While installing few packages in SUSE 15 SP3 server getting the below error message.
Example command:
- zypper --gpg-auto-import-keys refresh
Warning: File 'repomd.xml' from repository 'Clustering (SLE_15_SP3)' is unsigned.
Note: Signing data enables the recipient to verify that no modifications occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
whole repo.
Warning: We can't verify that no one meddled with this file, so it might not be trustworthy
anymore! You should not continue unless you know it's safe.
File 'repomd.xml' from repository 'Clustering (SLE_15_SP3)' is unsigned, continue? [yes/no] (no): done]
- zypper -n install -y hwloc mariadb mariadb-tools libmariadb-devel
hwloc-data-2.7.1-150300.53.1.noarch.rpm:
Header V3 RSA/SHA256 Signature, key ID 62eb1a0917280ddf: NOKEY
V3 RSA/SHA256 Signature, key ID 62eb1a0917280ddf: NOKEY
warning: /var/tmp/AP_0xCsLQuN/noarch/hwloc-data-2.7.1-150300.53.1.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 17280ddf: NOKEY
Looking for gpg key ID 17280DDF in cache /var/cache/zypp/pubkeys.
Looking for gpg key ID 17280DDF in repository Clustering (SLE_15_SP3).
gpgkey=https://download.opensuse.org/repositories/network:/cluster/SLE_15_SP3/repodata/repomd.xml.key
Retrieving: repomd.xml.key [done]
New repository or package signing key received:
Repository: Clustering (SLE_15_SP3)
Key Fingerprint: 0080 689B E757 A876 CB7D C269 62EB 1A09 1728 0DDF
Key Name: network OBS Project <network@build.opensuse.org>
Key Algorithm: RSA 2048
Key Created: Wed May 25 18:14:43 2022
Key Expires: Fri Aug 2 18:14:43 2024
Rpm Name: gpg-pubkey-17280ddf-628e6403
Note: Signing data enables the recipient to verify that no modifications occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
and in extreme cases even to a system compromise.
Note: A GPG pubkey is clearly identified by it's fingerprint. Do not rely the keys name. If you
are not sure whether the presented key is authentic, ask the repository provider or check his
web site. Many provider maintain a web page showing the fingerprints of the GPG keys they are
using.
Do you want to reject the key, or trust always? [r/a/?] (r): r
hwloc-data-2.7.1-150300.53.1.noarch (Clustering (SLE_15_SP3)): Signature verification failed [4-Signatures public key is not available]
Abort, retry, ignore? [a/r/i] (a): a
Could some one know how to avoid the “Signature verification failed” error.
Note: The error started appearing from the latest AMI (ami-01b4ec4929dcafee0) suse-sles-15-sp3-v20220309-hvm-ssd-x86_64). Before that everything worked fine.