[opensuse-support] Tumbleweed: repository signature verification started failing for private repo
Hi, For some time I've been using a private repo for various programs I've repackaged. It's a very simple setup based on createrepo. Now my TW machine refuses to use this repo, complaining that File 'repomd.xml' from repository 'lmn_private' is signed with an unknown key '.....' I've done the following checks: 1. Downloaded $REPO/repodata/repomd.xml 2. Downloaded $REPO/repodata/repomd.xml.asc 3. Ran gpg --verify repomd.xml.asc repomd.xml The output matches the key reported by zypper. 4. Verified that the key is known to rpm using rpm -qi gpg-pubkey-...-..... The body of the key known to RPM and the public key used to sign the packages are identical. The verification fails on my TW machine, with zypper-1.14.5-1.1.x86_64 libzypp-17.3.1-1.1.x86_64 But works on a Leap 42.3 server with zypper-1.13.32-5.12.1.x86_64 libzypp-16.15.6-5.12.1.x86_64 I'm not sure where to go next from here, what else can I try? Thanks, Robert -- http://robert.muntea.nu/ -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Hi, Am Donnerstag, 7. Juni 2018, 23:20:44 CEST schrieb Robert Munteanu:
Now my TW machine refuses to use this repo, complaining that
File 'repomd.xml' from repository 'lmn_private' is signed with an unknown key '.....'
You might want to try creating a new signing key for the project using `osc signkey`. I remember having had a problem like this with my own home repo a while back (I think when switching to Leap 42.3). Kind Regards, Matthias -- Dr. Matthias Bach www.marix.org „Der einzige Weg, die Grenzen des Möglichen zu finden, ist ein klein wenig über diese hinaus in das Unmögliche vorzustoßen.“ - Arthur C. Clarke
Hi Matthias, On Sat, Jun 9, 2018 at 1:45 AM, Matthias Bach <marix@marix.org> wrote:
Hi,
Am Donnerstag, 7. Juni 2018, 23:20:44 CEST schrieb Robert Munteanu:
Now my TW machine refuses to use this repo, complaining that
File 'repomd.xml' from repository 'lmn_private' is signed with an unknown key '.....'
You might want to try creating a new signing key for the project using `osc signkey`. I remember having had a problem like this with my own home repo a while back (I think when switching to Leap 42.3).
This repo is not hosted on OBS, I manage it manually using 'createrepo' and 'gpg', e.g. #!/bin/sh createrepo html/yum/ gpg -u $KEY --detach-sign --armor html/yum/repodata/repomd.xml Robert -- http://robert.muntea.nu/ -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Just to circle back - I just noticed this started working. I "blame" the following update * Fri Aug 03 2018 ma@suse.de - Support listing gpgkey URLs in repo files (bsc#1088037) - Check for root privileges in zypper verify and si (bsc#1058515) - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822) - Sort search results by multiple columns (bsc#1066215) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - BuildRequires: libzypp-devel >= 17.6.0 - version 1.14.8 Best, Robert -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
participants (2)
-
Matthias Bach -
Robert Munteanu