[opensuse-factory] Can I disable gpg check for rpms stored locally
Hello, Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed. Is there a setting where I can disable the pop up warnings for my local repository? -- Cheers! Roman IRC: 551368250 ============== -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfTU78ACgkQja8UbcUWM1wqNQEAmY4kKClynQih/1C+gNZlJPHe s14qMEv/oBnORabvULYA/A+H6VRKWLw+abCXV7Q6nPEWokbcrgFbbLQ3QMoFnAkr =olh5 -----END PGP SIGNATURE-----
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away. -- Ken linux since 1994 S.u.S.E./openSUSE since 1996 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed. Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year. I think I'll make a bug report. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 04:44 PM, Roman Bysh wrote:
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year.
I think I'll make a bug report.
The integrity check happens for individual packages that are stored in a folder in my /home/username/local-repository folder. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 04:50 PM, Roman Bysh wrote:
On 09/10/2016 04:44 PM, Roman Bysh wrote:
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
> > Every time I install my rpms (stored locally) using Yast, I get two > pop up messages > telling me they're broken and that my system can be broken if > installed. > > Is there a setting where I can disable the pop up warnings for my > local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year.
I think I'll make a bug report.
The integrity check happens for individual packages that are stored in a folder in my /home/username/local-repository folder.
Here is the bug report. https://bugzilla.opensuse.org/show_bug.cgi?id=998294 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Roman Bysh
On 09/10/2016 04:50 PM, Roman Bysh wrote:
On 09/10/2016 04:44 PM, Roman Bysh wrote:
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > > > El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió: > > > > > Every time I install my rpms (stored locally) using Yast, I get two > > pop up messages > > telling me they're broken and that my system can > > be broken if installed. > > > > Is there a setting where I can disable the pop up warnings for my > > local repository? > > I use a local directory as local repo, and I get no > warning, but I use > 13.1. Do you mean the check for the repo itself, of the check for > individual packages? The later should not be affected. > > I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year.
I think I'll make a bug report.
The integrity check happens for individual packages that are stored in a folder in my /home/username/local-repository folder.
Here is the bug report. https://bugzilla.opensuse.org/show_bug.cgi?id=998294
Please consider some judicious trimming. It is really *not* beneficial to see the same lines repeated, and repeated, and ..... Not pleasing either. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat 10 Sep 2016 04:44:28 PM CDT, Roman Bysh wrote:
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
Every time I install my rpms (stored locally) using Yast, I get two pop up messages telling me they're broken and that my system can be broken if installed.
Is there a setting where I can disable the pop up warnings for my local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year.
I think I'll make a bug report. Hi AFAIK see the key has expired....
gpg --recv-keys 91e6e64b gpg: requesting key 91E6E64B from hkp server keys.gnupg.net gpg: key 91E6E64B: public key "home:enzokiel OBS Project home:enzokiel@build.opensuse.org" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 gpg --fingerprint 91e6e64b pub 1024D/91E6E64B 2008-01-22 [expired: 2010-04-01] Key fingerprint = 8514 7276 1146 DB32 B2D4 DB1D E4DA DB32 91E6 E64B uid [ expired] home:enzokiel OBS Project home:enzokiel@build.opensuse.org Get the version from the filesystem repo instead? -- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) openSUSE Leap 42.1|GNOME 3.16.2|4.1.27-27-default up 5:11, 2 users, load average: 0.06, 0.10, 0.17 CPU AMD Athlon(tm) II X4 635 @ 2.90GHz | GPU Nvidia GeForce 8800 GT -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/10/2016 06:00 PM, Malcolm wrote:
On Sat 10 Sep 2016 04:44:28 PM CDT, Roman Bysh wrote:
On 09/10/2016 04:39 PM, Roman Bysh wrote:
On 09/10/2016 04:31 PM, Roman Bysh wrote:
On 09/10/2016 10:37 AM, Ken Schneider wrote:
On 09/09/2016 08:28 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
El 2016-09-09 a las 19:29 -0400, Roman Bysh escribió:
> > Every time I install my rpms (stored locally) using Yast, I get > two pop up messages > telling me they're broken and that my system can be broken if > installed. > > Is there a setting where I can disable the pop up warnings for my > local repository?
I use a local directory as local repo, and I get no warning, but I use 13.1. Do you mean the check for the repo itself, of the check for individual packages? The later should not be affected.
I also use a local repo and get no such warnings. I would suggest removing the repo and add it again to see if the errors go away.
I'll try it and get back.
Follow Up
I deleted dmg2img and then reinstalled it. I still get a message that it's broken, integrity check has failed.
Error: INVALID:dmg2img-1.6.5-2.1.x86_64 (Local-Repository): Signature verification failed [4-Signatures public key is not available] Header V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY Header SHA1 digest: OK (d1905caf4f9dcf4daae492002191e24dc9f1b150) MD5 digest: OK (ecf23a5ebc35779ce51f066436259bef) V3 DSA/SHA1 Signature, key ID 91e6e64b: NOKEY
This message never popped up before openSUSE Leap and the more recent builds of Tumbleweed this year.
I think I'll make a bug report. Hi AFAIK see the key has expired....
gpg --recv-keys 91e6e64b
gpg: requesting key 91E6E64B from hkp server keys.gnupg.net gpg: key 91E6E64B: public key "home:enzokiel OBS Project home:enzokiel@build.opensuse.org" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
gpg --fingerprint 91e6e64b
pub 1024D/91E6E64B 2008-01-22 [expired: 2010-04-01] Key fingerprint = 8514 7276 1146 DB32 B2D4 DB1D E4DA DB32 91E6 E64B uid [ expired] home:enzokiel OBS Project home:enzokiel@build.opensuse.org
Get the version from the filesystem repo instead?
Understood. However, I'm getting these error with any rpm stored locally that I install using Yast2. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2016-09-10 a las 18:47 -0400, Roman Bysh escribió:
On 09/10/2016 06:00 PM, Malcolm wrote:
On Sat 10 Sep 2016 04:44:28 PM CDT, Roman Bysh wrote:
Hi AFAIK see the key has expired....
gpg --recv-keys 91e6e64b
gpg: requesting key 91E6E64B from hkp server keys.gnupg.net gpg: key 91E6E64B: public key "home:enzokiel OBS Project home:enzokiel@build.opensuse.org" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1
gpg --fingerprint 91e6e64b
pub 1024D/91E6E64B 2008-01-22 [expired: 2010-04-01] Key fingerprint = 8514 7276 1146 DB32 B2D4 DB1D E4DA DB32 91E6 E64B uid [ expired] home:enzokiel OBS Project home:enzokiel@build.opensuse.org
Get the version from the filesystem repo instead?
Understood. However, I'm getting these error with any rpm stored locally that I install using Yast2.
Well, of course, the rpms were made with a key that has expired. You either ignore, or download a fresh copy of those rpms. On the other hand, I think that YaST/zypper is incapable of refreshing an expired key. I don't know if that issue has been solved yet; the roundabout solution is to remove the affected repos and add them again. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfUrNwACgkQja8UbcUWM1zHhgD/am/5bSEm79x2Lgv/HsD1WVEe yfAr3EJaGvICcaIUhGYA/0twdppfTICTnm0ct0+DxGSaupdudUu7wMnbxd81Hc6i =as9H -----END PGP SIGNATURE-----
Well, of course, the rpms were made with a key that has expired. You either ignore, or download a fresh copy of those rpms.
On the other hand, I think that YaST/zypper is incapable of refreshing an expired key. I don't know if that issue has been solved yet; the roundabout solution is to remove the affected repos and add them again.
I'll download newer rpms and see if it still happens. They should integrate the two pop messages into a single one. Roman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Content-ID:
Well, of course, the rpms were made with a key that has expired. You either ignore, or download a fresh copy of those rpms.
On the other hand, I think that YaST/zypper is incapable of refreshing an expired key. I don't know if that issue has been solved yet; the roundabout solution is to remove the affected repos and add them again.
I'll download newer rpms and see if it still happens. They should integrate the two pop messages into a single one.
I have a doubt about this. If you download and store a package, and try to install it some time later, you may get the warning (error?) that the key expired. But at the time the rpm was made, the signature was correct. Same as for an old email. The message should say that the old package was *correctly* signed with a key now expired. That particular package (email) can not be signed with the currently correct key, ever. It was correctly signed ("sent") long ago. The warning messages should make the situation clear. If that is what happens (I don't know), it is not an error, but a bug in the software for not accepting the correct key for an old package, IMHO. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlfVqaMACgkQja8UbcUWM1zz4gD+NRPcsWPOM3gz+MEOTTDrMHE9 pMeMtt2/4ET3qPKUpQMA/2hMpX7PUTw72S+8SMH6LZhgJ9fyHascJOX567hiUGqN =tBaJ -----END PGP SIGNATURE-----
On 09/11/2016 02:59 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Content-ID:
El 2016-09-11 a las 12:54 -0400, Roman Bysh escribió:
Well, of course, the rpms were made with a key that has expired. You either ignore, or download a fresh copy of those rpms.
On the other hand, I think that YaST/zypper is incapable of refreshing an expired key. I don't know if that issue has been solved yet; the roundabout solution is to remove the affected repos and add them again.
I'll download newer rpms and see if it still happens. They should integrate the two pop messages into a single one.
I have a doubt about this.
If you download and store a package, and try to install it some time later, you may get the warning (error?) that the key expired. But at the time the rpm was made, the signature was correct. Same as for an old email.
The message should say that the old package was *correctly* signed with a key now expired. That particular package (email) can not be signed with the currently correct key, ever. It was correctly signed ("sent") long ago.
The warning messages should make the situation clear.
If that is what happens (I don't know), it is not an error, but a bug in the software for not accepting the correct key for an old package, IMHO.
- -- Cheers Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlfVqaMACgkQja8UbcUWM1zz4gD+NRPcsWPOM3gz+MEOTTDrMHE9 pMeMtt2/4ET3qPKUpQMA/2hMpX7PUTw72S+8SMH6LZhgJ9fyHascJOX567hiUGqN =tBaJ -----END PGP SIGNATURE----- Update
I was just notified to add to /etc/zypp/repos.d/local-repository gpgcheck=off This should disable the integrity check. I couldn't find this anywhere. Good to know. Roman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/11/2016 02:59 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Content-ID:
El 2016-09-11 a las 12:54 -0400, Roman Bysh escribió:
Well, of course, the rpms were made with a key that has expired. You either ignore, or download a fresh copy of those rpms.
On the other hand, I think that YaST/zypper is incapable of refreshing an expired key. I don't know if that issue has been solved yet; the roundabout solution is to remove the affected repos and add them again.
I'll download newer rpms and see if it still happens. They should integrate the two pop messages into a single one.
I have a doubt about this.
If you download and store a package, and try to install it some time later, you may get the warning (error?) that the key expired. But at the time the rpm was made, the signature was correct. Same as for an old email.
The message should say that the old package was *correctly* signed with a key now expired. That particular package (email) can not be signed with the currently correct key, ever. It was correctly signed ("sent") long ago.
The warning messages should make the situation clear.
If that is what happens (I don't know), it is not an error, but a bug in the software for not accepting the correct key for an old package, IMHO.
- -- Cheers Carlos E. R.
(from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iF4EAREIAAYFAlfVqaMACgkQja8UbcUWM1zz4gD+NRPcsWPOM3gz+MEOTTDrMHE9 pMeMtt2/4ET3qPKUpQMA/2hMpX7PUTw72S+8SMH6LZhgJ9fyHascJOX567hiUGqN =tBaJ -----END PGP SIGNATURE-----
Update 2 I was just notified to add to /etc/zypp/repos.d/local-repository gpgcheck=off This should disable the integrity check. I couldn't find this anywhere. Good to know. Roman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (5)
-
Carlos E. R. -
Ken Schneider -
Malcolm -
Patrick Shanahan -
Roman Bysh