PDA

View Full Version : Signature verification failed for file 'repomd.xml'



swadm
26-Sep-2014, 08:25
Hi. it appears that multiple servers, after a successful update yesterday, report the following issue with 'repomd.xml':


host:~ # zypper lu
Refreshing service 'nu_novell_com'.
Removing repository 'SLE11-Security-Module' [done]
Retrieving repository 'SLES11-SP3-Updates' metadata [-]
Signature verification failed for file 'repomd.xml' from repository 'SLES11-SP3-Updates'.
Warning: This might be caused by a malicious change in the file!
Continuing might be risky. Continue anyway? [yes/no] (no):
Retrieving repository 'SLES11-SP3-Updates' metadata [error]
Repository 'SLES11-SP3-Updates' is invalid.
[|] Valid metadata not found at specified URL(s)
Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Disabling repository 'SLES11-SP3-Updates' because of the above error.
Loading repository data...
Reading installed packages...
No updates found.
host:~ #


Anyone observing similar effects?

What would be the most appropriate reaction?

Thanks and regards, Thomas

wtbt
26-Sep-2014, 08:31
Hi!
Tried to run online update on a bunch of Novell-delivered SLES 11 SP3 64-bit this morning. This came out:

Validation Check Failed

File repomd.xml from repository SLES11-SP3-Updates
https://nu.novell.com/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64?credentials=N
is signed with the following GnuPG key, but the integrity check failed:

ID: E3A5C360307E3D54
Fingerprint: 4E98 E675 19D9 8DC7 362A 5990 E3A5 C360 307E 3D54
Name: SuSE Package Signing Key <build@suse.de>
Created: 03/18/14
Expires: 03/17/18

This means that the file has been changed by accident or by an attacker
since the repository creator signed it. Using it is a big risk
for the integrity and security of your system.

Use it anyway?


[Yes] [No]

In this situation I'm not so happy answering "yes" to this one.

tobimat80
26-Sep-2014, 14:00
Hi,

I have the same issue here:


Checking whether to refresh metadata for SLES11-SP3-Updates
Retrieving: repomd.xml [done]
Repository 'SLES11-SP3-Updates' is up to date.
Building repository 'SLES11-SP3-Updates' cache [done]
Error building the cache:
[|] Failed to cache repo (1).
History:
- Project-Id-Version: YaST (@memory@)
Report-Msgid-Bugs-To:
POT-Creation-Date: 2011-08-04 01:13+0200
PO-Revision-Date: 2007-08-22 14:13+0200
Last-Translator: proofreader <i18n@suse.de>
Language-Team: English <i18n@suse.de>
Language: en
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Plural-Forms: nplurals=2; plural=n != 1;


Skipping repository 'SLES11-SP3-Updates' because of the above error.
Some of the repositories have not been refreshed because of an error.

Any ideas?

malcolmlewis
26-Sep-2014, 16:07
Hi
I have asked my SUSE contacts if there are any known issues, with
mirrors etc. Stay tuned ;)

abrigante
26-Sep-2014, 16:45
I can't even mirror it at all ...

Mirroring: https://nu.novell.com/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/
Target: /srv/www/htdocs/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64
D /srv/www/htdocs/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/.repodata/repomd.xml
SMT::Parser::RpmMdLocation Invalid XML in '/srv/www/htdocs/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/.repodata/repomd.xml':
not well-formed (invalid token) at line 1, column 0, byte 0 at /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi/XML/Parser.pm line 187
Finished downloading and parsing the metadata, going to download the rest of the files...
D /srv/www/htdocs/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/.repodata/repomd.xml.asc
D /srv/www/htdocs/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/.repodata/repomd.xml.key
=> Finished mirroring 'https://nu.novell.com/repo/$RCE/SLES11-SP3-Updates/sle-11-x86_64/'
=> Total files : 3
=> Total transferred files : 3
=> Total transferred file size : 1621 bytes (1.58 KB)
=> Total linked files : 0
=> Total copied files : 0
=> Files up to date : 0
=> Errors : 1
=> Mirror Time : 00:00:01
=> New security updates : 0
=> New recommended updates : 0

lumentouch
26-Sep-2014, 17:28
Hi
I have asked my SUSE contacts if there are any known issues, with
mirrors etc. Stay tuned ;)

Does anyone have a work-around to get a known good copy of Bash 3.33 installed?

Thanx.

swadm
29-Sep-2014, 07:06
Does anyone have a work-around to get a known good copy of Bash 3.33 installed?

Thanx.

Seems the issue is gone today.
Does anybody have an explanation for these effects?

Thanks, Thomas

pattymackay
01-Oct-2014, 14:38
I updated my sles11sp3/oes11sp2 servers on Monday, September 29th. Thought I'd check today (October 1st) and I'm having this same error.

Suggestions?

pattymackay
01-Oct-2014, 19:10
It is working now as of 2:10 p.m. EST Oct 1, 2014.

swadm
10-Oct-2014, 12:45
seems there has been a wrong timestamp on repomd.xml

Now it's working again:


host:~ # zypper ref
Repository 'SUSE-Linux-Enterprise-Server-11-SP3 11.3.3-1.138' is up to date.
Repository 'SUSE-Linux-Enterprise-Software-Development-Kit-11-SP3 11.3.3-1.69' is up to date.
Repository 'SLES11-SP3-Extension-Store' is up to date.
Repository 'SLES11-SP3-Pool' is up to date.
Repository 'SLES11-SP3-Updates' is up to date.
All repositories have been refreshed.
host:~ #

I heard Novell is preparing a permanent fix for that.

HTH, Thomas