leap 15.4 and Update repository with updates from SUSE Linux Enterprise 15
First I've seen this. I've recently installed packages like this and NOT seen this. Is it something to worry about? # zypper install somepackage Retrieving repository 'Packman Repository' metadata ..........................................................................................................................................[done] Building repository 'Packman Repository' cache ...............................................................................................................................................[done] Retrieving repository 'Update repository of openSUSE Backports' metadata .....................................................................................................................[done] Building repository 'Update repository of openSUSE Backports' cache ..........................................................................................................................[done] Warning: File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned. Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise. Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the whole repo. Warning: We can't verify that no one meddled with this file, so it might not be trustworthy anymore! You should not continue unless you know it's safe. File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned, continue? [yes/no] (no): no Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ...............................................................................................[error] Repository 'Update repository with updates from SUSE Linux Enterprise 15' is invalid. [repo-sle-update|http://download.opensuse.org/update/leap/15.4/sle/] Valid metadata not found at specified URL History: - Signature verification failed for repomd.xml - Can't provide /repodata/repomd.xml Please check if the URIs defined for this repository are pointing to a valid repository. Warning: Skipping repository 'Update repository with updates from SUSE Linux Enterprise 15' because of the above error. Some of the repositories have not been refreshed because of an error. Loading repository data... Not seen this.
On 2022-06-23 14:24, Mark Hounschell wrote:
First I've seen this. I've recently installed packages like this and NOT seen this. Is it something to worry about?
I think so, yes.
# zypper install somepackage
...
Retrieving repository 'Update repository of openSUSE Backports' metadata .....................................................................................................................[done]
Building repository 'Update repository of openSUSE Backports' cache ..........................................................................................................................[done]
Warning: File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned. -- Cheers / Saludos,
Carlos E. R. (from Elesar, using openSUSE Leap 15.3)
On 6/23/22 07:24, Mark Hounschell wrote:
First I've seen this. I've recently installed packages like this and NOT seen this. Is it something to worry about? <snip>
Warning: File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned.
That isn't necessarily nefarious. It could just mean there was a failure in the gpg signing after createrepo --update was run. It's not saying the signature exists and is different from the stored signature, it's just saying the signature doesn't exist for this repomd.xml <snip>
File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned, continue? [yes/no] (no): no Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ...............................................................................................[error]
It can also be due to mirror sync problems or a whole host of other "screw ups" which is much more likely than being the result of "I've been hacked". I'd try a different direct mirror like http://ftp5.gwdg.de/pub/opensuse/update/leap/15.4/sle/ and see if the issue persists. If it doesn't, it's likely a timing or mirror sync issue -- but worth checking out regardless the cause. -- David C. Rankin, J.D.,P.E.
Le 25/06/2022 à 08:42, David C. Rankin a écrit :
If it doesn't, it's likely a timing or mirror sync issue -- but worth checking out regardless the cause.
On a side note, this happens regularly when I'm using the Apt-Cacher-NG proxy with Zypper. -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12
On 2022-06-25 09:41, Nicolas Kovacs wrote:
Le 25/06/2022 à 08:42, David C. Rankin a écrit :
If it doesn't, it's likely a timing or mirror sync issue -- but worth checking out regardless the cause.
On a side note, this happens regularly when I'm using the Apt-Cacher-NG proxy with Zypper.
Well, there you have. That proxy is interfering. -- Cheers / Saludos, Carlos E. R. (from Elesar, using openSUSE Leap 15.3)
On 6/23/22 08:24, Mark Hounschell wrote:
First I've seen this. I've recently installed packages like this and NOT seen this. Is it something to worry about?
# zypper install somepackage
Retrieving repository 'Packman Repository' metadata ..........................................................................................................................................[done]
Building repository 'Packman Repository' cache ...............................................................................................................................................[done]
Retrieving repository 'Update repository of openSUSE Backports' metadata .....................................................................................................................[done]
Building repository 'Update repository of openSUSE Backports' cache ..........................................................................................................................[done]
Warning: File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned.
Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the whole repo.
Warning: We can't verify that no one meddled with this file, so it might not be trustworthy anymore! You should not continue unless you know it's safe.
File 'repomd.xml' from repository 'Update repository with updates from SUSE Linux Enterprise 15' is unsigned, continue? [yes/no] (no): no Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ...............................................................................................[error]
Repository 'Update repository with updates from SUSE Linux Enterprise 15' is invalid. [repo-sle-update|http://download.opensuse.org/update/leap/15.4/sle/] Valid metadata not found at specified URL History: - Signature verification failed for repomd.xml - Can't provide /repodata/repomd.xml
Please check if the URIs defined for this repository are pointing to a valid repository. Warning: Skipping repository 'Update repository with updates from SUSE Linux Enterprise 15' because of the above error. Some of the repositories have not been refreshed because of an error. Loading repository data...
Not seen this.
What ever the problem was, it is now working Ok. Mark
participants (4)
-
Carlos E. R. -
David C. Rankin -
Mark Hounschell -
Nicolas Kovacs