Bugzilla – Bug 1214395
CDN repo-non-oss signature verification failed
Last modified: 2023-10-09 08:28:52 UTC
After switching to CDN repos on Tumbleweed I some days get "Signature verification failed for file 'repomd.xml' from repository 'repo-non-oss'.", currently this has been going on for a few days now. Haven't noticed this for other repos (repo-oss for example). Full error: >> > sudo zypper ref >> Signature verification failed for file 'repomd.xml' from repository 'repo-non-oss'. >> >> Note: Signing data enables the recipient to verify that no modifications occurred after the data >> were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system >> and in extreme cases even to a system compromise. >> >> Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the >> whole repo. >> >> Warning: This file was modified after it has been signed. This may have been a malicious change, >> so it might not be trustworthy anymore! You should not continue unless you know it's safe. >> >> Signature verification failed for file 'repomd.xml' from repository 'repo-non-oss'. Continue? [yes/no] (no): >> Retrieving repository 'repo-non-oss' metadata .......................................................................................[error] >> Repository 'repo-non-oss' is invalid. >> [openSUSE:repo-non-oss|http://cdn.opensuse.org/tumbleweed//repo/non-oss] Valid metadata not found at specified URL >> History: >> - Signature verification failed for repomd.xml >> - Can't provide /repodata/repomd.xml >> >> Please check if the URIs defined for this repository are pointing to a valid repository. >> Skipping repository 'repo-non-oss' because of the above error.
@David, is the issue resolved, or do those incidents persist for you? If yes, please attatch your /var/log/zypper.log after such a failure. Maybe it contains some more hints to investigate this on CDN.
Created attachment 869117 [details] zypper-logs.txt
(In reply to Michael Andres from comment #1) > @David, is the issue resolved, or do those incidents persist for you? > If yes, please attatch your /var/log/zypper.log after such a failure. Maybe > it contains some more hints to investigate this on CDN. I don't think I've experienced this after reporting it. Found some logs related to the bad signature, attached the whole log for that run. > 2023-08-17 16:15:00 <1> db-pc(28275) [zypp::KeyRing++] KeyRing.cc(publicKeyExists):438 Found key [35A2F86E29B700A4] in keyring /var/tmp/zypp.GxqxbY/zypp-general-krgoMuQ1 > 2023-08-17 16:15:00 <1> db-pc(28275) [zypp::gpg++] KeyManager.cc(createForOpenPGP):282 createForOpenPGP(/var/tmp/zypp.GxqxbY/zypp-trusted-krAq6OG6) > 2023-08-17 16:15:00 <1> db-pc(28275) [zypp::gpg++] KeyManager.cc(readSignaturesFprsOptVerify):232 Found signature with ID: 35A2F86E29B700A4 in /var/tmp/AP_0xkyLxXJ/repodata/repomd.xml > 2023-08-17 16:15:00 <2> db-pc(28275) [zypp::gpg] KeyManager.cc(readSignaturesFprsOptVerify):245 Failed signature check: /var/tmp/AP_0xkyLxXJ/repodata/repomd.xml <GPGME> Bad signature
Repo metadata(repomd.xml) and their gpg signature(repomd.xml.asc) are two files which must fit together. In case you hit the server in the midst of updating them, the signature verification might fail. After a few minutes, when the server updated it's data, it should work again. We'll add a note about this to the error message. Closing the bug for now.
(In reply to Michael Andres from comment #4) > Repo metadata(repomd.xml) and their gpg signature(repomd.xml.asc) are two > files which must fit together. In case you hit the server in the midst of > updating them, the signature verification might fail. > After a few minutes, when the server updated it's data, it should work again. > > We'll add a note about this to the error message. > Closing the bug for now. The mirror that I'm hitting must've had problems with updates since it didn't recover in minutes or hours. But thanks for looking into it.
SUSE-RU-2023:3937-1: An update that has four fixes can now be installed. Category: recommended (moderate) Bug References: 1213854, 1214292, 1214395, 1215007 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): zypper-1.14.64-150100.3.87.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): zypper-1.14.64-150100.3.87.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): zypper-1.14.64-150100.3.87.1 SUSE CaaS Platform 4.0 (src): zypper-1.14.64-150100.3.87.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2023:3973-1: An update that has four fixes can now be installed. Category: recommended (moderate) Bug References: 1213854, 1214292, 1214395, 1215007 Sources used: openSUSE Leap 15.4 (src): zypper-1.14.64-150400.3.32.1 openSUSE Leap 15.5 (src): zypper-1.14.64-150400.3.32.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): zypper-1.14.64-150400.3.32.1 SUSE Linux Enterprise Micro 5.3 (src): zypper-1.14.64-150400.3.32.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): zypper-1.14.64-150400.3.32.1 SUSE Linux Enterprise Micro 5.4 (src): zypper-1.14.64-150400.3.32.1 Basesystem Module 15-SP4 (src): zypper-1.14.64-150400.3.32.1 Basesystem Module 15-SP5 (src): zypper-1.14.64-150400.3.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2023:4006-1: An update that has four fixes can now be installed. Category: recommended (moderate) Bug References: 1213854, 1214292, 1214395, 1215007 Sources used: SUSE Manager Retail Branch Server 4.2 (src): zypper-1.14.64-150200.62.1 SUSE Manager Server 4.2 (src): zypper-1.14.64-150200.62.1 SUSE Enterprise Storage 7.1 (src): zypper-1.14.64-150200.62.1 SUSE Enterprise Storage 7 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Micro 5.1 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Micro 5.2 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): zypper-1.14.64-150200.62.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): zypper-1.14.64-150200.62.1 SUSE Manager Proxy 4.2 (src): zypper-1.14.64-150200.62.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.