Any idea what’s causing this and what I should do?
Retrieving repository 'NVIDIA Repository' metadata \]
Signature verification failed for file 'repomd.xml' from repository 'NVIDIA Repository'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no): no
As the message sais, it is probable that the repo.xml has been damaged or altered. I would wait for the repo be updated or refreshed and try again later. Often the error is corrected. But then, what do you do. Since you do not know the real fingerprint of the signature you will then have to blindly accept it. If you do not feel comfortable with this situation you may register in openFATE (the openSUSE feature request site) and vote for the feature that I pass on in my signature. So the next time it will even have more success to wait. (There are already 19 votes, we may finally get this through, … if we are enough to make our voice be heard).
Thank you for the script and for voting. Together with the page to control for the key versions this script can be very interesting. We really have to get a better infrastructure. And it would take little to get it done, IMO.
Thank you for adding your voice and your vote. When errors of this kind occur it is advisable to wait. Either somebody forgot to sign a package or the repo is being updated. In the worst case scenario somebody may have altered the repo. It was a good choice to wait for the error not to show up any more.