Michael Andres changed bug 1198274
What Removed Added
Flags   needinfo?(msuchanek@suse.com)

Comment # 4 on bug 1198274 from 
(In reply to Michal Suchanek from comment #0)
> Every time a repository not signed with openSUSE key is updated zypper asks:
> 
> Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?]
> (r): 
> 
> regardless of the answer it asks again next time the repository is updated.

Zypper does not know or remember anything about the issuer of a key. The
workflow is always the same.

In the log I see 11 keys being imported from the rpmdb:
> [EB3E94ADBE1229CF-5631588c] [Microsoft (Release signing) <gpgsecurity@microsoft.com>] [does not expire]
> [7721F63BD38B4796-570db6f1, 1397BC53640DB551, 6494C6D6997C215E, 78BD65473CB3BD13] [Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>] [does not expire]
> [45A1D0671ABD1AFB-54176598] [PackMan Project (signing key) <packman@links2linux.de>] [expires: 2024-09-13]
> [B88B2FD43DBDC284-53674dd4] [openSUSE Project Signing Key <opensuse@opensuse.org>] [expires: 2024-05-02]
> [A040830F7FAC5991-4615767f, 4F30B6B4C07CB649] [Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>] [does not expire]
> [F899F20D9A795806-46bc71d0, 667B7323ABB92D64] [PackMan Build Service (PackMan Build Service) <packman@links2linux.de>] [does not expire]
> [70AF9E8139DB7C82-5f68629b] [SuSE Package Signing Key <build@suse.de>] [expires: 2024-09-20]
> [A962EAA91178C42A-5d1a088e] [home:dirkmueller:branches OBS Project <home:dirkmueller:branches@build.opensuse.org>] [expired: 2021-09-08]
> [CF42432608104B60-5fe0df0f] [home:michals OBS Project <home:michals@build.opensuse.org>] [expires: 2023-03-01]
> [62EB1A0917280DDF-5e82f96b] [network OBS Project <network@build.opensuse.org>] [expires: 2022-06-09]
> [64CD5FA175348F84-55527657, FC26F97D4C591F60] [Ring - Savoir-Faire Linux, Inc <ring@lists.savoirfairelinux.net>] [does not expire]

The repository home_michals is signed with a missing key:
> Key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org> is not trusted

You were asked and decided to trust the key:
> User wants to trust key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org>
> User wants to import key [44BA13006E58D9A3] home:michals OBS Project <home:michals@build.opensuse.org>

The was successfully imported into the rpmdb:
> Key [44BA13006E58D9A3-613144a8] [home:michals OBS Project <home:michals@build.opensuse.org>] [expires: 2023-11-11] will be imported into the rpm trusted keyring.(new)
> Executing[C] 'rpm' '--root' '/' '--dbpath' '/usr/lib/sysimage/rpm' '--import' '--' '/var/tmp/zypp.wl851j/pubkey-44BA13006E58D9A3-GH8fZZ'
> Pid 19606 successfully completed

That's the expected behavior. 


Unfortunately the log does not contain more zypper actions. In case
44BA13006E58D9A3 is the key in question, and you are asked over and over again,
it would mean that rpm is not able to retrieve the newly imported imported key
again.

This could be caused by a broken rpmdb. Please run
> rpm --rebuilddb

After this you should be asked at most once again to whether to trust
44BA13006E58D9A3.


If the issue persists, we'd need a log showing two or three consecutive actions
where you were asked to trust the key.

You are receiving this mail because: