Vbox error

Since it looks like there <a lot> of interest (views) in this thread, I assume that many of these new viewers are running on other non-openSUSE platforms/distros.

I’d caution anyone running on Debian’s rolling release (It’s a Dev/Factory release similar to our Tumbleweed) that their “elevated permissions” is not going to provide any extra protection.

Here on openSUSE when we want elevated permissions, we typically enter the root password but on Debian’s rolling release, today the User enters his own password for the account he’s already logged in as. This means that if the ordinary User account has been compromised, there is nothing to prevent access also to elevated permissions.

TSU

Hi,

Glad to see there are many reply’s to this question, but the issue of “INVALID KEY” was never addressed, merely solved by a change of repo (repository).

So in case you WANT TO KEEP the repo that is giving you the INVALID KEY (and I’m referring to the one on VirtualBox.org) then do this:

  1. Go to the site where they have their GPG Key information (https://www.virtualbox.org/wiki/Linux_Downloads).
  2. Search for "Oracle public key
    " (there will be multiple results). 1. Make sure you find the result in the rpm-based
    section (OpenSuSE is rpm-based). 1. Right-click on the link to Save it (not providing the link for obvious security reasons).
  3. IMPORT the GPG Key (2 options)
  • Command-line:

[LIST]

  • sudo rpm --import oracle_vbox.asc
  1. YaST:
  • In Software Repositories

  • Click “GPG Keys…”

  • Click “Add”

  • Look for the file “oracle_vbox.asc” (or whichever filename you save it as)

  • Click “OK”

[/LIST]

You won’t have the INVALID KEY problem again.

CAUTION: These steps work for ANY repo that provides GPG KEYS. So please make sure that you TRUST the repo before going through importing their GPG Keys.

Skimming this thread,
Unless I missed something I don’t see any problem with repo GPG keys (A number of other issues were discussed).

Also, on openSUSE if we add a repo using zypper (our tool) instead of rpm, we have a number of user-friendly methods not available to other distros.
As long as the repo is in a supported format (I’ve occasionally run into the very latest yum repo version which wasn’t supported but might now)

  • The GPG key can be ignored
  • The GPG key can be accepted automatically
  • The User is prompted to accept the GPG key

And, we can add the repo using a simple console command line (or GUI) with or without prior importing the GPG key.

This is unlike other distros like RHEL/Fedora (and likely Oracle Linux) which require configuring the repo configuration file manually.

zypper is cool.

TSU