openSUSE 11.2 install DVD invalid signature

I downloaded openSUSE 11.2 and burned it to a DVD. When I boot from the DVD and select Install from CD/DVD, I get “invalid signature” and “repository not found” errors. When I select verify installation media, after about 15 minutes it says no errors found. How do I fix the signature error? It takes hours to download the ISO image which appears to be valid.

How do you mean the image appears to be valid? Did you test it with a MD5SUM checking program. If not, please don’t skip this step.

Nonetheless, if the DVD passes the self-check that’s a point in favour. However it could be that the drive or media is flaky. Maybe it passed the self-check with many read retries, 15 minutes is a long time to self-test a DVD, all it has to do is read every block and compute the checksum.

Try the self-test again. Do you have a better DVD drive or a better quality media to try?

md5sum passed

I’m downloading gpg4win right now to see if I can verify the signature of the iso on my Windows machine.

My linux machine is a vintage (2000) HP pavilion with only one DVD drive. I didn’t have any trouble upgrading from 10.2 to 11.1 last year. A couple of months ago I installed 11.2 on a machine at work without any problems, so I’m surprised that I’m seeing this message now.


be sure that you didn’t combine downloads from different dates/times
on one DVD, instead of burning an image of the DVD downloaded
from openSUSE web site.

‘invalid signature’ errors may already occur, if you replaced any of the
rpm’s by a newer one with the same name (the signature is used to
ensure that no one manipulated parts of the repositories).

‘repository not found’ errors may occur, if the name of the rpm changed
(possibly because the version of the piece of software changed).

Did you burn the DVD yourself ?

Good luck !

Optical drives sometimes do suddenly fail when it was working fine the day before. So a bad drive is not out of the question.

Thank you for trying to help, but I took the obvious approach and checked the signing key. It took a day, but I finally got GPG4Win installed, downloaded the public key, and tested the ISO file.

>gpg -v --verify openSUSE-11.2-DVD-i586.iso.asc openSUSE-11.2

gpg: armor header: Version: GnuPG v1.0.7 (GNU/Linux)

gpg: Signature made 11/09/09 05:56:56 Central Standard Time using DSA key ID 9C8
gpg: NOTE: signature key 9C800ACA expired 05/05/10 11:22:18 Central Daylight Tim
gpg: NOTE: signature key 9C800ACA expired 05/05/10 11:22:18 Central Daylight Tim
gpg: NOTE: signature key 9C800ACA expired 05/05/10 11:22:18 Central Daylight Tim
gpg: using PGP trust model
gpg: Good signature from "SuSE Package Signing Key <>"
gpg: Note: This key has expired!
Primary key fingerprint: 79C1 79B2 E1C8 20C1 890F  9994 A84E DAE8 9C80 0ACA
gpg: binary signature, digest algorithm SHA1

It appears that I either have to wait until somebody at openSUSE posts a new ISO with an unexpired key, or I need to set the clock on my computer to before 5 May 2010 and try installing the invalid file again.

Is there a way to bypass checking the signature when booting from the openSUSE install DVD?

That expiry message was just a note. It appears that the ISO image passed the test. If it also passed the MD5SUM test and the SHA1SUM test then it’s highly likely the ISO image is ok, and you should check the integrity of the next stage.