Hi, I currently use a Leap 15.1 system where I added a repo from my OBS instance and if I want to update the system with zypper everything works fine - but sometimes the following issue occurs: ======================== ~ # LC_ALL=C zypper se mypackage Retrieving repository 'myrepo' metadata ----------------------[\] Signature verification failed for file 'repomd.xml' from repository 'myrepo'. Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise. Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the whole repo. Warning: This file was modified after it has been signed. This may have been a malicious change, so it might not be trustworthy anymore! You should not continue unless you know it's safe. Signature verification failed for file 'repomd.xml' from repository 'myrepo'. Continue? [yes/no] (no): ======================== And basically there is nothing I can do against it. I tried to force the refresh, reset snapshots and try again... but this does not help. The repomd.xml exists and contains my file, the signed file has the same timestamp, triggering a rebuild does not help... I had this once and if I came back to work next day it magically worked (until I rebuilt the package, then I had the same issue again). I was able to work 2-3 weeks now without this issue but it occurred again. So it seems there is a bug in the sign or deployment process somewhere. Is this known? The signer.log contains the signing messages and the waiting for event messages. No errors here. What can I do? Best regards, Mark -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org