Another roadblock in trying to switch systems. Now I see 42.3 is almost out.
The latest issue is that after an update, it seems all repositories have an issue about integrity check. I’ve read some places just need to wait awhile. It’s been a week or more. So probably on my end.
Yast says:
Validation check Failed
File repomd.xml … is signed with the following GnuPG key, but the integrity check failed.
ID: B88B2FD43DBDC284
Fingerprint: 22C0 … C284
(I think that’s the correct fingerprint)
Signature verification failed for file 'repomd.xml' from repository 'openSUSE-Leap-42.2-Network 42.2'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
Ok, I tried that but still get
Signature verification failed for file ‘repomd.xml’ from repository ‘openSUSE-Leap-42.2-Update’.
And all the other online repositories varying with the varying failed file of ‘repomd.xml’ and ‘content’ depending on which repository.
If I then go into YaST and disable the update, add the same, and do a refresh, it says it is signed with the following GnuPG key, but the integrity check failed.
zypper ar -f http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_Leap_42.3/ packman
to add it. Note, however, that the packman repo for 42.3 does not appear to be regularly updating. For example, I do have “flash”, but it is not the latest version. It is older than the version in 42.2. I assume it will start to regularly update once 42.3 is officially released.
I’m not having a problem here. I just updated this morning (to Build 0325).
Signature verification failed for file 'repomd.xml' from repository 'openSUSE-Leap-42.2-Network 42.2'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
Note that I have only the standard repos, as originally installed, plus the packman repo. I won’t attempt to add any other repos until after the official release, as they might not even exist yet.
I did a copy and paste of your code with the “-a” on the end.
Just to be clear to everyone else, I’m still trying to switch to 42.2. Which had been updating just fine for many months until I think it was May or June.
If the clean --all doesn’t work, is there some other way to start fresh without having to reinstall the whole system?
Don’t know if this had anything to do with it, but the BTRFS was pausing the system every so often, so I found a command to disable the quota: “btrfs quota disable”. I had to do it from my 13.1 system so it wasn’t in use. Not sure if I had been able to do an update after that or not.
The “-a” is equivalent to “–all” both should do what is needed.
I’ve personally never seen a fail on a LEAP/mainstream openSUSE, or a TW which is regularly updated (approx 2 weeks or so). I’ve only had fails on TW when not updated for long periods of time (eg 6 months) and those would fail differently (package conflicts, not gpg issues).
The only thing I can think of is to remove and then re-add the TW update repo.
You can do this by doing the following
Edit - Stop!
I just realized you’re trying to fix a LEAP update repo, not a Tumbleweed!
I’ll leave this post for TW Users, but don’t add the TW repo for a LEAP install.
I’ll post the revised instructions for LEAP in a few minutes
remove the update repo
zypper rr repo-update
verify the “repo-update” has been removed
zypper lr
re-install the repo-update
zypper ar -f -n openSUSE-Tumbleweed-Update -t rpm-md http://download.opensuse.org/update/tumbleweed/ repo-update
Now you can refresh your repos, the following includes the previously given command that auto-accepts the GPG keys of the newly added repo
zypper --gpg-auto-import-keys ref
If that final command executes without error, then your problem is fixed and you can now up and dup without errors.
Retrieving repository 'Main Update Repository' metadata ----------------------------------------------------------/]
Signature verification failed for file 'repomd.xml' from repository 'Main Update Repository'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no): n
Retrieving repository 'Main Update Repository' metadata ......................................................[error]
Repository 'Main Update Repository' is invalid.
[download.opensuse.org-oss_1|http://download.opensuse.org/update/leap/42.2/oss] Valid metadata not found at specified URL
Please check if the URIs defined for this repository are pointing to a valid repository.
Skipping repository 'Main Update Repository' because of the above error.
Just to reemphasize, I get this for all repositories, update, network, extra, even Packman. They had been working ok.
Trying again, I guess I don’t understand the option list. I kept the --gpg-auto-import-keys and added the others to the end. So now copying and pasting, I get still the same:
Forcing raw metadata refresh
Retrieving: http://download.opensuse.org/update/leap/42.2/oss/media.1/media ..................................[error]
Retrieving: http://download.opensuse.org/update/leap/42.2/oss/repodata/repomd.xml.asc .........................[done]
Retrieving: http://download.opensuse.org/update/leap/42.2/oss/repodata/repomd.xml.key ...............[done (988 B/s)]
Retrieving: http://download.opensuse.org/update/leap/42.2/oss/repodata/repomd.xml .............................[done]
Repository: Main Update Repository
Key Name: openSUSE Project Signing Key <opensuse@opensuse.org>
Key Fingerprint: 22C07BA5 34178CD0 2EFE22AA B88B2FD4 3DBDC284
Key Created: Mon May 5 03:37:40 2014
Key Expires: Thu May 2 03:37:40 2024
Rpm Name: gpg-pubkey-3dbdc284-53674dd4
Signature verification failed for file 'repomd.xml' from repository 'Main Update Repository'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
Looking at “man”, I couldn’t determine if “-f” included everything or not, so I tried -b, -d, and -s. All to the same effect.
Looking in Yast under the keys, I came across this:
Key: E3A5C360307E3D54
Name: SuSE Package Signing Key <build@suse.de>
Finger Print: 4E98E67519D98DC7362A5990E3A5C360307E3D54
Created: 05/04/2010
Expires: 05/03/2014 (The key is expired.)
I’m not sure I follow. It was a package signing key which didn’t seem to be associated with a repo.
I deleted the key in Yast and then ran the zypper -vvvv ref -f
with the same results.
However, when I did a refresh from Yast, I saw it did update some repos (OSS at least), but not the update one, though. Should I delete all keys? It never added the one back. Would it hurt to delete all the keys?
I’ve never understood them and during the install it asks if you want to trust the keys and you hope it’s ok. But if you always trust the keys, do they do any good?
)…