On Friday 28 October 2016 01:16:26 Joe Damato wrote: > Greetings: > > I was confused earlier today when trying to add a GPG-signed rpm-md > type repository to my system. I noticed that zypper was listing the > repository as not being signed. zypper refresh was telling me that the > repository was signed with an unknown key and zypper lr was listing > the repository as not supporting repo_gpgcheck. > > After some digging around the libzypper source (14.43.0) on my system > (openSUSE 13.2) I believe I've tracked down the issue. > > The call to publicKeyExists in > KeyRing::Impl::verifyFileSignatureWorkflow checks if the > repomd.xml.asc signature's key ID is known. If the repomd.xml.asc was > signed with a subkey of a GPG key (instead of a primary key), this > check will fail even though the call to VerifyFile would succeed. > > Is this a known issue?
No. Thanks for hunting and reporting it. I opened a bug at https://bugzilla.suse.com/show_bug.cgi?id=1008325 Please be so kind to attach your repomd.xml, .asc and .key file to the bug, so we can verify a fix. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres SUSE LINUX GmbH, Development, m...@suse.com Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 74 053-0 +------------------------------------------------------------------+ SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscr...@opensuse.org To contact the owner, e-mail: zypp-devel+ow...@opensuse.org