'repomd.xml' from repository 'Google-Chrome' is signed with an unknown key

mchnz · July 15, 2022, 11:07am

In the last week or so I’ve been seeing a lot of the following errors (on Tumbleweed 20220711 an earlier releases):

Looking for gpg key ID A3B88B8B in cache /var/cache/zypp/pubkeys.
Repository Google-Chrome does not define additional 'gpgkey=' URLs.
Warning: File 'repomd.xml' from repository 'Google-Chrome' is signed with an unknown key '4EB27DB2A3B88B8B'.

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
    whole repo.

    Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
    anymore! You should not continue unless you know it's safe.

**Does anyone know why this is happening so often recently?

**I did try

wget https://dl.google.com/linux/linux_signing_key.pub
rpm --import linux_signing_key.pub

But that didn’t resolve the issue.

tnbp · July 15, 2022, 11:32am

What worked for me was removing the key in YaST -> Online Repositories, then re-importing the one you downloaded.

mchnz · July 15, 2022, 11:52am

Thanks, that worked. Yast->Software Repositories->GPG Keys showed a couple of Google related keys. I deleted both, reimported the downloaded one using rpm, and the problem has been resolved.

hui · July 15, 2022, 11:53am

Yep, you need to remove the old ones first and import them new. That worked for me too.