http://bugzilla.opensuse.org/show_bug.cgi?id=1161247 http://bugzilla.opensuse.org/show_bug.cgi?id=1161247#c3 --- Comment #3 from dev guy --- Created attachment 828197 --> http://bugzilla.opensuse.org/attachment.cgi?id=828197&action=edit log file 2 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1161247 http://bugzilla.opensuse.org/show_bug.cgi?id=1161247#c5 --- Comment #5 from dev guy --- Created attachment 828199 --> http://bugzilla.opensuse.org/attachment.cgi?id=828199&action=edit log file 4 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1161247 http://bugzilla.opensuse.org/show_bug.cgi?id=1161247#c7 Michael Andres changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(devguy.ca@gmail.c | |om) | --- Comment #7 from Michael Andres --- === In the log I see just one rpm package signing issue:

2019-12-31 03:01:48 'zypper' 'in' 'code-insiders-1.42.0-1576829237.el7.x86_64.rpm'

/var/tmp/zypp.w9g6Oz/zypper/_tmpRPMcache_/%CLI%/code-insiders-1.42.0-1576829237.el7.x86_64.rpm (1 -> [4-Signatures public key is not available]) Header V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY V4 RSA/SHA256 Signature, key ID be1229cf: NOKEY code-insiders-1.42.0-1576829237.el7.x86_64 (Plain RPM files cache): User requested to accept insecure file

Here you've been prompted, and accepted to install the package passed on the commandline despite the unknonw/missing key. === Regarding packaman is see several repository metadata related issues starting 2020-01-17 09:13 and ending after 2020-01-17 09:24. The affected commands are:

TIME PID VER CMD 2020-01-17 09:13 5381 1.14.33 zypper refresh 2020-01-17 09:14 5486 1.14.33 zypper update 2020-01-17 09:20 6036 1.14.33 zypper refresh 2020-01-17 09:20 6064 1.14.33 zypper update 2020-01-17 09:21 6100 1.14.33 zypper ar -cfp 90 http://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Tumbleweed/ packman 2020-01-17 09:21 6149 1.14.33 zypper dup --from packman --allow-vendor-change

2020-01-17 09:22 6236 1.14.33 zypper refresh 2020-01-17 09:22 6300 1.14.33 zypper update 2020-01-17 09:24 6600 1.14.33 zypper refresh 2020-01-17 09:24 6630 1.14.33 zypper update

To me it looks like packaman temporarily had some trouble rebuilding or republishing new repository metadata. Up to PID 6149 you've been prompted that primary.xml.gz (the catalog of packages) has a wrong checksum and you patiently decided to discard the file and the repo was skipped. In PID 6149 however you explicitly entered the code '9c1d' to force zypper into accepting primary.xml.gz with WRONG CHECKSUM. The remaining commands then report issues parsing the (malformed) primary.xml.gz you accepted. Actually not a zypper issue. Also none of the zypper commands above, where the repo was corrupted, did install any package. So this can not have damaged any of your installed packages. You re-added packman at 10:49 and AFAICS the metadata issues had been resolved. The repo worked again as expected. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1161247 http://bugzilla.opensuse.org/show_bug.cgi?id=1161247#c9 --- Comment #9 from Michael Andres --- (In reply to dev guy from comment #8)

However if as you told me zypper will verify all packages signature before installing it. Then why part way through, did zypper prompted me to accept or decline a bad package?

To make it clear: We're not talking about a package here! You have not been prompted to accept or decline a bad package! The checksum error affected the packman repositories metadata: Before zypper even starts to compute which packages to update, we check and get the latest repository metadata (aka auto-refresh). This is where the error occurred and it lead to skipping the packman repository. We were not able to determine the repositories content, so we can't compute an update for packman. This is at the beginning of an update and not 'part way through'. We did not even start to compute what could be updated. In fact the update commands which reported the checksum issue did not install any package at all. Not even the 'zypper dup --from packman --allow-vendor-change' command where you accepted the broken metadata file. According to the zypper log the last install by zypper was a successfull 'zypper up' at 2020-01-17 06:12:43 (17 packages updated, should be visible in your /var/log/zypp/history). The checksum issue started at 09:13:32. The next package related action by zypper was 'zypper remove firefox' at 09:59:36. Throughout your log there's no partial or incomplete install. AFAICS the checksum issue can not have affected the consistency of your system. The problem you experienced is most probably caused by one of the packages that were updated, but not by zypper having installed a broken package. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1161247 http://bugzilla.opensuse.org/show_bug.cgi?id=1161247#c11 Michael Andres changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #11 from Michael Andres --- You're welcome. Closing it. -- You are receiving this mail because: You are on the CC list for the bug.