grant k changed bug 906589
What Removed Added
Flags   needinfo?(mrueckert@suse.com)

Comment # 6 on bug 906589 from 
testing an example

    cat /etc/zypp/repos.d/OS13-update.repo
        [OS13-update]
        enabled=1
        name=OS13-update
        baseurl=http://download.opensuse.org/update/13.2
        autorefresh=1
        gpgcheck=1
        keeppackages=0
        priority=90
        type=rpm-md

1st, it's up to date

    zypper -vvv --gpg-auto-import-keys --no-gpg-checks ref --force
    zypper -v ref OS13-update
        Verbosity: 1
        Non-option program arguments: 'OS13-update' 
        Initializing Target
        Specified repositories: OS13-update 
        Checking whether to refresh metadata for OS13-update
        Retrieving: repomd.xml
........................................................................................[done]
        Repository 'OS13-update' is up to date.
        Specified repositories have been refreshed.

cleaning triggers the re-get

    zypper clean --all OS13-update
        Specified repositories have been cleaned up.
    zypper -v ref OS13-update
        Verbosity: 1
        Non-option program arguments: 'OS13-update' 
        Initializing Target
        Specified repositories: OS13-update 
        Checking whether to refresh metadata for OS13-update
        Retrieving: repomd.xml.asc
....................................................................................[done]
        Retrieving: repomd.xml.key
....................................................................................[done]
        Retrieving: repomd.xml
........................................................................................[done]
        File 'repomd.xml' from repository 'OS13-update' is signed with an
unknown key 'B88B2FD43DBDC284'. Continue? [yes/no] (no): yes
        Retrieving:
d98c78f2f551c4920ee214f795fdd446098784ae450fa206245a2fc241fa8dc8-updateinfo.xml.gz
................[done]
        Retrieving:
0ce8d8a4080d4d92b7c56d7a9ec7b91b1fe4fb578d118c9594fa3949dec52946-primary.xml.gz
......[done (86.8 KiB/s)]
        Retrieving:
7da6924f039f480ef9542e1670c452ad305a76cff9aa09781c91d80b17df3b17-deltainfo.xml.gz
.................[done]
        Retrieving repository 'OS13-update' metadata
..................................................................[done]
        Building repository 'OS13-update' cache
.......................................................................[done]
        Specified repositories have been refreshed.


brute-force clean of gpg data

    killall gpg-agent
    cd /root/.gnupg
    rm -rf \
     secring.gpg \
     private-keys-v1.d/ \
     agent.info \
     .gpg-v21-migrated \
     pubring.gpg \
     trustdb.gpg \
     crls.d/

re-init

    gpg --list-keys
        gpg: keybox '/root/.gnupg/pubring.kbx' created
        gpg: /root/.gnupg/trustdb.gpg: trustdb created

check after re-init

    ls -al
        total 40K
        drwx------    4 root root 4.0K Nov 21 13:13 ./
        drwx------  112 root root  12K Nov 21 13:03 ../
        drwx------    2 root root 4.0K Nov 18 05:38 crls.d/
        -rw-rw-rw-+   1 root root  471 Nov 20 21:58 gpg-agent.conf
        -rw-rw-rw-    1 root root 1.7K Nov 20 21:16 gpg.conf
        drwxrwxrwx    2 root root 4.0K Feb 15  2011 private-keys-v1.d/
        -rw-------    1 root root   32 Nov 21 13:13 pubring.kbx
        srwxrwxr-x    1 root root    0 Nov 18 05:38 S.dirmngr=
        srwxr-xr-x    1 root root    0 Nov 21 13:08 S.gpg-agent=
        -rw-------    1 root root   40 Nov 21 13:13 trustdb.gpg

NOTE the change: pubring.gpg -> pubring.kbx

force a refresh, supposedly with auto-import ON,

    zypper -vvv --gpg-auto-import-keys --no-gpg-checks ref --force

all keys are re-retrieved ... no interaction, or errors

recheck

    ls -al /root/.gnupg
        total 40K
        drwx------    4 root root 4.0K Nov 21 13:13 ./
        drwx------  112 root root  12K Nov 21 13:03 ../
        drwx------    2 root root 4.0K Nov 18 05:38 crls.d/
        -rw-rw-rw-+   1 root root  471 Nov 20 21:58 gpg-agent.conf
        -rw-rw-rw-    1 root root 1.7K Nov 20 21:16 gpg.conf
        drwxrwxrwx    2 root root 4.0K Feb 15  2011 private-keys-v1.d/
        -rw-------    1 root root   32 Nov 21 13:13 pubring.kbx
        srwxrwxr-x    1 root root    0 Nov 18 05:38 S.dirmngr=
        srwxr-xr-x    1 root root    0 Nov 21 13:08 S.gpg-agent=
        -rw-------    1 root root   40 Nov 21 13:13 trustdb.gpg

there's NO changes in any gpg data.  that seems wrong.

fwiw,

    kbxutil -vvv pubring.kbx 
        BEGIN-RECORD: 0
        Length: 32
        Type:   Header
        Version: 1
        Flags:   0002 (openpgp)
        created-at: 1416604432
        last-maint: 1416604432
        END-RECORD

    kbxutil --stats pubring.kbx 
        Total number of blobs:        1
                       header:        1
                        empty:        0
                      openpgp:        0
                         x509:        0
                  non flagged:        0
               secret flagged:        0
            ephemeral flagged:        0

> prove to myself that the auto-import is/isn't failing

I haven't managed that, but I am a bit confused by the above.

Is there a specific test that'd answer the question -- does zypper's key
auto-import work correctly?

You are receiving this mail because: