Reset zypper/rpm repository key

I accidentally accpeted an unverified repository key in zypper:

sudo zypper dup
[sudo] password for root:
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.
Repository Foobaroo does not define 'gpgkey=' URLs.
Warning: File 'repomd.xml' from repository 'Foobaroo' is signed with an unknown key 'SuperJesus123'.

    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
    whole repo.

    Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
    anymore! You should not continue unless you know it's safe.

File 'repomd.xml' from repository 'Foobaroo' is signed with an unknown key 'SuperJesus123'.
Continue? [yes/no] (no): yes

How can I undo this decision in zypper/rpm and reset the “key trusted” flag for this repository?

Look at this example:

knurpht@Lenovo-P16:~/Video> rpmkeys --list
29b700a4-62b07e22: openSUSE Project Signing Key <opensuse@opensuse.org> public key
3fa1d6ce-63c9481c: SUSE Package Signing Key <build@suse.de> public key
39db7c82-510a966b: SuSE Package Signing Key <build@suse.de> public key
05905ea8-47965b46: server:database OBS Project <server:database@build.opensuse.org> public key
16bd9233-676419e4: Vivaldi Package Composer KEY11 <packager@vivaldi.com> public key
1abd1afb-450ef738: PackMan Project (signing key) <packman@links2linux.de> public key
23c4e4de-519a75bc: home:mkubecek OBS Project <home:mkubecek@build.opensuse.org> public key
957f5868-5e5499b8: Tailscale Inc. (Package repository signing key) <info@tailscale.com> public key
be1229cf-5631588c: Microsoft (Release signing) <gpgsecurity@microsoft.com> public key
e6e5a213-697c7c69: systemsmanagement OBS Project <systemsmanagement@build.opensuse.org> public key
17280ddf-5241b7fc: network OBS Project <network@build.opensuse.org> public key
73611e28-674c004a: Education OBS Project <Education@build.opensuse.org> public key
74c35bc8-65afa692: Vivaldi Package Composer KEY10 <packager@vivaldi.com> public key

Now we remove the Vivaldi one:

knurpht@Lenovo-P16:~/Video> sudo rpmkeys --delete 74c35bc8-65afa692

and …

knurpht@Lenovo-P16:~/Video> rpmkeys --list
29b700a4-62b07e22: openSUSE Project Signing Key <opensuse@opensuse.org> public key
3fa1d6ce-63c9481c: SUSE Package Signing Key <build@suse.de> public key
39db7c82-510a966b: SuSE Package Signing Key <build@suse.de> public key
05905ea8-47965b46: server:database OBS Project <server:database@build.opensuse.org> public key
16bd9233-676419e4: Vivaldi Package Composer KEY11 <packager@vivaldi.com> public key
1abd1afb-450ef738: PackMan Project (signing key) <packman@links2linux.de> public key
23c4e4de-519a75bc: home:mkubecek OBS Project <home:mkubecek@build.opensuse.org> public key
957f5868-5e5499b8: Tailscale Inc. (Package repository signing key) <info@tailscale.com> public key
be1229cf-5631588c: Microsoft (Release signing) <gpgsecurity@microsoft.com> public key
e6e5a213-697c7c69: systemsmanagement OBS Project <systemsmanagement@build.opensuse.org> public key
17280ddf-5241b7fc: network OBS Project <network@build.opensuse.org> public key
73611e28-674c004a: Education OBS Project <Education@build.opensuse.org> public key
c862b42c-67d96246: games OBS Project <games@build.opensuse.org> public key

it’s gone.

Thank you for your response! I think this is good advice.

In my case it didn’t work because my particular repo stored the key in its metadata cache and not in rpmkeys. I cleaned that cache and it reprompted me for the key. So I guess this is resolved

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.