On 6/23/22 07:24, Mark Hounschell wrote:
First I've seen this. I've recently installed packages like this and NOT seen this. Is it something to worry about? <snip>
Warning: File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned.
That isn't necessarily nefarious. It could just mean there was a failure in the gpg signing after createrepo --update was run. It's not saying the signature exists and is different from the stored signature, it's just saying the signature doesn't exist for this repomd.xml <snip>
File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned, continue? [yes/no] (no): no Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ...............................................................................................[error]
It can also be due to mirror sync problems or a whole host of other "screw ups" which is much more likely than being the result of "I've been hacked". I'd try a different direct mirror like http://ftp5.gwdg.de/pub/opensuse/update/leap/15.4/sle/ and see if the issue persists. If it doesn't, it's likely a timing or mirror sync issue -- but worth checking out regardless the cause. -- David C. Rankin, J.D.,P.E.