Flatpak and Snap.

After downloading an AppImage you have to right click on it and give it permission to run and that is all.

Thanks for the clarification.