Bug 1212134

Summary: [Build 20230607-1] Package hub signing key verification failure
Product: [openSUSE] PUBLIC SUSE Linux Enterprise Server 15 SP5 Reporter: Sofia Syrianidou <sofia.syrianidou>
Component: OtherAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact:
Severity: Normal    
Priority: P5 - None CC: aalzayed, bschubert
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://openqa.suse.de/tests/11276693/modules/generate_dud/steps/22
Whiteboard:
Found By: openQA Services Priority:
Business Priority: Blocker: Yes
Marketing QA Status: --- IT Deployment: ---

Description Sofia Syrianidou 2023-06-08 08:58:03 UTC 
On SLE 15 SP5 system, while attempting to add the Package Hub repo, results in failure due to errors with the signing key.

---------------------------------------------
New repository or package signing key received:

  Repository:       SUSE-PackageHub-15-SP5-Backports-Pool>  
  Key Fingerprint:  F044 C2C5 07A1 262B 538A AADD 8A49 EB03 25DB 7AE0
  Key Name:         openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org>
  Key Algorithm:    RSA 4096
  Key Created:      Wed May 10 10:46:12 2023
  Key Expires:      Sun May  9 10:46:12 2027
  Rpm Name:         gpg-pubkey-25db7ae0-645bae34



    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
    you are not sure whether the presented key is authentic, ask the repository provider or check
    their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
    are using.

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): r
Error building the cache:
[SUSE_Package_Hub_15_SP5_x86_64:SUSE-PackageHub-15-SP5-Backports-Pool|https://updates.suse.com/SUSE/Backports/SLE-15-SP5_x86_64/standard?yEFYxb1yeou_H-cSQU90-10PXK8BbguhkssvrPLfgNvmSpgfC9-XtwlrmLqhYTow66Mjhh_6J37eqHiGVPj23yhNrxFAJJROoyo1aS0NdKKRXhKaBlCCsdtqJaKEgJpr_1nqsG35zJo] Valid metadata not found at specified URL
History:
 - Signature verification failed for repomd.xml
 - Can't provide /repodata/repomd.xml

Warning: Skipping repository 'SUSE-PackageHub-15-SP5-Backports-Pool' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...
Package 'python3-Django' not found.
--------------------------

Some openQA tests that require installation of packages from Package Hub fail.

Example:
## Observation

openQA test in scenario sle-15-SP5-Server-DVD-Updates-x86_64-generate_dud@64bit fails in
[generate_dud](https://openqa.suse.de/tests/11276693/modules/generate_dud/steps/22)

## Test suite description
The base test suite is used for job templates defined in YAML documents. It has no settings of its own.


## Reproducible

Fails since (at least) Build [20230607-1](https://openqa.suse.de/tests/11275830)


## Expected result

Last good: [20230606-1](https://openqa.suse.de/tests/11267610) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Server-DVD-Updates&machine=64bit&test=generate_dud&version=15-SP5)
Comment 1 OBSbugzilla Bot 2023-07-04 10:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1212134) was mentioned in
https://build.opensuse.org/request/show/1096745 15.5 / JeOS
Comment 2 OBSbugzilla Bot 2023-07-04 13:45:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1212134) was mentioned in
https://build.opensuse.org/request/show/1096803 15.5:ARM:Images / JeOS
Comment 3 Marcus Meissner 2023-10-19 07:46:03 UTC 
we solved this I hope