http://bugzilla.opensuse.org/show_bug.cgi?id=1130292 Bug ID: 1130292 Summary: After fresh install of Leap 15 can not apply patches zypper provides packages with wrong check sums Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: 64bit OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kiv@mail.orbitel.bg QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 801023 --> http://bugzilla.opensuse.org/attachment.cgi?id=801023&action=edit Screen shot with the error message during a try to download the current patches After fresh install of openSUSE Leap 15.0 from today I can not apply the packages updates. I have got a message window where is stated that: "The software is not from a trusted source. Do not update packages unless you are sure it is safe to do so". Please see the attached here screen shot. Also I can not install any software from zypper. Also trying to install for example openvpn, I have got following: # zypper in openvpn Loading repository data... Reading installed packages... Resolving package dependencies... The following package is going to be upgraded: openvpn 1 package to upgrade. Overall download size: 562,0 KiB. Already cached: 0 B. No additional space will be used or freed after the operation. Continue? [y/n/...? shows all options] (y): Retrieving package openvpn-2.4.3-lp150.3.3.1.x86_64 (1/1), 562,0 KiB ( 1,3 MiB unpacked) Retrieving delta: ./x86_64/openvpn-2.4.3-lp150.2.10_lp150.3.3.1.x86_64.drpm, 45,5 KiB Retrieving: openvpn-2.4.3-lp150.2.10_lp150.3.3.1.x86[done (402 B/s)] Warning: Digest verification failed for file 'openvpn-2.4.3-lp150.2.10_lp150.3.3.1.x86_64.drpm' [/var/cache/zypp/packages/repo-update/x86_64/openvpn-2.4.3-lp150.2.10_lp150.3.3.1.x86_64.drpm] expected 7a363f8c181d7ef2d4d8ecf3fc1935f695729f48d1fbac24af737d145cc35f0a but got 1574ad2d6e2bab21ebfa88c314fa9a0ac5b5ba87301bea4f1c53fd517e755db8 Accepting packages with wrong checksums can lead to a corrupted system and in extreme cases even to a system compromise. However if you made certain that the file with checksum '1574..' is secure, correct and should be used within this operation, enter the first 4 characters of the checksum to unblock using this file on your own risk. Empty input will discard the file. Unblock or discard? [1574/...? shows all options] (discard): Can we expect that last night the openSUSE Lep repository get hacked? Or maybe some thing wrong happened in the production of the patches? If in realty there is a security bridge in the repository as it looks like, please check this this issue and please possibly recover the repositories to its initial stable and secure state as users are expecting. -- You are receiving this mail because: You are on the CC list for the bug.