sudden - 'google-chrome' is signed with an unknown key - problem

This is incorrect. Flash is still bundled with Chrome and will only be removed “toward the end of 2020” (basically when Adobe stops supporting it). Chrome also uses the more secure sandboxed PPAPI version of flash, whereas Chromium uses the unsandboxed NPAPI version.

Apart from flash and codecs, the main difference comes down to building and testing. Google tests each Chrome release, but doesn’t even do any releasing of Chromium. That’s managed by the different distributions which may or may not do testing, release in a timely manner and change code including sandboxing. More details can be found here.

I think openSUSE does a pretty good job so that PPAPI vs NPAPI flash and codecs supported are the only significant differences.

hmm I remember a few threads about flash missing from google chrome’s distribution
Adobe did restart development and distribution of flash for linux so while opensuse does not redistribute flash the packman repo does, updating a browser just to update a plugin is beyond silly
afaik the main difference between Chromium and Chrome is the spyware google puts in to track our browsing habits one of the reasons to prefer Chromium

Perhaps there is an other reason. Since chrome 60, there is an other update-system. Its in the browser self. I therefore think you don’t have to have an repo.

But maybe i am wrong (however, till now its working)

Regards,

Rene

Hello, I just imported Google’s linux_signing_key.pub, added their repository, received the same error. I found this thread by Google searching:
File ‘repomd.xml’ from repository ‘Google-Chrome’ is signed with an unknown key ‘1397BC53640DB551’. Continue?

I then downloaded the key 0x1397BC53640DB551 from https://keyserver.opensuse.org and tried to import it into Yast. It appears the key ‘1397BC53640DB551’ is identical to key ‘7721F63BD38B4796’, the Google, Inc (Linux Packages Signing Authority) Key, which was already imported from linux_signing_key.pub. See the following screenshot.

https://cdn.pbrd.co/images/GGvx1NL.png

I refer to my previous post about this issue on Leap: https://forums.opensuse.org/showthread.php/526290-Google-Chrome-Update-Key-Validation-Error?p=2832825#post2832825

What I am getting out of that thread is that Google started signing their repositories with subkeys, which provide increased security, but zypper does not support subkeys. So this is an issue with that should be fixed in zypper.

Bingo - Google started using subkeys, Zypper does not support them (yet). So this is a problem with zypp and needs to be fixed by the SUSE development team.

The easy solution to the problem is to uninstall Google Chrome; install chromium from the official repositories; then install chromium-ffmpeg-extra, chromium-plugin-widevinecdm, and flash-player-ppapi from Packman. It provides the same functionality as Google Chrome with much less stress than dealing with these signature issues.

Has anyone reported that to bugzilla? Otherwise I think it won’t get fixed.

But the actual problem is the key signing, not how to replace one program with another. Google Chrome is not identical to Chromium as mentioned in earlier posts.

Concerning the discussion of Chromium vs. Chrome it’s also worth noting that for web or extension developers it’s important to be ahead of the curve (i.e. notice if anything breaks before it breaks for the majority of people) and AFAIK no repo with a package of the beta channel Chromium exists while for Chrome it does.

There seems to be a report in bugzilla about the subkey problem:

https://bugzilla.suse.com/show_bug.cgi?id=1008325

and a comment from yesterday says

“Fixed in libzypp-16.15.4 / zypper-1.13.32”


~|⇒ zin libzypp
Retrieving repository 'google-chrome' metadata ----------------------------------------------------------------------------------------------------------------------------------------------------------------\]
File 'repomd.xml' from repository 'google-chrome' is signed with an unknown key '1397BC53640DB551'. Continue? [yes/no] (no): y
Retrieving repository 'google-chrome' metadata .............................................................................................................................................................[done]
Building repository 'google-chrome' cache ..................................................................................................................................................................[done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following package is going to be upgraded:
  libzypp

1 package to upgrade.
Overall download size: 2.0 MiB. Already cached: 0 B. After the operation, additional 28.9 KiB will be used.
Continue? [y/n/...? shows all options] (y): y
Retrieving package libzypp-16.15.6-12.1.x86_64                                                                                                                               (1/1),   2.0 MiB (  7.4 MiB unpacked)
Retrieving delta: ./x86_64/libzypp-16.13.0_16.15.6-1.1_12.1.x86_64.drpm, 526.7 KiB
Retrieving: libzypp-16.13.0_16.15.6-1.1_12.1.x86_64.drpm ...................................................................................................................................................[done]
Applying delta: ./libzypp-16.13.0_16.15.6-1.1_12.1.x86_64.drpm .............................................................................................................................................[done]
Checking for file conflicts: ...............................................................................................................................................................................[done]
(1/1) Installing: libzypp-16.15.6-12.1.x86_64 ..............................................................................................................................................................[done]

I can indeed confirm the fix. Subsequent zypper installations do not show the key mismatch error.

Well,
In my case it’s still the same. I have the latest libzypp in Leap 42.3 and I still see the same issue with subkeys, although I removed all Google GPG keys and re-added them manually.

I do have a similar issue with the yarn repo.

File 'repomd.xml' from repository 'yarn' is signed with an unknown key '9A6F73F34BEB74734D8C69149CBBB5586963F07F'. Continue? [yes/no] (no): 

I wonder if that might be a subkey problem as well.
How would one find out about the keys?

More details here: https://github.com/yarnpkg/yarn/issues/5294

In my experience, you have to delete the old key before you import the new key. Otherwise it doesn’t take.

You can remove the old key with Yast Software Repositories.