Running YaST Software Management today gave me this message in a dialog box:
The file repomd.xml from repository nVidia Graphics Drivers http://download.nvidia.com/opensuse/13.2/ is not digitally signed. The origin and integrity of the file cannot be verified. Using the file anyway puts the integrity of your system at risk.
Use it anyway?
Yes / No
So far I have been running updates without problems (yesterday too).
Any idea what might that be? Should I blindly click “Yes”?
AFAIK, in the case of the nvidia repo, everything (creating the packages, uploading them, recreating the repo data and signing the repo) is done manually. So this takes time, and the repo might be unuseable during that time.
This is with opensuse 13.2. When I checked yesterday with 13.1, there were no problems. But 13.2 (just doing “zypper lu”) reports the problem both yesterday and today. It defaults to igoring that repo, and “zypper lu” tells me that there are no updates. But if there were updates, I think I would need to disable the nvidia repo in order to do a clean update.
My last check was around 3 minutes before posting this.
Maybe when you delete the repo and add it back, it is added back without a repo pgp key and then does not care if the metadata is signed.
I had never added it before on this system. So zypper had to retrieve the metadata and the key freshly.
Or maybe we are being redirected to different mirrors.
No idea whether there are different mirrors for the nvidia repo.
Maybe deleting /var/cache/zypp/ might help?
There is a way to disable the signature check if you want to do that, have a look at the options “gpgcheck”, “repo_gpgcheck”, and “pkg_gpgcheck” in /etc/zypp/zypp.conf.
(and no, I did not turn it off here…)
Using 13.2 I had the Kernel update a few days ago, and as far as I can tell the G03 driver was updated too, I received no warnings or errors.
After reading this thread I went to yast to check if everything is fine with the nvidia repo and my installed driver, and as far as I can tell I have the latest driver and there are no issues with the repo.
I’m thinking maybe this is a mirror issue, but weren’t the nvidia rpm’s hosted by nvidia at ftp://download.nvidia.com/opensuse/
On 2015-08-23 21:26, wolfi323 wrote:
> PS: You might also try to uninstall the repo’s GPG key. Maybe the one
> you have installed is wrong/broken?
> sudo rpm -e gpg-pubkey-6f88bb2f-4fe5b9a8
I have a doubt here. I’m not sure if rpm uses root’s GPG store, or its
own. I think the later.
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)