Bug ID 1088037
Summary gpgkey= entry ignored for rpm-md repositories
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component libzypp
Assignee zypp-maintainers@forge.provo.novell.com
Reporter ma@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Via mail to zypp-devel:
> My rpm-md style repository contains *both* repository metadata GPG
> signatures (i.e. repomd.xml.asc) and RPM packages which have GPG
> signatures, created via rpm --addsign.
>
> On a YUM-based system (e.g., CentOS 7), I simply need to list all the
> necessary URLs for both repository GPG and package signing public keys
> with gpgkey=. When I update the metadata (via yum makecache) all
> listed keys are automatically imported to the correct place; package
> signing keys into rpm db and the repository signing key into the YUM
> keyring.
>
> On OpenSUSE 42.3 with zypper 1.13.40 and libzypp 16.17.10, I have
> noticed that none of the URLs specified with gpgkey= seem to be
> imported even after I run zypper --gpg-auto-import-keys refresh
> reponame. I have verified this by running rpm -qa | grep gpg-pubkey
> and saw that the keys specified in the repository configuration file
> were not imported to RPM DB. It seems that the only way to import a
> package signing key on OpenSUSE 42.3 for an rpm-md style repository is
> to run rpm --import file.key.

You are receiving this mail because: