Cris70
January 31, 2018, 11:04am
1
Hi all,
Looking at the validity dates for the new keys, it doesn’t seem like they updated because the end date was nearing.
Also, on one of my PCs, I have one key that is being asked for confirmation every time I update, even though every time I say to trust it always (this is the key for gldickens repo).
Anybody else experiencing this?
Thank you in advance
Cris70
February 1, 2018, 5:52pm
2
Seeing that my two openSUSE PCs behave differently, I suspect one is having problems with repository signatures, but I fail to understand where the problem is.
I read that keys are stored in /var/cache/zypp/raw, which has plenty of free space:
cris@PolariSuse [/var/cache/zypp/raw]**$** df -h|grep /var/cache
/dev/sdb3 52G 35G 17G 68% **/var/cache**
The one key that is most often reported to be outdated is the one from gldickens repository (repo number 1 in the following screen):
cris@PolariSuse ~]$ zypper lr -d Repository priorities in effect: (See 'zypper lr -P' for details)
98 (raised priority) : 2 repositories
99 (default priority) : 13 repositories
# | Alias | Name | Enabled | GPG Check | Refresh | Priority | Type | URI | Service
---+---------------------------------------+----------------------------------------+---------+-----------+---------+----------+--------+---------------------------------------------------------------------------------+--------
1 | GLDickens_Ubuntu_Style_Font_Rendering | GLDickens Ubuntu Style Font Rendering | Yes | (r ) Yes | Yes | 98 | rpm-md | http://download.opensuse.org/repositories/home:/gldickens3/openSUSE_Tumbleweed/ |
2 | Insync_Fedora_25 | Insync Fedora 25 | Yes | (r ) Yes | Yes | 99 | rpm-md | http://yum.insynchq.com/fedora/25/ |
3 | Packman | Packman Repository | Yes | (r ) Yes | Yes | 98 | rpm-md | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_Tumbleweed/ |
4 | Vivaldi_stable | Vivaldi stable | Yes | ( p) Yes | Yes | 99 | rpm-md | http://repo.vivaldi.com/stable/rpm/x86_64/ |
5 | download.opensuse.org-non-oss | Main Repository (NON-OSS) | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/tumbleweed/repo/non-oss/ |
6 | download.opensuse.org-oss | Main Repository (OSS) | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/tumbleweed/repo/oss/ |
7 | download.opensuse.org-tumbleweed | Main Update Repository | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/update/tumbleweed/ |
8 | geogebra | geogebra | Yes | ( p) Yes | Yes | 99 | rpm-md | http://www.geogebra.net/linux/rpm/x86_64 |
9 | google-musicmanager | google-musicmanager | Yes | (r ) Yes | Yes | 99 | rpm-md | http://dl.google.com/linux/musicmanager/rpm/stable/x86_64 |
10 | google-talkplugin | google-talkplugin | Yes | (r ) Yes | Yes | 99 | rpm-md | http://dl.google.com/linux/talkplugin/rpm/stable/x86_64 |
11 | home_colomboem | Emanuele Colombo (openSUSE_Tumbleweed) | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/home:/colomboem/openSUSE_Tumbleweed/ |
12 | libdvdcss | libdvdcss repository | Yes | (r ) Yes | Yes | 99 | rpm-md | http://opensuse-guide.org/repo/openSUSE_Tumbleweed/ |
13 | openSUSE-20151118-0 | openSUSE-20151118-0 | No | ---- | ---- | 99 | yast2 | cd:///?devices=/dev/disk/by-id/ata-PHILIPS_DVDR1660P1_DL100614069754 |
14 | repo-debug | openSUSE-Tumbleweed-Debug | Yes | (r ) Yes | Yes | 99 | yast2 | http://download.opensuse.org/debug/tumbleweed/repo/oss/ |
15 | repo-source | openSUSE-Tumbleweed-Source | No | ---- | ---- | 99 | NONE | http://download.opensuse.org/source/tumbleweed/repo/oss/ |
16 | skype-stable | skype (stable) | Yes | (r ) Yes | Yes | 99 | rpm-md | https://repo.skype.com/rpm/stable/ |
17 | snappy | snappy | Yes | (r ) Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/system:/snappy/openSUSE_Tumbleweed/ |
If I forcibly refresh that repo I get the following message over and over, as if the new key doesn’t stick:
cris@PolariSuse ~]**$** sudo zypper ref -f 1
[sudo] password for root:
Forcing raw metadata refresh
Retrieving repository 'GLDickens Ubuntu Style Font Rendering' metadata --------------------------------------------------------------------------------------------------------------\]
**New repository or package signing key received:**
Repository: GLDickens Ubuntu Style Font Rendering
Key Name: home:gldickens3 OBS Project <home:gldickens3@build.opensuse.org>
Key Fingerprint: A0697026 68F9444B B4AD0DAE 87794F7A F191F0E8
Key Created: sab 04 mar 2017 18:38:26 CET
Key Expires: lun 13 mag 2019 19:38:26 CEST
Rpm Name: gpg-pubkey-f191f0e8-58bafb92
Do you want to reject the key, trust temporarily, or trust always? **[r/t/a/? shows all options] (r): **a
Retrieving repository 'GLDickens Ubuntu Style Font Rendering' metadata ...........................................................................................................[done]
Forcing building of repository cache
Building repository 'GLDickens Ubuntu Style Font Rendering' cache ................................................................................................................[done]
Specified repositories have been refreshed.
But I can see that the corresponding files are being refreshed:
cris@PolariSuse ~]**$** ll /var/cache/zypp/raw/GLDickens_Ubuntu_Style_Font_Rendering/repodata/
total 20
-rw-r--r-- 1 root root 5337 feb 1 17:42 fcf022c847543cff36f9352036d017b4dc64cd765771e213ec8bebbd16e745c0-primary.xml.gz
-rw-r--r-- 1 root root 1662 feb 1 17:42 repomd.xml
-rw-r--r-- 1 root root 481 feb 1 17:42 repomd.xml.asc
-rw-r--r-- 1 root root 1105 feb 1 17:42 repomd.xml.key
Can someone help shed some light on this issue?
Could it have something to do with the recent changes in how /var is handled?
Thank you in advance