http://bugzilla.opensuse.org/show_bug.cgi?id=906589 --- Comment #15 from Michael Andres <ma@suse.com> --- Looking at the log from comment#12 there are no errors so far.
$ grep Key test.zypper.log 2014-11-24 05:58:56 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(Impl):176 Current KeyRing::DefaultAccept: 0000000000 2014-11-24 05:58:56 <1> gk1(21113) [zypp] RpmDb.cc(syncTrustedKeys):965 Going to sync trusted keys... 2014-11-24 05:58:56 <1> gk1(21113) [zypp] RpmDb.cc(syncTrustedKeys):969 Rpm keys to export into zypp trusted keyring: 0 2014-11-24 05:58:56 <1> gk1(21113) [zypp] RpmDb.cc(syncTrustedKeys):970 Zypp trusted keys to import into rpm database: 0 2014-11-24 05:58:56 <1> gk1(21113) [zypp] RpmDb.cc(syncTrustedKeys):1019 Trusted keys synced.
It looks like there are no trusted keys stored in the rpm database (check with rpm -qa 'gpg-pubkey*').
2014-11-24 05:58:58 <1> gk1(21113) [zypp] PublicKey.cc(Impl):307 Taking pubkey from /var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml.key of size 988 and sha1 f7a25091290faa78bd47849f4b5238e4ee648236 2014-11-24 05:58:58 <1> gk1(21113) [zypp] PublicKey.cc(readFromFile):347 Reading pubkey from /var/tmp/TmpFile.UUPtIw of size 988 and sha1 f7a25091290faa78bd47849f4b5238e4ee648236 2014-11-24 05:58:58 <1> gk1(21113) [zypp] PublicKey.cc(readFromFile):397 Read pubkey from /var/tmp/TmpFile.UUPtIw: [B88B2FD43DBDC284-53674dd4] [openSUSE Project Signing Key <opensuse@opensuse.org>] [22C07BA534178CD02EFE22AAB88B2FD43DBDC284] [TTL 3446] 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):373 Going to verify signature for repomd.xml ( /var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml ) with /var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml.asc 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(readSignatureKeyId):567 Determining key id if signature /var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml.asc 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(readSignatureKeyId):612 Determined key id [B88B2FD43DBDC284] for signature /var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml.asc 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(publicKeyExists):301 Searching key [B88B2FD43DBDC284] in keyring /var/tmp/zypp.8YO46w/zypp-trusted-krhw1kNd 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(publicKeyExists):301 Searching key [B88B2FD43DBDC284] in keyring /var/tmp/zypp.8YO46w/zypp-general-krtrsBtU 2014-11-24 05:58:59 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):477 File [/var/cache/zypp/raw/OS13-updateLjSa8t/repodata/repomd.xml] ( repomd.xml ) signed with unknown key [B88B2FD43DBDC284] 2014-11-24 05:59:04 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):485 User does not want to accept unknown key B88B2FD43DBDC284
Trusted keys from the rpm database would have been imported into the 'zypp-trusted' keyring. Keys you temporarily accept would go to the 'zypp-general' keyring. Both keyrings are empty, so the key is unknown and needs to be confirmed.
2014-11-24 05:59:05 <1> gk1(21113) [zypp] PublicKey.cc(Impl):307 Taking pubkey from /var/cache/zypp/raw/ToolswnzCDp/repodata/repomd.xml.key of size 1003 and sha1 123d8c16811bd1cc3c68a467c3a92b2c8d2e3386 2014-11-24 05:59:05 <1> gk1(21113) [zypp] PublicKey.cc(readFromFile):347 Reading pubkey from /var/tmp/TmpFile.rhP5DU of size 1003 and sha1 123d8c16811bd1cc3c68a467c3a92b2c8d2e3386 2014-11-24 05:59:05 <1> gk1(21113) [zypp] PublicKey.cc(readFromFile):397 Read pubkey from /var/tmp/TmpFile.rhP5DU: [868EA2EB32567F38-50757861] [devel:tools OBS Project <devel:tools@build.opensuse.org>] [8BE2DD6EBB28D2578A36828C868EA2EB32567F38] [TTL 24] ... 2014-11-24 05:59:10 <1> gk1(21113) [zypp::KeyRing] KeyRing.cc(verifyFileSignatureWorkflow):485 User does not want to accept unknown key 868EA2EB32567F38
Same for 868EA2EB32567F38. Now it would be interesting to have a log where you permanently accept a key and we can see whether it's actually imported into the rpmdb. Or a log where the trusted key was in the rpmdb and you nevertheless were asked to accept it. If such logs are available, please attach them. -- You are receiving this mail because: You are on the CC list for the bug.