Signature Verification for Repository Security Failed

opensuse13 · November 21, 2014, 7:22am

Hello,

Started getting this notification a few days ago ‘Signature Verification for Repository Security Failed’. Not sure what is causing this, but below I have listed my repo list.
Thanks in Advance,

zypper lr -d

| Alias | Name | Enabled | Refresh | Priority | Type | URI | Service

—±--------------------------±-----------------------------------±--------±--------±---------±---------±--------------------------------------------------------------------------------±-------
1 | SuSE | SuSE | Yes | Yes | 99 | rpm-md | http://download.videolan.org/SuSE/13.1/ |
2 | backintime-1.0.36 | backintime-1.0.36 | Yes | Yes | 99 | plaindir | dir:///home/rW/Documents/backintime-1.0.36 |
3 | ftp.gwdg.de-suse | Packman Repository | Yes | Yes | 99 | rpm-md | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_13.1/ |
4 | openSUSE-13.1-1.10 | openSUSE-13.1-1.10 | Yes | No | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-MATSHITADVD-RAM_UJ-841S_HA29_536751,/dev/sr0 |
5 | opensuse-guide.org-repo | libdvdcss repository | Yes | Yes | 99 | rpm-md | http://opensuse-guide.org/repo/13.1/ |
6 | repo-debug | openSUSE-13.1-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/distribution/13.1/repo/oss/ |
7 | repo-debug-update | openSUSE-13.1-Update-Debug | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/13.1/ |
8 | repo-debug-update-non-oss | openSUSE-13.1-Update-Debug-Non-Oss | No | Yes | 99 | NONE | http://download.opensuse.org/debug/update/13.1-non-oss/ |
9 | repo-non-oss | openSUSE-13.1-Non-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/13.1/repo/non-oss/ |
10 | repo-oss | openSUSE-13.1-Oss | Yes | Yes | 99 | yast2 | http://download.opensuse.org/distribution/13.1/repo/oss/ |
11 | repo-source | openSUSE-13.1-Source | No | Yes | 99 | NONE | http://download.opensuse.org/source/distribution/13.1/repo/oss/ |
12 | repo-update | openSUSE-13.1-Update | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/13.1/ |
13 | repo-update-non-oss | openSUSE-13.1-Update-Non-Oss | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/13.1-non-oss/ |
14 | security | security | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/security/openSUSE_13.1/

tsu2 · November 21, 2014, 7:46am

Usually the error you describe would occur immediately after the problem repo, or are you suggesting that the error is displayed after <every> repo in you list?

TSU

opensuse13 · November 21, 2014, 7:54am

Sorry about that. Jumping the gun a little. I did a search and found this thread
https://forums.opensuse.org/showthread.php/498435-notification?highlight=Signature+Verification+Repository+Security+Failed

Instructions given were to list the repos, so I thought this would help.

there was a pop up message ‘A security trust relationship is not present’, then below it ‘Signature Verification for Repository Security Failed’.

tsu2 · November 21, 2014, 7:56pm

Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.

I haven’t had a problem with a corrupted (or non-working) repo key personally, but I’d expect it would be considered part of the repo metadata. If so, then the following command should remove the corrupted key and next time prompt you to accept the key

zypper clean -m *reponame_or_number*

So, for instance if you had a corrupted key for the Packman repo in your list, the following should remove your old keys and prompt for new (again, I’m guessing the keys are metadata)

zypper clean -m 3

Even if I might be wrong about whether the keys are considered metadata or not, cleaning should be a fairly non-critical try since recovering would only require re-building what was removed.

If you are experiencing a larger problem, then the problem might be something else.

TSU

opensuse13 · November 22, 2014, 7:42am

Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.
Sorry if I wasn’t clear in answering, I didn’t read it very well. Eyes were very tire from computer at work all day.
I answered with 'there was a pop up message ‘A security trust relationship is not present’, then below it ‘Signature Verification for Repository Security Failed’.

Usually the error you describe would occur immediately after the problem repo,
No, there was no problem repo displayed, just ‘A security trust relationship is not present’, then below it ‘Signature Verification for Repository Security Failed’.

or are you suggesting that the error is displayed after <every> repo in you list?
No, as stated previously, I searched and saw another thread asking for a list of repos and thought they would be useful some how.

So, I don’t know which repo caused the issue.

Thanks TSU

tsu2:

Answering my previous post would have been nice to understand whether you have a problem with a specific repo or are experiencing problems with all repos.

I haven’t had a problem with a corrupted (or non-working) repo key personally, but I’d expect it would be considered part of the repo metadata. If so, then the following command should remove the corrupted key and next time prompt you to accept the key
zypper clean -m *reponame_or_number* 
So, for instance if you had a corrupted key for the Packman repo in your list, the following should remove your old keys and prompt for new (again, I’m guessing the keys are metadata)
zypper clean -m 3
Even if I might be wrong about whether the keys are considered metadata or not, cleaning should be a fairly non-critical try since recovering would only require re-building what was removed.

If you are experiencing a larger problem, then the problem might be something else.

TSU

nrickert · November 22, 2014, 3:59pm

It looks to me as if the message is about the “security” repo (number 14 on your list).

You can test this by disabling that repo, then see if the message goes away.

As to what the problem might be - that, I do not know. Maybe the PGP key for the repo was changed. You could try deleting that repo and then adding it back.

opensuse13 · November 22, 2014, 5:10pm

nrickert,

I was about to disable the ‘Security’ repo, but decided to do a zypper refresh instead. The repository/package signing key needed to be update/accepted.
Once I did this and rebooted my system, the error did not re-appear.

linux-ry0g:/home/rW # zypper ref
Repository ‘SuSE’ is up to date.
Retrieving repository ‘backintime-1.0.36’ metadata …[done]
Repository ‘Packman Repository’ is up to date.
Repository ‘openSUSE-13.1-1.10’ is up to date.
Repository ‘libdvdcss repository’ is up to date.
Repository ‘openSUSE-13.1-Non-Oss’ is up to date.
Repository ‘openSUSE-13.1-Oss’ is up to date.
Repository ‘openSUSE-13.1-Update’ is up to date.
Repository ‘openSUSE-13.1-Update-Non-Oss’ is up to date.
Retrieving repository ‘security’ metadata --------------------------------------------------------------------------------------------------------------------]

New repository or package signing key received:
Key ID: 69D1B2AAEE3D166A
Key Name: security OBS Project <security@build.opensuse.org>
Key Fingerprint: AAF3EB044C49C402A9E7B9AE69D1B2AAEE3D166A
Key Created: Mon 26 May 2014 04:04:43 AM CDT
Key Expires: Wed 03 Aug 2016 04:04:42 AM CDT
Repository: security

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): a
Retrieving repository ‘security’ metadata …[done]
Building repository ‘security’ cache …[done]
All repositories have been refreshed.

Thank you TSU & nrickert for your assistance.