zypper option being ignored?

Below is the result of a program update using zypper. The author does not sign the package so I added the “–allow-unsigned-rpm” to skip that part. It did not.

The command runs in a script. Hence the “–non-interactive” option.

What am I missing?

zypper --non-interactive --ignore-unknown --no-cd install --auto-agree-with-licenses --allow-unsigned-rpm cinelerra Ignoring repository 'openSUSE-Leap-15.1-1' because of 'no-cd' option.
Retrieving repository 'Main Update Repository' metadata .........done]
Building repository 'Main Update Repository' cache ....done]
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following package is going to be upgraded:
  cinelerra

1 package to upgrade.
Overall download size: 51.7 MiB. Already cached: 0 B. After the operation, additional 310.4 KiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving package cinelerra-5.1-20190731.x86_64 (1/1),  51.7 MiB (170.3 MiB unpacked)
Retrieving: cinelerra-5.1-leap15.1-20190731.x86_64.rpm ............................................done (1.2 MiB/s)]
cinelerra-5.1-leap15.1-20190731.x86_64.rpm:
    Package is not signed!

cinelerra-5.1-20190731.x86_64 (cingg): Signature verification failed [6-File is unsigned]
Abort, retry, ignore? [a/r/i] (a): a
Problem occurred during or after installation or removal of packages:
Installation has been aborted as directed.

I have not actually used that option. So I’m basing this on my reading of the man page.

If I am reading that man page correctly, the option “–allow-unsigned-rpm” is only relevant when you are directly installing an rpm file, with the rpm file given on the command line.

For what you are doing, it looks as if you should be using the option “–gpgcheck-allow-unsigned”.


cinelerra-5.1-20190731.x86_64 (cingg): Signature verification failed [6-File is unsigned]
Abort, retry, ignore? [a/r/i] (a): a

Try ignore command: **"**Abort, retry, ignore? [a/r/i] (a): i "

That works for self when installing Skype.

the “–allow-unsigned-rpm” appears to be a rather new option.
You may want to report any problems.
Note that I’ve found that “–allow-unsigned-rpm” must fit the situation perfectly, I’ve it not found to work if the rpm is signed by an unauthenticated signer.

IMO it would have made more sense to instead make the option and functionality “ignore signing check” or similar instead.

TSU

The message results from a script that invokes zypper after doing other prep work. The default in this instance is a[bort].

I will give that a test.

I’m extremely suspicious of the Use Case where “–non-interactive” and “–auto-agree-with-licenses” are being mixed with:

  • “–allow-unsigned-rpm”
  • “–no-cd install”
  • “–gpgcheck-allow-unsigned”

AFAICS, “–non-interactive” is meant only for the case of automatically patching systems with cron job which executes the following command:’/usr/bin/zypper’ ‘–non-interactive’ ‘–quiet’ ‘patch’ ‘–skip-interactive’ ‘–auto-agree-with-licenses’ ‘–recommends’

Looking through my Zypper history, it seems that the YaST “automatic patch” function really does only that.

  • Package updates and patches which need administrator interaction require that, the Administrator logs in to the system.

There may well be a very good reason why this is so …

zypper 1.14.27
Well, darn!

The flag --gpgcheck-allow-unsigned is not known.

Oh, I see. That is a repo option.
I am confused by this then:

$ zypper modifyrepo --gpgcheck-allow-unsigned cingg
GPG check has been enabled for repository 'cingg'.

The response is ambiguous. Is the GPG check enabled (the opposite of the option), or is the “allow-unsigned” enabled?