Mailinglist Archive: opensuse-support (159 mails)

< Previous Next >
[opensuse-support] Tumbleweed: repository signature verification started failing for private repo
  • From: Robert Munteanu <robert.munteanu@xxxxxxxxx>
  • Date: Fri, 8 Jun 2018 00:20:44 +0300
  • Message-id: <CAC8ULPYUgWWadiX6a=URQc6Qudch+gKTMi_t1KwPnNmfYvbW-A@mail.gmail.com>
Hi,

For some time I've been using a private repo for various programs I've
repackaged. It's a very simple setup based on createrepo.

Now my TW machine refuses to use this repo, complaining that

File 'repomd.xml' from repository 'lmn_private' is signed with an
unknown key '.....'

I've done the following checks:

1. Downloaded $REPO/repodata/repomd.xml
2. Downloaded $REPO/repodata/repomd.xml.asc
3. Ran gpg --verify repomd.xml.asc repomd.xml

The output matches the key reported by zypper.

4. Verified that the key is known to rpm using rpm -qi gpg-pubkey-...-.....

The body of the key known to RPM and the public key used to sign the
packages are identical.

The verification fails on my TW machine, with

zypper-1.14.5-1.1.x86_64
libzypp-17.3.1-1.1.x86_64

But works on a Leap 42.3 server with

zypper-1.13.32-5.12.1.x86_64
libzypp-16.15.6-5.12.1.x86_64

I'm not sure where to go next from here, what else can I try?

Thanks,

Robert
--
http://robert.muntea.nu/
--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups