Repository signing key of Backport repository missing in Vagrant box for Leap 15.5
Hi, I'm using this box with Vagrant and VirtualBox: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Image... Unfortunately, the image doesn't include the current repository signing key of http://download.opensuse.org/update/leap/15.5/backports/ IMHO `zypper ref` should be called even on the first run without any interaction. Only the key of the backport repository is missing. localhost:/etc/zypp # zypper ref New repository or package signing key received: Repository: Update repository of openSUSE Backports Key Fingerprint: F044 C2C5 07A1 262B 538A AADD 8A49 EB03 25DB 7AE0 Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org> Key Algorithm: RSA 4096 Key Created: Wed May 10 14:46:12 2023 Key Expires: Sun May 9 14:46:12 2027 Rpm Name: gpg-pubkey-25db7ae0-645bae34 Note: Signing data enables the recipient to verify that no modifications occurred after the data were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system and in extreme cases even to a system compromise. Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If you are not sure whether the presented key is authentic, ask the repository provider or check their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they are using. Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): a Retrieving repository 'Update repository of openSUSE Backports' metadata .......................................................................................................................[done] Building repository 'Update repository of openSUSE Backports' cache ............................................................................................................................[done] Retrieving repository 'Non-OSS Repository' metadata ............................................................................................................................................[done] Building repository 'Non-OSS Repository' cache .................................................................................................................................................[done] Retrieving repository 'Open H.264 Codec (openSUSE Leap)' metadata ..............................................................................................................................[done] Building repository 'Open H.264 Codec (openSUSE Leap)' cache ...................................................................................................................................[done] Retrieving repository 'Main Repository' metadata ...............................................................................................................................................[done] Building repository 'Main Repository' cache ....................................................................................................................................................[done] Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ..................................................................................................[done] Building repository 'Update repository with updates from SUSE Linux Enterprise 15' cache .......................................................................................................[done] Retrieving repository 'Main Update Repository' metadata ........................................................................................................................................[done] Building repository 'Main Update Repository' cache .............................................................................................................................................[done] Retrieving repository 'Update Repository (Non-Oss)' metadata ...................................................................................................................................[done] Building repository 'Update Repository (Non-Oss)' cache ........................................................................................................................................[done] All repositories have been refreshed. With Leap 15.4, I do not have this issue: localhost:/home/vagrant # zypper ref Warning: The gpg key signing file 'repomd.xml' has expired. Repository: Update repository of openSUSE Backports Key Fingerprint: 637B 32FF 3D83 F07A 7AE1 C40A 9C21 4D40 6517 6565 Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org> Key Algorithm: RSA 2048 Key Created: Fri Nov 26 14:26:23 2021 Key Expires: Sun Feb 4 14:26:23 2024 (EXPIRED) Rpm Name: gpg-pubkey-65176565-61a0ee8f Retrieving repository 'Update repository of openSUSE Backports' metadata ........................................................................[done] Building repository 'Update repository of openSUSE Backports' cache .............................................................................[done] Retrieving repository 'Non-OSS Repository' metadata .............................................................................................[done] Building repository 'Non-OSS Repository' cache ..................................................................................................[done] Retrieving repository 'Main Repository' metadata ................................................................................................[done] Building repository 'Main Repository' cache .....................................................................................................[done] Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata ...................................................[done] Building repository 'Update repository with updates from SUSE Linux Enterprise 15' cache ........................................................[done] Retrieving repository 'Main Update Repository' metadata .........................................................................................[done] Building repository 'Main Update Repository' cache ..............................................................................................[done] Retrieving repository 'Update Repository (Non-Oss)' metadata ....................................................................................[done] Building repository 'Update Repository (Non-Oss)' cache .........................................................................................[done] All repositories have been refreshed. Btw., where are the repository keys located in the filesystem? "The internet" is suggesting "/var/cache/zypp/pubkeys", but there is no such directory under /var/cache/zypp. Regards, Gregor
On 2024-04-02 11:35, Gregor Dschung wrote:
Hi,
I'm using this box with Vagrant and VirtualBox: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Image...
...
Btw., where are the repository keys located in the filesystem? "The internet" is suggesting "/var/cache/zypp/pubkeys", but there is no such directory under /var/cache/zypp.
Maybe "/usr/lib/rpm/gnupg/" ? I don't think so, though. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
Tue, 02 Apr 2024 09:35:19 -0000 "Gregor Dschung" <opensuse@dschung.de>:
Btw., where are the repository keys located in the filesystem?
In /usr/lib/sysimage/rpm/, they are handled as ordinary rpm packages. Use "rpm -qa|grep ^gpg-" to list them. I guess there is a new key, which was not known at the time 15.5 was released. The prj does not use the :Update channel, it is using the initial release state. Olaf
participants (3)
-
Carlos E. R. -
Gregor Dschung -
Olaf Hering