[opensuse] Importing GPG Keys with Zypper
If I delete a GPG key pertaining to a specific repo in YaST2 and then possibly delete the repo itself, then readd the repo, more times than not zypper doesn't ask for to readd the the GPG key. Some other weird behaviour is that when refreshing the repos after having added new ones which may have existed before, and whose GPG keys got deleted, zypper asks if I want to import the GPG key. I press 'a' to trust "always", and it's then done refreshing the repos. I go into YaST2
Software Repositories > GPG Keys, and they key isn't even there. This behaviour seems flaky to me but maybe I'm missing something. Is there a way with zypper to force to add a GPG key, and why isn't it showing up in YaST2 after selecting the "trust always" option? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-07-12 07:37, fastcpu@openmailbox.org wrote:
If I delete a GPG key pertaining to a specific repo in YaST2 and then possibly delete the repo itself, then readd the repo, more times than not zypper doesn't ask for to readd the the GPG key.
Some other weird behaviour is that when refreshing the repos after having added new ones which may have existed before, and whose GPG keys got deleted, zypper asks if I want to import the GPG key. I press 'a' to trust "always", and it's then done refreshing the repos. I go into YaST2
Software Repositories > GPG Keys, and they key isn't even there. This behaviour seems flaky to me but maybe I'm missing something. Is there a way with zypper to force to add a GPG key, and why isn't it showing up in YaST2 after selecting the "trust always" option?
You access them with commands like "rpmkeys". Its man says: +++················· For example, all currently imported public keys can be displayed by: rpm -qa gpg-pubkey* ·················++- I think they are stored here: /var/lib/rpm/Pubkeys, which is a database. I don't know how to display information about them, only the command above. Given one of those keys, you can do "rpm -qi key-package" to get information. Possibly yast/zypper can do similarly. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 07/12/2016 05:08 AM, Carlos E. R. wrote:
You access them with commands like "rpmkeys". Its man says: +++················· For example, all currently imported public keys can be displayed by:
rpm -qa gpg-pubkey* ·················++-
I think they are stored here: /var/lib/rpm/Pubkeys, which is a database. No such directory on my TW.
I don't know how to display information about them, only the command above. Given one of those keys, you can do "rpm -qi key-package" to get information. That doesnt work: "package key-package is not installed"
with "rpm -qa gpg-pubkey*" I was able to delete all the signing keys but one, even though none of them were listed in YaST2 as I earlier wrote. The problem now, is that using "rpm -e gpg-pubkey-b0d19f7e-53fd727e" which is the last pubkey left to erase, throws this error: "error: package gpg-pubkey-b0d19f7e-53fd727e is not installed". I don't get how it's not installed when it comes up using "rpm -qa gpg-pubkey*" So where I'm at now is there's one "stuck" pubkey that is not wanting to get erased, and I also noticed there were a bunch of duplicates. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue 12 Jul 2016 07:06:36 AM CDT, fastcpu wrote: <snip>
So where I'm at now is there's one "stuck" pubkey that is not wanting to get erased, and I also noticed there were a bunch of duplicates.
Hi Try cleaning up the rpm database... rpm --rebuilddb Ref: https://forums.opensuse.org/showthread.php/512615-How-do-I-un-trust-a-repo -- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) openSUSE Leap 42.1|GNOME 3.16.2|4.1.26-21-default up 12:50, 3 users, load average: 0.69, 0.31, 0.19 CPU AMD Athlon(tm) II X4 635 @ 2.90GHz | GPU Nvidia GeForce 8800 GT -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-07-12 07:32, Malcolm wrote:
On Tue 12 Jul 2016 07:06:36 AM CDT, fastcpu wrote:
<snip>
So where I'm at now is there's one "stuck" pubkey that is not wanting to get erased, and I also noticed there were a bunch of duplicates.
Hi Try cleaning up the rpm database...
rpm --rebuilddb
Ref: https://forums.opensuse.org/showthread.php/512615-How-do-I-un-trust-a-repo
-- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) openSUSE Leap 42.1|GNOME 3.16.2|4.1.26-21-default up 12:50, 3 users, load average: 0.69, 0.31, 0.19 CPU AMD Athlon(tm) II X4 635 @ 2.90GHz | GPU Nvidia GeForce 8800 GT
I tried "rpm --rebuilddb" as I already thought of that and that didn't solve the issue. I ended up running out of ideas, until I finally figured I may as well just delete the repo itself (it was the telephony repo) and then see if then it went away by viewing with "rpm -qa gpg-pubkey*" Sure enough, that did it. I found the directory where the GPG keys reside: /var/cache/zypp/raw/ After deleting that repo, I readded it, then ran: zypper clean -a zypper --gpg-auto-import-keys ref This solved the issue. So for whatever reason even though I completely cleared out /var/cache/zypp/raw/ that one stubborn key wouldn't go away until actually removing the repo itself. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-07-12 16:06, fastcpu wrote:
On 07/12/2016 05:08 AM, Carlos E. R. wrote:
I think they are stored here: /var/lib/rpm/Pubkeys, which is a database. No such directory on my TW.
It is a file, not a directory. But anyway, it does not seem to exist in my TW, either.
I don't know how to display information about them, only the command above. Given one of those keys, you can do "rpm -qi key-package" to get information. That doesnt work: "package key-package is not installed"
It does here (test TW install): Tumbleweed:~ # rpm -qa gpg-pubkey* gpg-pubkey-3dbdc284-53674dd4 gpg-pubkey-1abd1afb-54176598 gpg-pubkey-61e7d06c-56e14387 gpg-pubkey-307e3d54-4be01a65 Tumbleweed:~ # rpm -qi gpg-pubkey-307e3d54-4be01a65 Name : gpg-pubkey Version : 307e3d54 Release : 4be01a65 Architecture: (none) Install Date: Mon Aug 3 05:41:28 2015 Group : Public Keys Size : 0 License : pubkey Signature : (none) Source RPM : (none) Build Date : Tue May 4 15:00:21 2010 Build Host : localhost Relocations : (not relocatable) Packager : SuSE Package Signing Key <build@suse.de> Summary : gpg(SuSE Package Signing Key <build@suse.de>) Description : -----BEGIN PGP PUBLIC KEY BLOCK-----
with "rpm -qa gpg-pubkey*" I was able to delete all the signing keys but one, even though none of them were listed in YaST2 as I earlier wrote. The problem now, is that using "rpm -e gpg-pubkey-b0d19f7e-53fd727e" which is the last pubkey left to erase, throws this error: "error: package gpg-pubkey-b0d19f7e-53fd727e is not installed". I don't get how it's not installed when it comes up using "rpm -qa gpg-pubkey*"
It can be a database corruption. Try first with "rpm --rebuilddb" Ah. I see now your other answers, that you solved the issue. I didn't think of /var/cache/zypp/raw/. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
participants (4)
-
Carlos E. R. -
fastcpu -
fastcpu@openmailbox.org
-
Malcolm