http://bugzilla.suse.com/show_bug.cgi?id=1088037 Bug ID: 1088037 Summary: gpgkey= entry ignored for rpm-md repositories Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@forge.provo.novell.com Reporter: ma@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Via mail to zypp-devel:
My rpm-md style repository contains *both* repository metadata GPG signatures (i.e. repomd.xml.asc) and RPM packages which have GPG signatures, created via rpm --addsign.
On a YUM-based system (e.g., CentOS 7), I simply need to list all the necessary URLs for both repository GPG and package signing public keys with gpgkey=. When I update the metadata (via yum makecache) all listed keys are automatically imported to the correct place; package signing keys into rpm db and the repository signing key into the YUM keyring.
On OpenSUSE 42.3 with zypper 1.13.40 and libzypp 16.17.10, I have noticed that none of the URLs specified with gpgkey= seem to be imported even after I run zypper --gpg-auto-import-keys refresh reponame. I have verified this by running rpm -qa | grep gpg-pubkey and saw that the keys specified in the repository configuration file were not imported to RPM DB. It seems that the only way to import a package signing key on OpenSUSE 42.3 for an rpm-md style repository is to run rpm --import file.key.
-- You are receiving this mail because: You are on the CC list for the bug.