rmt-cli mirror custom tumbleweed repo fails with gpg no public key error
I use the repository mirroring tool (rmt) to maintain local copies of leap repositories (currently 15.4 and 15.5). I am trying to add the tumbleweed repositories to my local set but the rmt-server-mirror service fails with the following in the logs: Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG command: gpg --homedir /tmp/rmt-mirror-gpg20240126-1357-11gdkuz --no-default-keyring --keyring /tmp/rmt-mirror-gpg20240126-1357-11gdkuz/keyring --verify /tmp/d20240126-1357-oemuy5/repodata/repomd.xml.asc /tmp/d20240126-1357-oemuy5/repodata/repomd.xml 2>&1 Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG output: gpg: Signature made Wed Oct 11 10:51:21 2023 BST Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: using RSA key 35A2F86E29B700A4 Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: Can't check signature: No public key Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: The following errors occurred while mirroring: Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Repository 'tw_update' (tw_update): Error while mirroring metadata: GPG signature verification failed. Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Mirroring completed with errors. The relevant lines from rmt-cli repos custom list are: | tw_non-oss | tw_non-oss | http://download.opensuse.org/tumbleweed/repo/non-oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:39 UTC | | tw_oss | tw_oss | http://download.opensuse.org/tumbleweed/repo/oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:36 UTC | | tw_update | tw_update | http://download.opensuse.org/update/tumbleweed/ | Not Mandatory | Mirror | | I have tried importing the public keys but, as the log message says, the gpg check is made using an ephemeral keyring and no others. Any thoughts on this?
On Fri, 26 Jan 2024 13:54:26 +0000, G McAlister <gmac@bitsofstring.co.uk> wrote:
I use the repository mirroring tool (rmt) to maintain local copies of leap repositories (currently 15.4 and 15.5). I am trying to add the tumbleweed repositories to my local set but the rmt-server-mirror service fails with the following in the logs:
Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG command: gpg --homedir /tmp/rmt-mirror-gpg20240126-1357-11gdkuz --no-default-keyring --keyring /tmp/rmt-mirror-gpg20240126-1357-11gdkuz/keyring --verify /tmp/d20240126-1357-oemuy5/repodata/repomd.xml.asc /tmp/d20240126-1357-oemuy5/repodata/repomd.xml 2>&1 Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG output: gpg: Signature made Wed Oct 11 10:51:21 2023 BST Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: using RSA key 35A2F86E29B700A4 Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: Can't check signature: No public key Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: The following errors occurred while mirroring: Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Repository 'tw_update' (tw_update): Error while mirroring metadata: GPG signature verification failed. Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Mirroring completed with errors.
The relevant lines from rmt-cli repos custom list are:
| tw_non-oss | tw_non-oss | http://download.opensuse.org/tumbleweed/repo/non-oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:39 UTC | | tw_oss | tw_oss | http://download.opensuse.org/tumbleweed/repo/oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:36 UTC | | tw_update | tw_update | http://download.opensuse.org/update/tumbleweed/ | Not Mandatory | Mirror | |
I have tried importing the public keys but, as the log message says, the gpg check is made using an ephemeral keyring and no others.
Since your Leap repos are working, you could compare the logs for the difference preceding this error. Maybe: grep -Ei '\<rmt\>|import|public|keyring|gpg|gnupg' -- Robert Webb
On 26/01/2024 22:27, Robert Webb wrote:
On Fri, 26 Jan 2024 13:54:26 +0000, G McAlister <gmac@bitsofstring.co.uk> wrote:
I use the repository mirroring tool (rmt) to maintain local copies of leap repositories (currently 15.4 and 15.5). I am trying to add the tumbleweed repositories to my local set but the rmt-server-mirror service fails with the following in the logs:
Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG command: gpg --homedir /tmp/rmt-mirror-gpg20240126-1357-11gdkuz --no-default-keyring --keyring /tmp/rmt-mirror-gpg20240126-1357-11gdkuz/keyring --verify /tmp/d20240126-1357-oemuy5/repodata/repomd.xml.asc /tmp/d20240126-1357-oemuy5/repodata/repomd.xml 2>&1 Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: GPG output: gpg: Signature made Wed Oct 11 10:51:21 2023 BST Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: using RSA key 35A2F86E29B700A4 Jan 26 10:06:40 rmt rmt-cli[1357]: gpg: Can't check signature: No public key Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: The following errors occurred while mirroring: Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Repository 'tw_update' (tw_update): Error while mirroring metadata: GPG signature verification failed. Jan 26 10:06:40 rmt rmt-cli[1357]: WARN: Mirroring completed with errors.
The relevant lines from rmt-cli repos custom list are:
| tw_non-oss | tw_non-oss | http://download.opensuse.org/tumbleweed/repo/non-oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:39 UTC | | tw_oss | tw_oss | http://download.opensuse.org/tumbleweed/repo/oss/ | Not Mandatory | Mirror | 2024-01-26 10:06:36 UTC | | tw_update | tw_update | http://download.opensuse.org/update/tumbleweed/ | Not Mandatory | Mirror | |
I have tried importing the public keys but, as the log message says, the gpg check is made using an ephemeral keyring and no others. Since your Leap repos are working, you could compare the logs for the difference preceding this error. Maybe: grep -Ei '\<rmt\>|import|public|keyring|gpg|gnupg' -- Robert Webb
Thanks for responding. Successful mirrors don't log this part of the process, so I have nothing to compare against. I have submitted a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1219256
participants (2)
-
G McAlister -
Robert Webb