Cris70
January 31, 2018, 11:04am
1
Hi all,
lately zypper is reporting a lot of repository key updates, for third party repos like packman, tel.red, skype, GLDickens, etc.
Looking at the validity dates for the new keys, it doesn’t seem like they updated because the end date was nearing.
Unless there’s another reason why everybody is updating their repo key, it seems a bit suspicious to me.
Also, on one of my PCs, I have one key that is being asked for confirmation every time I update, even though every time I say to trust it always (this is the key for gldickens repo).
Anybody else experiencing this?
Thank you in advance
Cris
Cris70
February 1, 2018, 5:52pm
2
Seeing that my two openSUSE PCs behave differently, I suspect one is having problems with repository signatures, but I fail to understand where the problem is.
I read that keys are stored in /var/cache/zypp/raw, which has plenty of free space:
cris@PolariSuse [/var/cache/zypp/raw]**$** df -h|grep /var/cache
/dev/sdb3 52G 35G 17G 68% **/var/cache**
The one key that is most often reported to be outdated is the one from gldickens repository (repo number 1 in the following screen):
cris@PolariSuse ~]$ zypper lr -d Repository priorities in effect: (See 'zypper lr -P' for details)
98 (raised priority) : 2 repositories
99 (default priority) : 13 repositories
# | Alias | Name | Enabled | GPG Check | Refresh | Priority | Type | URI | Service
---+---------------------------------------+----------------------------------------+---------+-----------+---------+----------+--------+---------------------------------------------------------------------------------+--------
1 | GLDickens_Ubuntu_Style_Font_Rendering | GLDickens Ubuntu Style Font Rendering | Yes | (r ) Yes | Yes | 98 | rpm-md | http://download.opensuse.org/repositories/home:/gldickens3/openSUSE_Tumbleweed/ |
2 | Insync_Fedora_25 | Insync Fedora 25 | Yes | (r ) Yes | Yes | 99 | rpm-md | http://yum.insynchq.com/fedora/25/ |
3 | Packman | Packman Repository | Yes | (r ) Yes | Yes | 98 | rpm-md | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_Tumbleweed/ |
4 | Vivaldi_stable | Vivaldi stable | Yes | ( p) Yes | Yes | 99 | rpm-md | http://repo.vivaldi.com/stable/rpm/x86_64/ |
5 | download.opensuse.org-non-oss | Main Repository (NON-OSS) | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/tumbleweed/repo/non-oss/ |
6 | download.opensuse.org-oss | Main Repository (OSS) | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/tumbleweed/repo/oss/ |
7 | download.opensuse.org-tumbleweed | Main Update Repository | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/tumbleweed/ |
8 | geogebra | geogebra | Yes | ( p) Yes | Yes | 99 | rpm-md | http://www.geogebra.net/linux/rpm/x86_64 |
9 | google-musicmanager | google-musicmanager | Yes | (r ) Yes | Yes | 99 | rpm-md | http://dl.google.com/linux/musicmanager/rpm/stable/x86_64 |
10 | google-talkplugin | google-talkplugin | Yes | (r ) Yes | Yes | 99 | rpm-md | http://dl.google.com/linux/talkplugin/rpm/stable/x86_64 |
11 | home_colomboem | Emanuele Colombo (openSUSE_Tumbleweed) | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/home:/colomboem/openSUSE_Tumbleweed/ |
12 | libdvdcss | libdvdcss repository | Yes | (r ) Yes | Yes | 99 | rpm-md | http://opensuse-guide.org/repo/openSUSE_Tumbleweed/ |
13 | openSUSE-20151118-0 | openSUSE-20151118-0 | No | ---- | ---- | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-PHILIPS_DVDR1660P1_DL100614069754 |
14 | repo-debug | openSUSE-Tumbleweed-Debug | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/debug/tumbleweed/repo/oss/ |
15 | repo-source | openSUSE-Tumbleweed-Source | No | ---- | ---- | 99 | NONE | http://download.opensuse.org/source/tumbleweed/repo/oss/ |
16 | skype-stable | skype (stable) | Yes | (r ) Yes | Yes | 99 | rpm-md | https://repo.skype.com/rpm/stable/ |
17 | snappy | snappy | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed/ |
If I forcibly refresh that repo I get the following message over and over, as if the new key doesn’t stick:
cris@PolariSuse ~]**$** sudo zypper ref -f 1
[sudo] password for root:
Forcing raw metadata refresh
Retrieving repository 'GLDickens Ubuntu Style Font Rendering' metadata --------------------------------------------------------------------------------------------------------------\]
**New repository or package signing key received:**
Repository: GLDickens Ubuntu Style Font Rendering
Key Name: home:gldickens3 OBS Project <home:gldickens3@build.opensuse.org>
Key Fingerprint: A0697026 68F9444B B4AD0DAE 87794F7A F191F0E8
Key Created: sab 04 mar 2017 18:38:26 CET
Key Expires: lun 13 mag 2019 19:38:26 CEST
Rpm Name: gpg-pubkey-f191f0e8-58bafb92
Do you want to reject the key, trust temporarily, or trust always? **[r/t/a/? shows all options] (r): **a
Retrieving repository 'GLDickens Ubuntu Style Font Rendering' metadata ...........................................................................................................[done]
Forcing building of repository cache
Building repository 'GLDickens Ubuntu Style Font Rendering' cache ................................................................................................................[done]
Specified repositories have been refreshed.
But I can see that the corresponding files are being refreshed:
cris@PolariSuse ~]**$** ll /var/cache/zypp/raw/GLDickens_Ubuntu_Style_Font_Rendering/repodata/
total 20
-rw-r--r-- 1 root root 5337 feb 1 17:42 fcf022c847543cff36f9352036d017b4dc64cd765771e213ec8bebbd16e745c0-primary.xml.gz
-rw-r--r-- 1 root root 1662 feb 1 17:42 repomd.xml
-rw-r--r-- 1 root root 481 feb 1 17:42 repomd.xml.asc
-rw-r--r-- 1 root root 1105 feb 1 17:42 repomd.xml.key
Can someone help shed some light on this issue?
Could it have something to do with the recent changes in how /var is handled?
Thank you in advance
Cris