http://bugzilla.opensuse.org/show_bug.cgi?id=1056923 Bug ID: 1056923 Summary: zypper/rpm cannot verify chrome repo with subkeys Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@forge.provo.novell.com Reporter: bwiedemann@suse.com QA Contact: qa-bugs@suse.de CC: mls@suse.com Found By: Development Blocker: --- Steps To Reproduce: zypper ar http://dl.google.com/linux/chrome/rpm/stable/x86_64 google-chrome zypper ref File 'repomd.xml' from repository 'google-chrome' is signed with an unknown key '1397BC53640DB551'. Continue? [yes/no] (no): gpg --recv-key 0x1397BC53640DB551 gpg --export -a 0x1397BC53640DB551 > linux_signing_key.pub rpmkeys --import linux_signing_key.pub # rpm -qa|grep pubkey gpg-pubkey-7fac5991-4615767f gpg-pubkey-3dbdc284-53674dd4 gpg-pubkey-c862b42c-57a2e70b gpg-pubkey-d38b4796-570c8cd3 gpg-pubkey-1abd1afb-54176598 gpg-pubkey-307e3d54-4be01a65 so rpm only knows about the main pubkey but not about the subkeys and thus zypper ref still cannot verify the repo # gpg --edit-key 0x1397BC53640DB551 gpg (GnuPG) 2.1.22; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. pub rsa4096/7721F63BD38B4796 created: 2016-04-12 expires: never usage: SC trust: unknown validity: unknown sub rsa4096/1397BC53640DB551 created: 2016-04-12 expires: 2019-04-12 usage: S sub rsa4096/6494C6D6997C215E created: 2017-01-24 expires: 2020-01-24 usage: S was also reported at https://forums.opensuse.org/showthread.php/526158-sudden-google-chrome-is-si... and I guess it will re-occur every year when google rotates its signing key -- You are receiving this mail because: You are on the CC list for the bug.