I know it says leap 42.1, but it should work for Leap 15.1 right? It did for leap 15.
It is after the
zypper ref
instruction that the error first occurs.
The repo is added to the YaST list.
Then subsequently in YaST, the following error messages popup.
I get this error
File repomd.xml from repository Google-Chrome
http://dl.google.com/linux/chrome/rpm/stable/x86_64
is signed with the following GnuPG key, but the integrity check failed:
ID: 7721F63BD38B4796
Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
Name: Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
Created: 04/12/2016
Expires: Never
The file has been changed, either by accident or by an attacker,
since the repository creator signed it. Using it is a big risk
for the integrity and security of your system.
Use it anyway?
Right or wrong, I answered Yes to that question.
And this
Cannot access installation media
http://dl.google.com/linux/chrome/rpm/stable/x86_64
(Medium 1).
Check whether the server is accessible.
Not having an issue with Flash. I know Flash is pretty well a goner, but there are still places that use it. Most of my banking, my ex-employer, Facebook in some areas, even some online gaming. Places that don’t want to pay for the change to HTML5 or other ways of presenting the same things that they do with Flash.
The issue is Google and it’s bad PGP key for it’s repository.
I am wondering if removing the Google Chrome repository and installing(extracting) from the download.will work and eliminate the error every time there is an update?
Hi
It should just be a key removal required via YaST, then on the next refresh it should provide the new key for you to add…
Via YaST -> Software Repositories, bottom right press the GPG Key button and delete the Google one… On next refresh it will retrieve the new key for you to accept.
IIRC that’s not going to address the problem, it’s an internal check embedded in the code.
There are probably 4 Forum threads on this over the past decade, and IIRC one of them even described how to address the problem but it’s likely more trouble to remember how to address the problem vs simply ignoring the GPG check which is the usual recommendation.
su -
zypper in /data/repositories/Downloads/google-chrome-stable_current_x86_64.rpm
The following NEW package is going to be installed:
google-chrome-stable
1 new package to install.
Overall download size: 55.7 MiB. Already cached: 0 B. After the operation, additional 196.3 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
Retrieving package google-chrome-stable-74.0.3729.169-1.x86_64 (1/1), 55.7 MiB (196.3 MiB unpacked)
google-chrome-stable_current_x86_64.rpm:
Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
Looking for gpg key ID 7FAC5991 in cache /var/cache/zypp/pubkeys.
Repository Plain RPM files cache does not define additional 'gpgkey=' URLs.
google-chrome-stable-74.0.3729.169-1.x86_64 (Plain RPM files cache): Signature verification failed [4-Signatures public key is not available]
wget https://dl.google.com/linux/linux_signing_key.pub
--2019-05-29 21:50:37-- https://dl.google.com/linux/linux_signing_key.pub
Resolving dl.google.com (dl.google.com)... 216.58.194.110, 2607:f8b0:4000:80c::200e
...
2019-05-29 21:50:37 (2.24 MB/s) - ‘linux_signing_key.pub’ saved [8038/8038]
rpm --import linux_signing_key.pub
rpm -qi gpg-pubkey-7fac5991-*
Name : gpg-pubkey
Version : 7fac5991
Release : 4615767f
Architecture: (none)
Install Date: Wed May 29 21:50:45 2019
Group : Public Keys
Size : 0
License : pubkey
Signature : (none)
Source RPM : (none)
Build Date : Thu Apr 5 17:21:51 2007
Build Host : localhost
Relocations : (not relocatable)
Packager : Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
Summary : gpg(Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----
Distribution: (none)
rpm --checksig -v /data/repositories/Downloads/google-chrome-stable_current_x86_64.rpm
/data/repositories/Downloads/google-chrome-stable_current_x86_64.rpm:
Header V4 DSA/SHA1 Signature, key ID 7fac5991: OK
Header SHA1 digest: OK
V4 DSA/SHA1 Signature, key ID 7fac5991: OK
MD5 digest: OK
zypper in /data/repositories/Downloads/google-chrome-stable_current_x86_64.rpm
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW package is going to be installed:
google-chrome-stable
1 new package to install.
Overall download size: 55.7 MiB. Already cached: 0 B. After the operation, additional 196.3 MiB will be used.
Continue? [y/n/v/...? shows all options] (y):
Hi
The repository gets automatically added via the post process of the rpm install, no need to manually add, it also adds a daily cron job (it should be a systemd service/timer job these days).
I’m referring to a separate, often reported issue that happens not with the initial and main package but when the package installation is in progress.
IIRC the error I’m referring to looks like a sub-project (package) is installed as part of the main installation.
Must be something I am not catching. Contrary to what I said about no repo PGP error on laptops, NOT TRUE! It occurs on all three of our Leap 15.1 machines.
i do not remember getting that error in Leap 15, but I could be wrong.