Signature verification for Repository Leap_15.2 failed

Hi,

Software updates → Error

The key is expired:

k_backend_zypp:2020-12-10 16:34:22 <1> opensusesrv.localdomain(2042) [zypp::KeyRing] KeyRing.cc(getData):166 [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]

opensusesrv:/var/log # uname -a
Linux opensusesrv.localdomain 5.3.18-lp152.57-default #1 SMP Fri Dec 4 07:27:58 UTC 2020 (7be5551) x86_64 x86_64 x86_64 GNU/Linux

opensusesrv:/var/log # cat /etc/SUSE-brand
openSUSE
VERSION = 15.2

Regards,
MM

Please post the complette output of:

zypper up

Use Code-Tags:
https://forums.opensuse.org/showthread.php/536143-Using-Code-Tags-Around-Your-Paste


opensusesrv:/ # zypper up
Loading repository data...
Reading installed packages...

The following 13 package updates will NOT be installed:
  liba52-0 libBasicUsageEnvironment1 libgroupsock8 libmpeg2-0 libUsageEnvironment3 libvlc5 libvlccore9 vlc vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau

Nothing to do.

In the /var/log files I found this:


opensusesrv:/var/log # grep -r -i expired * 
pk_backend_zypp:2020-12-07 16:59:41 <1> opensusesrv.localdomain(2070) [zypp::KeyRing] KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]
...
pk_backend_zypp:2020-12-10 16:25:35 <1> opensusesrv.localdomain(7532) [zypp::KeyRing] KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]
...
YaST2/y2log:2020-12-10 16:23:51 <1> opensusesrv.localdomain(4358) [zypp::KeyRing] KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]
zypper.log:2020-12-07 20:41:32 <1> opensusesrv(983) [zypp::KeyRing] KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]
zypper.log:2020-12-10 20:14:06 <1> opensusesrv.localdomain(2662) [zypp::KeyRing] KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key <build@suse.de>] [expired: 2020-12-06]

I try update the software using YaST Software Repository, but I can’t attach the captured image with the error on this post. The content of GPG Public Key Management is this:


 Key: 70AF9E8139DB7C82

 


  - Name: SuSE Package Signing Key <build@suse.de> 
  - Finger Print: FEAB502539D846DB2C0961CA70AF9E8139DB7C82 
  - Created: 07/12/16 
  - Expires: 06/12/20 (The key is expired.) 



I press the button Refresh all Enable in YaST Software Repository, but “The key is expired” continues.

I do not know where you get that key, but delete the key in Yast—Software-Repositories in the right lower Corner----gpg-keys (or so)
If a key is necessary, you will be asked for that and trust or not…

I have that expired key. But it is not causing any issues.

So I deleted the key. Then I refreshed the repos. There was no request for that key.

Then I enabled all repos (even source and debug) and again refreshed. Still no request for that key.

My current guess – that is the key for the install media repo. I removed that repo long ago, so it was not one of those that I just tested.

I install this opensuse Leap 15.2 on Nov 03, 2020. Today I look on YaST Software Respositories → GPG Keys…,
and in the GPG Public Key Management I found two “SuSE Package Signing Key”. I delete the expired, and
the system works. I don’t use zypp u other update system, only YaST2 using KDE.

Now, this is the running key:

 
 Key: E3A5C360307E3D54

 


  - Name: SuSE Package Signing Key <build@suse.de> 
  - Finger Print: 4E98E67519D98DC7362A5990E3A5C360307E3D54 
  - Created: 15/03/18 
  - Expires: 14/03/22 



For today, the /var/log/YaST2/y2log reports this.

 
2020-12-11 05:39:28 <1> opensusesrv.localdomain(4805) [Ruby] modules/SignatureCheckCallbacks.rb:285 Trusted key has been removed: 70AF9E8139DB7C82 / FEAB502539D846DB2C0961CA70AF9E8139DB7C82 (SuSE Package Signing Key <build@suse.de>)

Why I was working until the last weekend with two keys from “SuSE Package Signing Key”?

From this week, the wrong key is 70AF9E8139DB7C82, and the valid is B88B2FD43DBDC284.

About the expired key (70AF9E8139DB7C82), this is the log from yesterday (translate “caducado” like “expired”)


opensusesrv:/var/log # grep 70AF9E8139DB7C82 YaST2/y2log
...
2020-12-10  20:30:53 <1> opensusesrv.localdomain(3262) [zypp::KeyRing]  KeyRing.cc(getData):166   [70AF9E8139DB7C82-5847eb1f] [SuSE Package  Signing Key <build@suse.de>] [caducado: 2020-12-06]
2020-12-10  20:30:53 <1> opensusesrv.localdomain(3262) [zypp::KeyRing]  KeyRing.cc(dumpPublicKeyToTmp):395 Going to export key  [70AF9E8139DB7C82] from /var/tmp/zypp.PVniSY/zypp-trusted-krWRROFr to  /var/tmp/zypp.PVniSY/pubkey-70AF9E8139DB7C82-sGJZ0m
2020-12-10  20:30:53 <1> opensusesrv.localdomain(3262) [zypp::KeyRing]  KeyRing.cc(publicKeys):581 Found key [70AF9E8139DB7C82-5847eb1f] [SuSE  Package Signing Key <build@suse.de>] [caducado: 2020-12-06]
2020-12-10  20:30:54 <1> opensusesrv.localdomain(3262) [zypp]  PathInfo.cc(unlink):659 unlink  /var/tmp/zypp.PVniSY/pubkey-70AF9E8139DB7C82-sGJZ0m
2020-12-10  20:30:54 <1> opensusesrv.localdomain(3262) [zypp++]  TmpPath.cc(~Impl):78 TmpPath cleaned up  /var/tmp/zypp.PVniSY/pubkey-70AF9E8139DB7C82-sGJZ0m{- 0600 0/0 size 937}
2020-12-10  20:30:54 <1> opensusesrv.localdomain(3262) [Ruby]  modules/KeyManager.rb:49 Read configuration: $"created":"02/11/20",  "created_raw":1604327510, "expires":"02/11/23",  "expires_raw":1698935510,  "fingerprint":"BC8D780DE3308581B2E0708533DE8FB7C8DA93D2",  "id":"33DE8FB7C8DA93D2", "name":"Dominique Leuenberger (VLC openSUSE  Repository) <dominique-vlc.suse@leuenberger.net>",  "path":"/var/tmp/zypp.PVniSY/pubkey-33DE8FB7C8DA93D2-h7pxr2",  "trusted":true], $"created":"05/05/14", "created_raw":1399279060,  "expires":"02/05/24", "expires_raw":1714639060,  "fingerprint":"22C07BA534178CD02EFE22AAB88B2FD43DBDC284",  "id":"B88B2FD43DBDC284", "name":"openSUSE Project Signing Key  <opensuse@opensuse.org>",  "path":"/var/tmp/zypp.PVniSY/pubkey-B88B2FD43DBDC284-sX6wGH",  "trusted":true], $"created":"07/12/16", "created_raw":1481108255,  "expires":"06/12/20", "expires_raw":1607252255,  "fingerprint":"FEAB502539D846DB2C0961CA70AF9E8139DB7C82",  "id":"70AF9E8139DB7C82", "name":"SuSE Package Signing Key  <build@suse.de>",  "path":"/var/tmp/zypp.PVniSY/pubkey-70AF9E8139DB7C82-sGJZ0m",  "trusted":true], $"created":"15/03/18", "created_raw":1521127589,  "expires":"14/03/22", "expires_raw":1647271589,  "fingerprint":"4E98E67519D98DC7362A5990E3A5C360307E3D54",  "id":"E3A5C360307E3D54", "name":"SuSE Package Signing Key  <build@suse.de>",  "path":"/var/tmp/zypp.PVniSY/pubkey-E3A5C360307E3D54-SEH9p2",  "trusted":true]]
2020-12-11 05:37:57 <1>  opensusesrv.localdomain(4805) [zypp::KeyRing] KeyRing.cc(getData):166    [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key  <build@suse.de>] [caducado: 2020-12-06]
2020-12-11 05:37:58  <1> opensusesrv.localdomain(4805) [zypp::KeyRing]  KeyRing.cc(dumpPublicKeyToTmp):395 Going to export key  [70AF9E8139DB7C82] from /var/tmp/zypp.9YwIqE/zypp-trusted-krmypqa7 to  /var/tmp/zypp.9YwIqE/pubkey-70AF9E8139DB7C82-Zqfraa
2020-12-11  05:37:58 <1> opensusesrv.localdomain(4805) [zypp::KeyRing]  KeyRing.cc(publicKeys):581 Found key [70AF9E8139DB7C82-5847eb1f] [SuSE  Package Signing Key <build@suse.de>] [caducado: 2020-12-06]
2020-12-11  05:37:59 <1> opensusesrv.localdomain(4805) [zypp]  PathInfo.cc(unlink):659 unlink  /var/tmp/zypp.9YwIqE/pubkey-70AF9E8139DB7C82-Zqfraa
2020-12-11  05:37:59 <1> opensusesrv.localdomain(4805) [zypp++]  TmpPath.cc(~Impl):78 TmpPath cleaned up  /var/tmp/zypp.9YwIqE/pubkey-70AF9E8139DB7C82-Zqfraa{- 0600 0/0 size 937}
2020-12-11  05:37:59 <1> opensusesrv.localdomain(4805) [Ruby]  modules/KeyManager.rb:49 Read configuration: $"created":"02/11/20",  "created_raw":1604327510, "expires":"02/11/23",  "expires_raw":1698935510,  "fingerprint":"BC8D780DE3308581B2E0708533DE8FB7C8DA93D2",  "id":"33DE8FB7C8DA93D2", "name":"Dominique Leuenberger (VLC openSUSE  Repository) <dominique-vlc.suse@leuenberger.net>",  "path":"/var/tmp/zypp.9YwIqE/pubkey-33DE8FB7C8DA93D2-HFIypK",  "trusted":true], $"created":"05/05/14", "created_raw":1399279060,  "expires":"02/05/24", "expires_raw":1714639060,  "fingerprint":"22C07BA534178CD02EFE22AAB88B2FD43DBDC284",  "id":"B88B2FD43DBDC284", "name":"openSUSE Project Signing Key  <opensuse@opensuse.org>",  "path":"/var/tmp/zypp.9YwIqE/pubkey-B88B2FD43DBDC284-Xhunfs",  "trusted":true], $"created":"07/12/16", "created_raw":1481108255,  "expires":"06/12/20", "expires_raw":1607252255,  "fingerprint":"FEAB502539D846DB2C0961CA70AF9E8139DB7C82",  "id":"70AF9E8139DB7C82", "name":"SuSE Package Signing Key  <build@suse.de>",  "path":"/var/tmp/zypp.9YwIqE/pubkey-70AF9E8139DB7C82-Zqfraa",  "trusted":true], $"created":"15/03/18", "created_raw":1521127589,  "expires":"14/03/22", "expires_raw":1647271589,  "fingerprint":"4E98E67519D98DC7362A5990E3A5C360307E3D54",  "id":"E3A5C360307E3D54", "name":"SuSE Package Signing Key  <build@suse.de>",  "path":"/var/tmp/zypp.9YwIqE/pubkey-E3A5C360307E3D54-9kicaS",  "trusted":true]]
2020-12-11 05:38:58 <1>  opensusesrv.localdomain(4805) [Ruby] packager/key_manager_dialogs.rb:320  WaitForEvent: $"event":$"EventReason":"Activated", "EventSerialNo":8,  "EventType":"WidgetEvent", "ID":`delete, "WidgetClass":`PushButton,  "WidgetDebugLabel":"Delete", "WidgetID":`delete],  "selected":"70AF9E8139DB7C82"]
2020-12-11 05:38:58 &lt;1&gt;  opensusesrv.localdomain(4805) [Ruby] packager/key_manager_dialogs.rb:327  Selected key: 70AF9E8139DB7C82, action: `delete
2020-12-11 05:39:28  <1> opensusesrv.localdomain(4805) [Ruby] modules/KeyManager.rb:105  Deleting key 70AF9E8139DB7C82 ('SuSE Package Signing Key  <build@suse.de>')
2020-12-11 05:39:28 <1>  opensusesrv.localdomain(4805) [zypp::KeyRing]  KeyRing.cc(publicKeyExists):366 Found key [70AF9E8139DB7C82] in keyring  /var/tmp/zypp.9YwIqE/zypp-trusted-krmypqa7
2020-12-11 05:39:28  <1> opensusesrv.localdomain(4805) [zypp::KeyRing]  KeyRing.cc(deleteKey):335 Deleted key [70AF9E8139DB7C82] from  trustedKeyRing
2020-12-11 05:39:28 <1>  opensusesrv.localdomain(4805) [librpmDb] RpmDb.cc(removePubkey):869 Key  [70AF9E8139DB7C82-5847eb1f] [SuSE Package Signing Key  <build@suse.de>] [caducado: 2020-12-06] has been removed from RPM  trusted keyring
2020-12-11 05:39:28 <1>  opensusesrv.localdomain(4805) [Ruby]  modules/SignatureCheckCallbacks.rb:285 Trusted key has been removed:  70AF9E8139DB7C82 / FEAB502539D846DB2C0961CA70AF9E8139DB7C82 (SuSE  Package Signing Key <build@suse.de>)