Hello Everyone,
excuse me if the question I ask may seem a bit dumb but I could not find the info I am searching for on other posts or the wiki and therefore dare open a thread to ask it.
I am on a fresh install on Leap 15.6 and wanted to add the unofficial codecs to play some video files.
I added them ass followed:
sudo zypper ar -cfp 90 'https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/' packman-essentials
I then noticed that something was wrong (of course I added the wrong - Tumbleweed -repository ) so I interrupted the process because it was going to delete a lot of really important packages.
So I did: zypper lr -d
and then sudo zypper rr 'https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/' packman-essentials
To remove it.
I then proceeded to add the right repository and install the needed codecs. Now my question is the following. I did temporarily accept the signing key of the Tumbleweed packman repo.
Does this key get automatically deleted when I delete the repository, or do I have to remove it manually from a file?
I am really sorry if that question is obvious for you. In Debian i believe I had to delete it manually, and I am still in the learning process for these basics.
When you decide to “trust temporarily”, this key is not stored anywhere, it is only valid for this zypper invocation. It also means that packages in this repository will be signed by unknown key.
10:~ # rpm -qa gpg-pubkey\* | sort > /tmp/keys.1
10:~ # zypper ar -cfp 90 'https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/' packman-essentials
Adding repository 'packman-essentials' ...................................[done]
Repository 'packman-essentials' successfully added
URI : https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/
Enabled : Yes
GPG Check : Yes
Autorefresh : Yes
Priority : 90 (raised priority)
Repository priorities in effect: (See 'zypper lr -P' for details)
90 (raised priority) : 1 repository
99 (default priority) : 6 repositories
10:~ # zypper refresh packman-essentials
New repository or package signing key received:
Repository: packman-essentials
Key Fingerprint: F887 5B88 0D51 8B6B 8C53 0D13 45A1 D067 1ABD 1AFB
Key Name: PackMan Project (signing key) <packman@links2linux.de>
Key Algorithm: RSA 4096
Key Created: Tue Jan 9 00:26:14 2024
Key Expires: Fri Sep 13 01:17:21 2024 (expires in 89 days)
Rpm Name: gpg-pubkey-1abd1afb-659c6876
Note: Signing data enables the recipient to verify that no modifications
occurred after the data were signed. Accepting data with no, wrong or
unknown signature can lead to a corrupted system and in extreme cases even
to a system compromise.
Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on
the key's name. If you are not sure whether the presented key is authentic,
ask the repository provider or check their web site. Many providers maintain
a web page showing the fingerprints of the GPG keys they are using.
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): t
Retrieving repository 'packman-essentials' metadata ......................[done]
Building repository 'packman-essentials' cache ...........................[done]
Specified repositories have been refreshed.
10:~ # rpm -qa gpg-pubkey\* | sort > /tmp/keys.2
10:~ # diff -up /tmp/keys.*
So no keys were stored permanently. And if you now install packages from this repository:
10:~ # zypper in -r packman-essentials vlc
...
The following NEW package is going to be installed:
vlc
1 new package to install.
Overall download size: 684.3 KiB. Already cached: 0 B. After the operation,
additional 1.7 MiB will be used.
Backend: classic_rpmtrans
Continue? [y/n/v/...? shows all options] (y):
Retrieving: vlc-3.0.20-1699.11.pm.19.x86_64 (packman-essentials)
(1/1), 684.3 KiB
Retrieving: vlc-3.0.20-1699.11.pm.19.x86_64.rpm ............[done (559.6 KiB/s)]
Checking for file conflicts: .............................................[done]
warning: /var/cache/zypp/packages/packman-essentials/x86_64/vlc-3.0.20-1699.11.pm.19.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 1abd1afb: NOKEY
And if you remove this repository and re-add it again you will get exactly the same question about trusting repository key.
10:~ # zypper rr packman-essentials
Removing repository 'packman-essentials' .................................[done]
Removing repository 'packman-essentials' .................................[done]
Repository 'packman-essentials' has been removed.
10:~ # zypper ar -cfp 90 'https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/' packman-essentials
Adding repository 'packman-essentials' ...................................[done]
Repository 'packman-essentials' successfully added
URI : https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/Essentials/
Enabled : Yes
GPG Check : Yes
Autorefresh : Yes
Priority : 90 (raised priority)
Repository priorities in effect: (See 'zypper lr -P' for details)
90 (raised priority) : 1 repository
99 (default priority) : 6 repositories
10:~ # zypper refresh packman-essentials
New repository or package signing key received:
Repository: packman-essentials
Key Fingerprint: F887 5B88 0D51 8B6B 8C53 0D13 45A1 D067 1ABD 1AFB
Key Name: PackMan Project (signing key) <packman@links2linux.de>
Key Algorithm: RSA 4096
Key Created: Tue Jan 9 00:26:14 2024
Key Expires: Fri Sep 13 01:17:21 2024 (expires in 89 days)
Rpm Name: gpg-pubkey-1abd1afb-659c6876
Note: Signing data enables the recipient to verify that no modifications
occurred after the data were signed. Accepting data with no, wrong or
unknown signature can lead to a corrupted system and in extreme cases even
to a system compromise.
Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on
the key's name. If you are not sure whether the presented key is authentic,
ask the repository provider or check their web site. Many providers maintain
a web page showing the fingerprints of the GPG keys they are using.
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): r