Software install with YaST complains about signature verification.

Steps:

  • Download an RPM suitable to install on openSUSE.
  • Install with YaST

Expected behaviour:

  • Software installs requesting only an admin password as intervention from the user

Actual behaviour:

  • Error/warning about"Signature verification". Ignoring this (on all the software installation this occurs) seems to complete the installation without any issues.
Error: INVALID:slack-4.12.2-0.1.fc21.x86_64 (file-79716bdd): Signature verification failed [4-Signatures public key is not available] 
    Header V4 RSA/SHA1 Signature, key ID 8e6c9578: NOKEY 
    Header SHA1 digest: OK 
    MD5 digest: OK

So far this has happened with all the software I have installed outside of the openSUSE repositories.

  • Slack
  • vscode
  • Zoom

Same here.

But it seems things are still working with just ignoring it.

A little research with the original modal error (and not searching for the details inside it) revealed another thread where someone was having this issue. Importing the gpg key to prevents the warnings from coming up - but importing that key is a separate step.

Zoom, there is a link on the download page to download the public key.

vscode, there are instructions to install from the command line, which include importing the public key (there is also a “download” page on the vscode site that just downloads the package resulting in this signature verification error - you don’t have the key!)


Fairly new to openSUSE and this isn’t something that has ever come up as a warning/error/issue on other distros. I’m assuming that openSUSE just takes a slightly difference approach to security - another example being that openSUSE is the only distro that asks me for a wallet password each login to connect to the wifi :sarcastic:

Please follow these ArchLinux instructions: <https://wiki.archlinux.org/index.php/KDE_Wallet&gt;.

  • The openSUSE SDDM configuration has the required settings …
  • Please note the need to use Blowfish encryption on the default wallet – “kdewallet” – used to store the WLAN keys …

You can of course, create separate GnuPG encrypted wallets for other more sensitive items …

Yes, it pays to use the YaST Repository Manager to check the status of the repository keys – usually a simple “refresh all activated repositories” does the trick …

  • Also, from within the Repository Manager, occasionally check the list of known keys for expired keys …
Error: INVALID:slack-4.12.2-0.1.fc21.x86_64 (file-79716bdd): Signature verification failed [4-Signatures public key is not available] 

Fedora packages can work in openSUSE, but must not.