Bugzilla – Bug 1223095
Repository "Validation Check Failed"
Last modified: 2024-07-16 15:33:58 UTC
Going from Yast2 to Software Manager, in the last couple months I've started getting a popup saying: Validation Check Failed (in bold) File repomd.xml from repository update-sle (15.5) http://cdn.opensuse.org/update/leap/15.5/sle is signed with the following GnuPG key, but the integrity check failed: ID: 70AF9E8139DB7C82 Fingerprint: FEAB 5025 39D8 46DB 2C09 61CA 70AF 9E81 39DB 7C82 Name: SuSE Package Signing Key <build@suse.de> Created: 09/21/2020 Expires: 09/20/2024 The file has been changed, either by accident or by an attacker, since the repository creator signed it. Using it is a big risk for the integrity and security of your system. Use it anyway? Y/N Ive gone to https://en.opensuse.org/openSUSE:Signing_Keys and looked for a matching key, but don't see one. So I hesitate to blindly trust it. What's the deal with repo signatures suddenly breaking? I've ignored this for a few months thinking it was probably a temporary mistake that would get resolved, but so far hasn't gone away.
This is clearly not a YaST problem. If you don't know, please use Bugzilla component "Other".
I had this problem too but only on one of my computers that runs openSUSE Leap 15.5. I found that the problem occurred on a repository where the URL of the repository started with 'cdn:'. The list of repositories shown in Yast had both those where the URL started 'http:' as well as those starting 'cdn:'. The computers without the problem did not have the URL starting 'cdn:'. Running 'zypper rs openSUSE' solved the problem in my case so the problem appears to be in the openSUSE software management service.
Hi Lubos, would you please help to take a look at this issue? I assign it to you because I have no idea whom to assign, thanks.