https://bugzilla.suse.com/show_bug.cgi?id=1198274 https://bugzilla.suse.com/show_bug.cgi?id=1198274#c4 Michael Andres <ma@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(msuchanek@suse.co | |m) --- Comment #4 from Michael Andres <ma@suse.com> --- (In reply to Michal Suchanek from comment #0)
Every time a repository not signed with openSUSE key is updated zypper asks:
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):
regardless of the answer it asks again next time the repository is updated.
Zypper does not know or remember anything about the issuer of a key. The workflow is always the same. In the log I see 11 keys being imported from the rpmdb:
[EB3E94ADBE1229CF-5631588c] [Microsoft (Release signing) <gpgsecurity@microsoft.com>] [does not expire] [7721F63BD38B4796-570db6f1, 1397BC53640DB551, 6494C6D6997C215E, 78BD65473CB3BD13] [Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>] [does not expire] [45A1D0671ABD1AFB-54176598] [PackMan Project (signing key) <packman@links2linux.de>] [expires: 2024-09-13] [B88B2FD43DBDC284-53674dd4] [openSUSE Project Signing Key <opensuse@opensuse.org>] [expires: 2024-05-02] [A040830F7FAC5991-4615767f, 4F30B6B4C07CB649] [Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>] [does not expire] [F899F20D9A795806-46bc71d0, 667B7323ABB92D64] [PackMan Build Service (PackMan Build Service) <packman@links2linux.de>] [does not expire] [70AF9E8139DB7C82-5f68629b] [SuSE Package Signing Key <build@suse.de>] [expires: 2024-09-20] [A962EAA91178C42A-5d1a088e] [home:dirkmueller:branches OBS Project <home:dirkmueller:branches@build.opensuse.org>] [expired: 2021-09-08] [CF42432608104B60-5fe0df0f] [home:michals OBS Project <home:michals@build.opensuse.org>] [expires: 2023-03-01] [62EB1A0917280DDF-5e82f96b] [network OBS Project <network@build.opensuse.org>] [expires: 2022-06-09] [64CD5FA175348F84-55527657, FC26F97D4C591F60] [Ring - Savoir-Faire Linux, Inc <ring@lists.savoirfairelinux.net>] [does not expire]
The repository home_michals is signed with a missing key:
Key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org> is not trusted
You were asked and decided to trust the key:
User wants to trust key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org> User wants to import key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org>
The was successfully imported into the rpmdb:
Key [44BA13006E58D9A3-613144a8] [home:michals OBS Project <home:michals@build.opensuse.org>] [expires: 2023-11-11] will be imported into the rpm trusted keyring.(new) Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '--import' '--' '/var/tmp/zypp.wl851j/pubkey-44BA13006E58D9A3-GH8fZZ' Pid 19606 successfully completed
That's the expected behavior. Unfortunately the log does not contain more zypper actions. In case 44BA13006E58D9A3 is the key in question, and you are asked over and over again, it would mean that rpm is not able to retrieve the newly imported imported key again. This could be caused by a broken rpmdb. Please run
rpm --rebuilddb
After this you should be asked at most once again to whether to trust 44BA13006E58D9A3. If the issue persists, we'd need a log showing two or three consecutive actions where you were asked to trust the key. -- You are receiving this mail because: You are on the CC list for the bug.