Forcing a specific kernel to be installed on openSUSE TW:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar... Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed). I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies... The following NEW package is going to be installed: kernel-default-5.11.16-1.1.ge06d321 The following package requires a system reboot: kernel-default-5.11.16-1.1.ge06d321 1 new package to install. Overall download size: 72.4 MiB. Already cached: 0 B. After the operation, additional 215.3 MiB will be used. Note: System reboot required. Continue? [y/n/v/...? shows all options] (y): y Retrieving package kernel-default-5.11.16-1.1.ge06d321.i586 (1/1), 72.4 MiB (215.3 MiB unpacked) kernel-default-5.11.16-1.1.ge06d321.i586.rpm: Header V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY Looking for gpg key ID F6E74BF5 in cache /var/cache/zypp/pubkeys. Repository kernel-default-5.11.16-1.1.ge06d321.i586.rpm does not define additional 'gpgkey=' URLs. kernel-default-5.11.16-1.1.ge06d321.i586 (kernel-default-5.11.16-1.1.ge06d321.i586.rpm): Signature verification failed [4-Signatures public key is not available] Abort, retry, ignore? [a/r/i] (a): 1. How can I correct this "Signature verification failed [4-Signatures public key is not available]" message? ===================================Instructions===============================
And, I have the rpms from a commercial package--I can (and do) install
them from the command line. These will
never be in the repos.
Very bad idea to use commercial packages with Tumbleweed, that is asking for trouble.
I will explain, again, how you do this. 1) Create a directory, for example /home/doug/extrarepository/ 2) Copy all the rpms from that commercial thing into that directory. 3) start yast as root in graphic mode: su - yast2 4) Start the "Software repository" module 5) Click the button "Add repository" 6) on the list that appears, click "Local directory", then [next]. 7.0) On "repository name" put whatever you like. 7.1) On path to directory, you write the path (/home/doug/extrarepository/). 7.2) Click on "Plain rpm directory" 7.3) [NEXT] It thinks for a while, and if all goes well, you click [OK]. Now, you have created your own private repository for external packages. Next, install those packages. 1) On YaST, click "Software management module 2) On view, select "repositories". 3.0) On repositories, you will see a list of repositories on the left panel. Select the repository you created. 3.1) On the right panel, you will see the list of packages in that repository. If it is empty, exit YaST, run "zypper refresh --force" and try yast2 again. 3.2) select the package, solve the dependencies if needed, accept and finish. Done. ======================================================================================================
On 06/05/2021 06.10, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from
the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The following NEW package is going to be installed: kernel-default-5.11.16-1.1.ge06d321 The following package requires a system reboot: kernel-default-5.11.16-1.1.ge06d321 1 new package to install. Overall download size: 72.4 MiB. Already cached: 0 B. After the operation, additional 215.3 MiB will be used. Note: System reboot required. Continue? [y/n/v/...? shows all options] (y): y Retrieving package kernel-default-5.11.16-1.1.ge06d321.i586 (1/1), 72.4 MiB (215.3
MiB unpacked) kernel-default-5.11.16-1.1.ge06d321.i586.rpm: Header V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY Looking for gpg key ID F6E74BF5 in cache /var/cache/zypp/pubkeys. Repository kernel-default-5.11.16-1.1.ge06d321.i586.rpm does not define additional
'gpgkey=' URLs. kernel-default-5.11.16-1.1.ge06d321.i586 (kernel-default-5.11.16-1.1.ge06d321.i586.rpm): Signature verification failed [4-Signatures public key is not available] Abort, retry, ignore?
[a/r/i] (a):
1. How can I correct this "Signature verification failed [4-Signatures public key is not available]" message?
Fast method: "i". Correct method: ask the developer for the key. If you are curious: cer@Telcontar:~/Fusion> gpg2 --search-keys f6e74bf5 gpg: data source: http://keys.gnupg.net:11371 (1) home:tiwai OBS Project home:tiwai@build.opensuse.org 2048 bit RSA key 4BF05F46F6E74BF5, created: 2013-07-17, expires: 2017-12-02 (expired) Keys 1-1 of 1 for "f6e74bf5". Enter number(s), N)ext, or Q)uit > q gpg: error searching keyserver: Operation cancelled gpg: keyserver search failed: Operation cancelled cer@Telcontar:~/Fusion> -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
Hi On 5/6/21 7:08 PM, Carlos E. R. wrote:
On 06/05/2021 06.10, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from
the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
The following NEW package is going to be installed: kernel-default-5.11.16-1.1.ge06d321 The following package requires a system reboot: kernel-default-5.11.16-1.1.ge06d321 1 new package to install. Overall download size: 72.4 MiB. Already cached: 0 B. After the operation, additional 215.3 MiB will be used. Note: System reboot required. Continue? [y/n/v/...? shows all options] (y): y Retrieving package kernel-default-5.11.16-1.1.ge06d321.i586 (1/1), 72.4 MiB (215.3
MiB unpacked) kernel-default-5.11.16-1.1.ge06d321.i586.rpm: Header V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY V3 RSA/SHA256 Signature, key ID f6e74bf5: NOKEY Looking for gpg key ID F6E74BF5 in cache /var/cache/zypp/pubkeys. Repository kernel-default-5.11.16-1.1.ge06d321.i586.rpm does not define additional
'gpgkey=' URLs. kernel-default-5.11.16-1.1.ge06d321.i586 (kernel-default-5.11.16-1.1.ge06d321.i586.rpm): Signature verification failed [4-Signatures public key is not available] Abort, retry, ignore?
[a/r/i] (a):
1. How can I correct this "Signature verification failed [4-Signatures public key is not available]" message?
...
If you are curious:
cer@Telcontar:~/Fusion> gpg2 --search-keys f6e74bf5 gpg: data source: http://keys.gnupg.net:11371 (1) home:tiwai OBS Project home:tiwai@build.opensuse.org 2048 bit RSA key 4BF05F46F6E74BF5, created: 2013-07-17, expires: 2017-12-02 (expired) Keys 1-1 of 1 for "f6e74bf5". Enter number(s), N)ext, or Q)uit > q gpg: error searching keyserver: Operation cancelled gpg: keyserver search failed: Operation cancelled cer@Telcontar:~/Fusion>
Actually looks like Takashi needs to refresh this key as its expired (obs handles this better now then it did in 2017), I added him to this email thread. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Thanks,
On 06/05/2021 13.32, -pj wrote:
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Well, that if you haven't added the repository first. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 5/6/21 10:33 AM, Carlos E. R. wrote:
On 06/05/2021 13.32, -pj wrote:
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Well, that if you haven't added the repository first.
So the above command will install only a certain ".rpm" it will not install anything more. That makes some sense. localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working. Thanks
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
On 06/05/2021 13.32, -pj wrote:
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Well, that if you haven't added the repository first.
So the above command will install only a certain ".rpm" it will not install anything more. That makes some sense.
It will try to solve dependencies. What I do not know is if it considers other files at the same path.
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try? -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 5/6/21 2:56 PM, Carlos E. R. wrote:
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
On 06/05/2021 13.32, -pj wrote:
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Well, that if you haven't added the repository first.
So the above command will install only a certain ".rpm" it will not install anything more. That makes some sense.
It will try to solve dependencies. What I do not know is if it considers other files at the same path.
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try?
Yes, there was success. with "zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar... ".
On 5/6/21 3:28 PM, -pj wrote:
On 5/6/21 2:56 PM, Carlos E. R. wrote:
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
On 06/05/2021 13.32, -pj wrote:
On 5/5/21 11:10 PM, -pj wrote:
I followed the following instructions (listed below) in an attempt to install a specific kernel on my laptop computer which I downloaded from the following webpage: > https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Completing the Instructions below. I powercycled the laptop and it loaded into the bootmenu now listing multiple kernels -BUT- not kernel-default-5.11.16-1.1.ge06d321.i586.rpm (Which I intended to be installed).
I have tried entering the following in Konsole's - bash terminal command line as root user (su -)as follows: localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 Loading repository data... Reading installed packages... Resolving package dependencies...
The above command should have been: > zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
Well, that if you haven't added the repository first.
So the above command will install only a certain ".rpm" it will not install anything more. That makes some sense.
It will try to solve dependencies. What I do not know is if it considers other files at the same path.
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try?
Yes, there was success. with "zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar... ".
I ignored the key warning because the maintainer claimed it was ok to do so. :|
On 06/05/2021 22.37, -pj wrote:
On 5/6/21 3:28 PM, -pj wrote:
On 5/6/21 2:56 PM, Carlos E. R. wrote:
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
...
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try?
Yes, there was success. with "zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
".
I ignored the key warning because the maintainer claimed it was ok to do so. :|
Yes, we have a security issue with key management. Someday it will bite us, IMHO. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 5/7/21 6:33 AM, Carlos E. R. wrote:
On 06/05/2021 22.37, -pj wrote:
On 5/6/21 3:28 PM, -pj wrote:
On 5/6/21 2:56 PM, Carlos E. R. wrote:
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
...
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try?
Yes, there was success. with "zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
".
I ignored the key warning because the maintainer claimed it was ok to do so. :|
Yes, we have a security issue with key management. Someday it will bite us, IMHO.
Its better then it was, in most places it should work fine, in this case all that could happen is someone could do a man in the middle attack and give you a different kernel but thats pretty unlikely. -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
On 07/05/2021 04.36, Simon Lees wrote:
On 5/7/21 6:33 AM, Carlos E. R. wrote:
On 06/05/2021 22.37, -pj wrote:
On 5/6/21 3:28 PM, -pj wrote:
On 5/6/21 2:56 PM, Carlos E. R. wrote:
On 06/05/2021 21.44, -pj wrote:
On 5/6/21 10:33 AM, Carlos E. R. wrote:
...
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
It failed, as far as I know, because of a PGP key missing, and we commented about what to do. Did you try?
Yes, there was success. with "zypper install https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/standar...
".
I ignored the key warning because the maintainer claimed it was ok to do so. :|
Yes, we have a security issue with key management. Someday it will bite us, IMHO.
Its better then it was, in most places it should work fine, in this case all that could happen is someone could do a man in the middle attack and give you a different kernel but thats pretty unlikely.
We all trust that it is pretty unlikely and press "ignore", but one day some bad actor may do damage. Our handling or PGP keys is not secure and consistent enough. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-05-07 04:44:24 Carlos E. R. wrote:
|On 07/05/2021 04.36, Simon Lees wrote: |> On 5/7/21 6:33 AM, Carlos E. R. wrote: |>> On 06/05/2021 22.37, -pj wrote: |>>> On 5/6/21 3:28 PM, -pj wrote: |>>>> On 5/6/21 2:56 PM, Carlos E. R. wrote: |>>>>> On 06/05/2021 21.44, -pj wrote: |>>>>>> On 5/6/21 10:33 AM, Carlos E. R. wrote: |>> |>> ... |>> |>>>>>> localhost:~ # zypper install --oldpackage |>>>>>> kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not |>>>>>> working. |>>>>> |>>>>> It failed, as far as I know, because of a PGP key missing, and we |>>>>> commented about what to do. Did you try? |>>>> |>>>> Yes, there was success. with "zypper install |>>>> https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/ |>>>>standard/i586/kernel-default-5.11.16-1.1.ge06d321.i586.rpm |>>>> |>>>> ". |>>> |>>> I ignored the key warning because the maintainer claimed it was ok to | |do | |>>> so. :| |>> |>> Yes, we have a security issue with key management. Someday it will bite |>> us, IMHO. |> |> Its better then it was, in most places it should work fine, in this case |> all that could happen is someone could do a man in the middle attack and |> give you a different kernel but thats pretty unlikely. | |We all trust that it is pretty unlikely and press "ignore", but one day |some bad actor may do damage. Our handling or PGP keys is not secure and |consistent enough.
Maybe zypper should display the info you posted that shows the key's provider, instead of offering the 'ignore' option. Leslie -- openSUSE Leap 15.2 x86_64
On 07/05/2021 21.11, J Leslie Turriff wrote:
On 2021-05-07 04:44:24 Carlos E. R. wrote:
|On 07/05/2021 04.36, Simon Lees wrote: |> On 5/7/21 6:33 AM, Carlos E. R. wrote: |>> On 06/05/2021 22.37, -pj wrote: |>>> On 5/6/21 3:28 PM, -pj wrote: |>>>> On 5/6/21 2:56 PM, Carlos E. R. wrote: |>>>>> On 06/05/2021 21.44, -pj wrote: |>>>>>> On 5/6/21 10:33 AM, Carlos E. R. wrote: |>> |>> ... |>> |>>>>>> localhost:~ # zypper install --oldpackage |>>>>>> kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not |>>>>>> working. |>>>>> |>>>>> It failed, as far as I know, because of a PGP key missing, and we |>>>>> commented about what to do. Did you try? |>>>> |>>>> Yes, there was success. with "zypper install |>>>> https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5.11/ |>>>>standard/i586/kernel-default-5.11.16-1.1.ge06d321.i586.rpm |>>>> |>>>> ". |>>> |>>> I ignored the key warning because the maintainer claimed it was ok to | |do | |>>> so. :| |>> |>> Yes, we have a security issue with key management. Someday it will bite |>> us, IMHO. |> |> Its better then it was, in most places it should work fine, in this case |> all that could happen is someone could do a man in the middle attack and |> give you a different kernel but thats pretty unlikely. | |We all trust that it is pretty unlikely and press "ignore", but one day |some bad actor may do damage. Our handling or PGP keys is not secure and |consistent enough.
Maybe zypper should display the info you posted that shows the key's provider, instead of offering the 'ignore' option.
It is not that simple. The key I queried using the program pgp can not be added to zypper, they are independent databases and methods. And in this case, the key was expired. Further, to my knowledge there is not a policy about what can or should a user do when there is a problem with the pgp key of a repository or a package fails. How to act, who to contact, etc. Ignoring the problem is not the correct way to go. Someday it will bite us. But it is basically the only thing users can do. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 2021-05-07 15:32:28 Carlos E. R. wrote:
|On 07/05/2021 21.11, J Leslie Turriff wrote: |> On 2021-05-07 04:44:24 Carlos E. R. wrote: |>> |On 07/05/2021 04.36, Simon Lees wrote: |>> |> On 5/7/21 6:33 AM, Carlos E. R. wrote: |>> |>> On 06/05/2021 22.37, -pj wrote: |>> |>>> On 5/6/21 3:28 PM, -pj wrote: |>> |>>>> On 5/6/21 2:56 PM, Carlos E. R. wrote: |>> |>>>>> On 06/05/2021 21.44, -pj wrote: |>> |>>>>>> On 5/6/21 10:33 AM, Carlos E. R. wrote: |>> |>> |>> |>> ... |>> |>> |>> |>>>>>> localhost:~ # zypper install --oldpackage |>> |>>>>>> kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not |>> |>>>>>> working. |>> |>>>>> |>> |>>>>> It failed, as far as I know, because of a PGP key missing, and |>> |>>>>> we commented about what to do. Did you try? |>> |>>>> |>> |>>>> Yes, there was success. with "zypper install |>> |>>>> https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5 |>> |>>>>.11/ standard/i586/kernel-default-5.11.16-1.1.ge06d321.i586.rpm |>> |>>>> |>> |>>>> ". |>> |>>> |>> |>>> I ignored the key warning because the maintainer claimed it was ok |>> |>>> to |>> | |>> |do |>> | |>> |>>> so. :| |>> |>> |>> |>> Yes, we have a security issue with key management. Someday it will | |bite | |>> |>> us, IMHO. |>> |> |>> |> Its better then it was, in most places it should work fine, in this | |case | |>> |> all that could happen is someone could do a man in the middle attack |>> |> and give you a different kernel but thats pretty unlikely. |>> | |>> |We all trust that it is pretty unlikely and press "ignore", but one |>> | day some bad actor may do damage. Our handling or PGP keys is not |>> | secure and consistent enough. |> |> Maybe zypper should display the info you posted that shows the key's |> provider, instead of offering the 'ignore' option. | |It is not that simple. The key I queried using the program pgp can not |be added to zypper, they are independent databases and methods. And in |this case, the key was expired. Further, to my knowledge there is not a |policy about what can or should a user do when there is a problem with |the pgp key of a repository or a package fails. How to act, who to |contact, etc. | |Ignoring the problem is not the correct way to go. Someday it will bite |us. But it is basically the only thing users can do.
Probably I misunderstood what you were trying to convey with the method for displaying the key as you did; I thought it was a way of identifying the package's owner so that one could notify that the key was missing, which (in lieu of having zypper do it) would be the best option for whoever is trying to install the package. Leslie -- openSUSE Leap 15.2 x86_64
On 07/05/2021 22.44, J Leslie Turriff wrote:
On 2021-05-07 15:32:28 Carlos E. R. wrote:
|On 07/05/2021 21.11, J Leslie Turriff wrote: |> On 2021-05-07 04:44:24 Carlos E. R. wrote: |>> |On 07/05/2021 04.36, Simon Lees wrote: |>> |> On 5/7/21 6:33 AM, Carlos E. R. wrote: |>> |>> On 06/05/2021 22.37, -pj wrote: |>> |>>> On 5/6/21 3:28 PM, -pj wrote: |>> |>>>> On 5/6/21 2:56 PM, Carlos E. R. wrote: |>> |>>>>> On 06/05/2021 21.44, -pj wrote: |>> |>>>>>> On 5/6/21 10:33 AM, Carlos E. R. wrote: |>> |>> |>> |>> ... |>> |>> |>> |>>>>>> localhost:~ # zypper install --oldpackage |>> |>>>>>> kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not |>> |>>>>>> working. |>> |>>>>> |>> |>>>>> It failed, as far as I know, because of a PGP key missing, and |>> |>>>>> we commented about what to do. Did you try? |>> |>>>> |>> |>>>> Yes, there was success. with "zypper install |>> |>>>> https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5 |>> |>>>>.11/ standard/i586/kernel-default-5.11.16-1.1.ge06d321.i586.rpm |>> |>>>> |>> |>>>> ". |>> |>>> |>> |>>> I ignored the key warning because the maintainer claimed it was ok |>> |>>> to |>> | |>> |do |>> | |>> |>>> so. :| |>> |>> |>> |>> Yes, we have a security issue with key management. Someday it will | |bite | |>> |>> us, IMHO. |>> |> |>> |> Its better then it was, in most places it should work fine, in this | |case | |>> |> all that could happen is someone could do a man in the middle attack |>> |> and give you a different kernel but thats pretty unlikely. |>> | |>> |We all trust that it is pretty unlikely and press "ignore", but one |>> | day some bad actor may do damage. Our handling or PGP keys is not |>> | secure and consistent enough. |> |> Maybe zypper should display the info you posted that shows the key's |> provider, instead of offering the 'ignore' option. | |It is not that simple. The key I queried using the program pgp can not |be added to zypper, they are independent databases and methods. And in |this case, the key was expired. Further, to my knowledge there is not a |policy about what can or should a user do when there is a problem with |the pgp key of a repository or a package fails. How to act, who to |contact, etc. | |Ignoring the problem is not the correct way to go. Someday it will bite |us. But it is basically the only thing users can do.
Probably I misunderstood what you were trying to convey with the method for displaying the key as you did; I thought it was a way of identifying the package's owner so that one could notify that the key was missing, which (in lieu of having zypper do it) would be the best option for whoever is trying to install the package.
Yes, certainly, the method identifies who the key belongs to. Not the package owner. That's the job of the admin person >:-) In fact, what I was trying to find out was if the key could be downloaded, but no. If you want automation, the Build Service should have detected that the key was invalid and activate alarms. Possibly unpublish the packages or the repos automatically. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On 5/7/21 3:44 PM, J Leslie Turriff wrote:
|On 07/05/2021 21.11, J Leslie Turriff wrote: |> On 2021-05-07 04:44:24 Carlos E. R. wrote: |>> |On 07/05/2021 04.36, Simon Lees wrote: |>> |> On 5/7/21 6:33 AM, Carlos E. R. wrote: |>> |>> On 06/05/2021 22.37, -pj wrote: |>> |>>> On 5/6/21 3:28 PM, -pj wrote: |>> |>>>> On 5/6/21 2:56 PM, Carlos E. R. wrote: |>> |>>>>> On 06/05/2021 21.44, -pj wrote: |>> |>>>>>> On 5/6/21 10:33 AM, Carlos E. R. wrote: |>> |>> |>> |>> ... |>> |>> |>> |>>>>>> localhost:~ # zypper install --oldpackage |>> |>>>>>> kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not |>> |>>>>>> working. |>> |>>>>> |>> |>>>>> It failed, as far as I know, because of a PGP key missing, and |>> |>>>>> we commented about what to do. Did you try? |>> |>>>> |>> |>>>> Yes, there was success. with "zypper install |>> |>>>> https://download.opensuse.org/repositories/home:/tiwai:/kernel:/5 |>> |>>>>.11/ standard/i586/kernel-default-5.11.16-1.1.ge06d321.i586.rpm |>> |>>>> |>> |>>>> ". |>> |>>> |>> |>>> I ignored the key warning because the maintainer claimed it was ok |>> |>>> to |>> | |>> |do |>> | |>> |>>> so. :| |>> |>> |>> |>> Yes, we have a security issue with key management. Someday it will | |bite | |>> |>> us, IMHO. |>> |> |>> |> Its better then it was, in most places it should work fine, in this | |case | |>> |> all that could happen is someone could do a man in the middle attack |>> |> and give you a different kernel but thats pretty unlikely. |>> | |>> |We all trust that it is pretty unlikely and press "ignore", but one |>> | day some bad actor may do damage. Our handling or PGP keys is not |>> | secure and consistent enough. |> |> Maybe zypper should display the info you posted that shows the key's |> provider, instead of offering the 'ignore' option. | |It is not that simple. The key I queried using the program pgp can not |be added to zypper, they are independent databases and methods. And in |this case, the key was expired. Further, to my knowledge there is not a |policy about what can or should a user do when there is a problem with |the pgp key of a repository or a package fails. How to act, who to |contact, etc. | |Ignoring the problem is not the correct way to go. Someday it will bite |us. But it is basically the only thing users can do. Probably I misunderstood what you were trying to convey with the method for displaying
On 2021-05-07 15:32:28 Carlos E. R. wrote: the key as you did; I thought it was a way of identifying the package's owner so that one could notify that the key was missing, which (in lieu of having zypper do it) would be the best option for whoever is trying to install the package.
Leslie -- openSUSE Leap 15.2 x86_64
I should probably have used the command: gpg2 --search-keys f6e74bf5 prior I just simply did not know. Is there a complete list of keys available for the openSUSE OS? Either way thanks for all the help on this matter. :|
On 08/05/2021 09.03, -pj wrote: ...
I should probably have used the command: gpg2 --search-keys f6e74bf5 prior I just simply did not know.
Is there a complete list of keys available for the openSUSE OS?
Certainly not. :-o {surprise} -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
-pj composed on 2021-05-06 14:44 (UTC-0500):
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
Please detail the meaning of "not working". -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
My apologies. The command was not completing after I tried to pass it. I had to use ctrl-c to revive command prompt. On 5/6/21 3:02 PM, Felix Miata wrote:
-pj composed on 2021-05-06 14:44 (UTC-0500):
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
Please detail the meaning of "not working".
Well the command took a while to complete (The laptop has an issue with Mesa3d) the bug report is here: > https://bugs.kde.org/show_bug.cgi?id=436054 I do not know how to file the Mesa3D bug report here: > https://docs.mesa3d.org/bugs.html So when I passed the "zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586" command (No fancy time wheel is displayed just a white cursor). Either way it failed with output of looking for dependencies or something like that. Perhaps I should have documented that more closely. hmm On 5/6/21 3:35 PM, -pj wrote:
My apologies. The command was not completing after I tried to pass it. I had to use ctrl-c to revive command prompt.
On 5/6/21 3:02 PM, Felix Miata wrote:
-pj composed on 2021-05-06 14:44 (UTC-0500):
localhost:~ # zypper install --oldpackage kernel-default-5.11.16-1.1.ge06d321.i586 <- Was certainly not working.
Please detail the meaning of "not working".
-pj composed on 2021-05-06 15:45 (UTC-0500):
Well the command took a while to complete (The laptop has an issue with Mesa3d) the bug report is here: > https://bugs.kde.org/show_bug.cgi?id=436054
When you wish zypper to be verbose, use the usual verbose switch zypper -v install yada........ man zypper -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
participants (5)
-
-pj -
Carlos E. R. -
Felix Miata -
J Leslie Turriff -
Simon Lees