KDE-update: "A security trust relationship is not present..."


Have TW with KDE:

uname -a
Linux linux-iey6 4.10.4-1-default #1 SMP PREEMPT Sat Mar 18 12:29:57 UTC 2017 (e2ef894) x86_64 x86_64 x86_64 GNU/Linux

lsb_release -sircd
openSUSE "openSUSE Tumbleweed" 20170324 n/a

with these repos:

zypper lr -U -P
# | Alias                               | Name                        | Enabled | GPG Check | Refresh | Priority | URI                                                                  
4 | repo-debug                          | openSUSE-Tumbleweed-Debug   | No      | ----      | ----    |   99     | http://download.opensuse.org/debug/tumbleweed/repo/oss/              
1 | http-download.opensuse.org-04cf3a52 | openSUSE:Factory            | Yes     | (r ) Yes  | Yes     |   99     | http://download.opensuse.org/repositories/openSUSE:/Factory/snapshot/
7 | repo-source                         | openSUSE-Tumbleweed-Source  | No      | ----      | ----    |   99     | http://download.opensuse.org/source/tumbleweed/repo/oss/             
5 | repo-non-oss                        | openSUSE-Tumbleweed-Non-Oss | Yes     | (r ) Yes  | Yes     |   99     | http://download.opensuse.org/tumbleweed/repo/non-oss/                
6 | repo-oss                            | openSUSE-Tumbleweed-Oss     | Yes     | (r ) Yes  | Yes     |   99     | http://download.opensuse.org/tumbleweed/repo/oss/                    
8 | repo-update                         | openSUSE-Tumbleweed-Update  | Yes     | (r ) Yes  | Yes     |   99     | http://download.opensuse.org/update/tumbleweed/                      
3 | packman                             | packman                     | Yes     | (r ) Yes  | Yes     |   62     | http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/  
2 | http-opensuse-guide.org-b37b73e6    | libdvdcss repository        | Yes     | (r ) Yes  | Yes     |   65     | http://opensuse-guide.org/repo/openSUSE_Tumbleweed/   

For a few days now the updater from the task bar refuses to work, stating:

“Update error
A security trust relationship is not present A security trust relationship could not be made with the software origin. Please check your software signature settings.”

Updating from the console with zypper dup --no-allow-vendor-change works without problems.

How to resolve?:expressionless:

I am not a TW user, so take this with some care.

As I understood it, the taskbar widget does the equivalent of a zypper up. And that is not the way to keep TW up-to-date. Because you should use the zypper dup --no-allow-vendor-change as you already noted that works.

So better forget that widget. (I do not even have it installed on my stable openSUSE versions, but that is everybody’s personal whish).

I think I tried this at some point in the past and in TW it is something like zypper dup. As some users are not root (good reasons…) this is their only chance to update.

Users should not be able to update at all… IMHO that is a security flaw in the widget (one of the reasons to not install it, because it is the best way to not even show it to the users).

For me it is simple. Only people that know the root password are system managers and thus allowed to change anything to the installed system software.

But then, I probably would never use TW for systems where other users then myself would be accommodated for their day to day work.

… next update to TW, problem persisting. Just to add: Have TW on several machines, but only 1 installation “lacks trust”… Really strange.

Maybe missing a cert some where??

Hmmm, but zypper works? Ideas how to check/resolve? :wink:

What’s the name of this GUI-update to delete in YaST?

You mean the name of the package that gives you the update applet?

(And I also have Pakagekit not installed, because I have YaST/zypper, but that is up to you and your needs again).

Is this repository required for KDE Plasma 5 SuSe TW ?

name=Additional packages maintained by the KDE team (openSUSE_Tumbleweed)

Please, this has nothing to do with the subject of this thread. Do not create a confusing thread by jumping in with your own question/problem. Start a new thread with a good title that will draw the attention of those who know about your subject.

The question is properly raised, I can not do update SuSe TW, the same mistake as in the title. When I do this update through command zypper reported that the repository key is defective. Problem about to update write is also periodically present in openSUSE.

exact same issue on the same repository.
yast will show “do you trust” msg box, I do, after that all goes well for a day or so then next day same issue.
Not been able to find a permanent solution.

same here, installed KDE extra key maybe 4 times, keeps asking

While updating in console with zypper dup --no-allow-vendor-change I was asked for the first time today to accept the key for the KDE Extra repo. But in the graphical updater I still have no trust relationship…

pk_backend_zypp in /var/log throws this

[zypp] Exception.cc(log):137 RepoManager.cc(refreshMetadata):1206 THROW: [XX-KDE-Extra|http://download.opensuse.org/repositories/KDE:/Extra/openSUSE_Tumbleweed/] Valid metadata not found at specified URL

but zypper does accept it and shows a certificate

I appear to have a solution, i think the relevant steps are as follows:

  • check you have no duplicate keys with #rpm -q gpg-pubkey|sort, if duplicates follow [1], otherwise:
  • #sudo zypper clean --all
  • #sudo zypper --gpg-auto-import-keys ref
    check apper now works with #pkcon refresh

Thanks to give feedback to confirm

[1] https://forums.opensuse.org/showthread.php/521996-Do-I-have-ghost-repo-keys/page2

Worked for me. Thanks. I’ve been ignoring it for the last 16 days. Just got around to looking for a solution.

also seems to work for me, thank you !!

https://forums.opensuse.org/showthread.php/521996-Do-I-have-ghost-repo-keys/page2 Followed all steps in the last post, added GPG key, as seen in Yast, but after a reboot the key is gone again. Strange!

sorry guys, i proposed the fix which didn’t last. it survived several days including a reboot but ultimately the issue returned. The issue is still open for anyone who can solve it!