Signature verification failed for file 'repomd.xml' from repository 'openSUSE-Leap-42.2-Update'.

English Install/Boot/Login
21

Well, my admin is not very smart :wink:

I deleted the “extra” key, then tried to refresh the “extra” repo, but same message.
So then I deleted ALL the keys.
Now it’s saying,

Import Untrusted GnuPG Key
The following GnuPG key has been found in repository 
Main Update Repository
....

I cannot remember if this is normal when I first installed the system or not. The fingerprint and expiration matches what you gave.
I said trust.
But then it pops up with Validation Check Failed
File repomd.xml from …
is signed with the following GnuPG key, but the integrity check failed:

So what does this mean?

22

And why If I try to add a community repository, there is nothing in the list to choose from? Could that be a connected problem?

23

There is a Snapper snapshot on 6/21/17 which is the last time I was able to update the system.
There is also a snapshot at 6/20. Should I select all items at the 6/20 or 6/21 snapshot and click restore selected? Could that fix the problem without causing others? There was a kernel update then.

24

Hi
Nope, I would delete all your repos and then re-add…

Can you post the output from this first;


zypper lr -d
25 
zypper lr -d
Repository priorities in effect:                                                                                                                                                                                                              (See 'zypper lr -P' for details)
      98 (raised priority)  :  2 repositories
      99 (default priority) :  7 repositories

#  | Alias                               | Name                                    | Enabled | GPG Check | Refresh | Priority | Type     | URI                                                                                              | Service
---+-------------------------------------+-----------------------------------------+---------+-----------+---------+----------+----------+--------------------------------------------------------------------------------------------------+--------
 1 | Downloads_42.2                      | Downloads 42.2                          | Yes     | ( p) Yes  | Yes     |   98     | plaindir | dir:///homedata/kit/Downloads/42.2/                                                              |        
 2 | ISO-openSUSE-42.2                   | ISO-openSUSE-42.2                       | Yes     | (r ) Yes  | Yes     |   98     | yast2    | iso:///?iso=openSUSE-Leap-42.2-DVD-x86_64.iso&url=dir%3A%2Fhomedata%2Fkit%2FDownloads%2FLinuxISO |        
 3 | Network_42.2                        | openSUSE-Leap-42.2-Network 42.2         | Yes     | ( p) Yes  | Yes     |   99     | rpm-md   | http://download.opensuse.org/repositories/network/openSUSE_Leap_42.2/                            |        
 4 | download.opensuse.org-oss_1         | Main Update Repository                  | Yes     | ( p) Yes  | Yes     |   99     | rpm-md   | http://download.opensuse.org/update/leap/42.2/oss                                                |        
 5 | http-download.opensuse.org-2194930e | KDE:Extra                               | Yes     | ( p) Yes  | Yes     |   99     | rpm-md   | http://download.opensuse.org/repositories/KDE:/Extra/openSUSE_Leap_42.2/                         |        
 6 | http-opensuse-guide.org-8f1b34cf    | libdvdcss repository                    | No      | ----      | ----    |   99     | rpm-md   | http://opensuse-guide.org/repo/openSUSE_Leap_42.2/                                               |        
 7 | http-packman.inode.at-c9fa145a      | Packman Repository                      | Yes     | ( p) Yes  | Yes     |   99     | rpm-md   | http://packman.inode.at/suse/openSUSE_Leap_42.2/                                                 |        
 8 | repo-debug                          | openSUSE-Leap-42.2-Debug                | No      | ----      | ----    |   99     | NONE     | http://download.opensuse.org/debug/distribution/leap/42.2/repo/oss/                              |        
 9 | repo-debug-non-oss                  | openSUSE-Leap-42.2-Debug-Non-Oss        | No      | ----      | ----    |   99     | NONE     | http://download.opensuse.org/debug/distribution/leap/42.2/repo/non-oss/                          |        
10 | repo-debug-update                   | openSUSE-Leap-42.2-Update-Debug         | No      | ----      | ----    |   99     | NONE     | http://download.opensuse.org/debug/update/leap/42.2/oss/                                         |        
11 | repo-debug-update-non-oss           | openSUSE-Leap-42.2-Update-Debug-Non-Oss | No      | ----      | ----    |   99     | NONE     | http://download.opensuse.org/debug/update/leap/42.2/non-oss/                                     |        
12 | repo-non-oss                        | openSUSE-Leap-42.2-Non-Oss              | Yes     | ( p) Yes  | No      |   99     | yast2    | http://download.opensuse.org/distribution/leap/42.2/repo/non-oss/                                |        
13 | repo-oss                            | openSUSE-Leap-42.2-Oss                  | Yes     | ( p) Yes  | No      |   99     | yast2    | http://download.opensuse.org/distribution/leap/42.2/repo/oss/                                    |        
14 | repo-source                         | openSUSE-Leap-42.2-Source               | No      | ----      | ----    |   99     | NONE     | http://download.opensuse.org/source/distribution/leap/42.2/repo/oss/                             |        
15 | repo-source-non-oss                 | openSUSE-Leap-42.2-Source-Non-Oss       | No      | ----      | ----    |   99     | yast2    | http://download.opensuse.org/source/distribution/leap/42.2/repo/non-oss/                         |        
16 | repo-update-non-oss                 | openSUSE-Leap-42.2-Update-Non-Oss       | Yes     | ( p) Yes  | Yes     |   99     | rpm-md   | http://download.opensuse.org/update/leap/42.2/non-oss/

Hope you can read that ok. Note I have several disabled repositories.
More than once, I’ve deleted the update one and re-added with no benefit.

26

Hi
OK, if you disable repo # 1 and # 2 (you should have repos all at 99 these days…) then try a refresh…


zypper mr -d -R 1 2
zypper ref

Does that make a difference?

If not, lets delete and re-add.

27

Priorities at 99?

Repository priorities are without effect. All enabled repositories share the same priority.

Meaning meaningless? I wanted my local large downloads to be used before using my slow internet for others. Not exactly sure that ever worked, though.

I deleted all repositories, did a

zypper ls
No services defined. Use the 'zypper addservice' command to add one or more services.
zypper clean -a 
Could not clean the repositories because of errors.

Maybe expected?

Then added only:

zypper ar -f -n "Main Update Repository" -t rpm-md http://download.opensuse.org/update/leap/42.2/oss  download.opensuse.org-oss_1
zypper --gpg-auto-import-keys ref
Retrieving repository 'Main Update Repository' metadata -------------------------------------------------------------------------\]

Automatically importing the following key:

  Repository:       Main Update Repository                              
  Key Name:         openSUSE Project Signing Key <opensuse@opensuse.org>
  Key Fingerprint:  22C07BA5 34178CD0 2EFE22AA B88B2FD4 3DBDC284        
  Key Created:      Mon May  5 03:37:40 2014                            
  Key Expires:      Thu May  2 03:37:40 2024                            
  Rpm Name:         gpg-pubkey-3dbdc284-53674dd4                        


Signature verification failed for file 'repomd.xml' from repository 'Main Update Repository'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
28

Hi
Remove the rpm…


rpm -qa |grep pubkey
rpm -e gpg-pubkey-3dbdc284-53674dd4
zypper ref

That should clean it out…

I was going to get you to change a few things first, this should add them back… :wink:


zypper ar -f -g -n "openSUSE-Leap-42.2-Network" http://download.opensuse.org/repositories/network/openSUSE_Leap_42.2/ repo-network
zypper ar -f -g -n "openSUSE-Leap-42.2-Oss-Update" http://download.opensuse.org/update/leap/42.2/oss/ repo-oss-update
zypper ar -f -g -n "KDE:Extra" http://download.opensuse.org/repositories/KDE:/Extra/openSUSE_Leap_42.2/ repo-kde-extra
zypper ar -f -g -n "Packman Repository" http://packman.inode.at/suse/openSUSE_Leap_42.2/ repo-packman
zypper ar -f -g -n "openSUSE-Leap-42.2-Non-Oss" http://download.opensuse.org/distribution/leap/42.2/repo/non-oss/ repo-non-oss
zypper ar -f -g -n "openSUSE-Leap-42.2-Oss" http://download.opensuse.org/distribution/leap/42.2/repo/oss/ repo-oss
zypper ar -f -g -n "openSUSE-Leap-42.2-Update-Non-Oss" http://download.opensuse.org/update/leap/42.2/non-oss/ repo-update-non-oss
29

Ok, done.

zypper lr
Repository priorities are without effect. All enabled repositories share the same priority.

# | Alias               | Name                              | Enabled | GPG Check | Refresh
--+---------------------+-----------------------------------+---------+-----------+--------
1 | repo-kde-extra      | KDE:Extra                         | Yes     | ( p) Yes  | Yes    
2 | repo-network        | openSUSE-Leap-42.2-Network        | Yes     | ( p) Yes  | Yes    
3 | repo-non-oss        | openSUSE-Leap-42.2-Non-Oss        | Yes     | ( p) Yes  | Yes    
4 | repo-oss            | openSUSE-Leap-42.2-Oss            | Yes     | ( p) Yes  | Yes    
5 | repo-oss-update     | openSUSE-Leap-42.2-Oss-Update     | Yes     | ( p) Yes  | Yes    
6 | repo-packman        | Packman Repository                | Yes     | ( p) Yes  | Yes    
7 | repo-update-non-oss | openSUSE-Leap-42.2-Update-Non-Oss | Yes     | ( p) Yes  | Yes
30

Sorry about jumping the gun, I was only trying to be efficient. Were you trying to get me to generate that add-back code before deleting?

31

Hi
So did the refresh work now?

Need to add your other ones back as well if you want, iso and plaindir’s are a bit different…

32

Nope, same thing. Unless I missed something.

 zypper ref
Retrieving repository 'KDE:Extra' metadata --------------------------------------------------------------------------------------|]

New repository or package signing key received:

  Repository:       KDE:Extra                                           
  Key Name:         KDE:Extra OBS Project <KDE:Extra@build.opensuse.org>
  Key Fingerprint:  1A04160E 8C77D8FE 43CA364B 20F8C4F4 0D210A40        
  Key Created:      Thu Oct 27 14:38:47 2016                            
  Key Expires:      Sat Jan  5 13:38:46 2019                            
  Rpm Name:         gpg-pubkey-0d210a40-581257c7                        


Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): t
Signature verification failed for file 'repomd.xml' from repository 'KDE:Extra'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no): n

Seems like something’s not being cleared out or set up.

33

Hi
So delete all the gpg-pubkey rpm’s and refresh again…

34 
rpm -qa |grep pubkey
(nothing)
rpm -e gpg-pubkey-3dbdc284-53674dd4
error: package gpg-pubkey-3dbdc284-53674dd4 is not installed
zypper ref
Retrieving repository 'KDE:Extra' metadata --------------------------------------------------------------------------------------|]

New repository or package signing key received:

  Repository:       KDE:Extra                                           
  Key Name:         KDE:Extra OBS Project <KDE:Extra@build.opensuse.org>
  Key Fingerprint:  1A04160E 8C77D8FE 43CA364B 20F8C4F4 0D210A40        
  Key Created:      Thu Oct 27 14:38:47 2016                            
  Key Expires:      Sat Jan  5 13:38:46 2019                            
  Rpm Name:         gpg-pubkey-0d210a40-581257c7                        


Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): t
Signature verification failed for file 'repomd.xml' from repository 'KDE:Extra'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
35

Hi
Disable that one and try the rest…

36

I disabled that one and just hit no on the others. Every one had same message about verification failed.

37

The local repos didn’t have the verification message. I assume no verification needed. Since Packman is included, it’s not opensuse issue, besides no one else having it. It’s almost like my system is calculating the verification incorrectly. Or using a different charset. Is there some verification program/script which could have gotten damaged and I could download a new copy?

38

Hi
OK, use the ‘a’ option for them all and then delete all the pubkey rpms, and try another refresh…

All very strange…

39

No public keys were added.
Assuming the ‘a’ option is ‘always trust’.
There was no different effect.

To simplify things, should I delete all the repositories and only have one. Which one would be required or useful for testing?

40

I’m going to have to call it quits for now. Thank you trying to help me. Let me know of any other suggestions and I’ll try them later.