Closed kjetil-kilhavn closed 2 years ago
Hello @kjetil-kilhavn, I'm sorry for the very late response to this. Our test-suite did not include a package manager for rpm packages that verify signatures of the repomd.xml (just the rpms themselves). This should now be fixed
Make sure you are running the latest version of jotta-cli before reporting an issue.
jotta-cli release (
jotta-cli version
): jottad version : 0.12.51202 remote version : not checked jotta-cli version : 0.12.51202Description of problem: Unable to upgrade from repository https://repo.jotta.us/redhat with openSUSE YaST2 due to untrusted GPG key
Expected: Repository is secured with valid and trusted GPG key
jotta-cli status (
jotta-cli status
): Not relevantRelevant logs for the issue (
~/.jottad/jottabackup.log or /var/lib/jotta/jottabackup.log
) Not relevantTraceback Not relevant
Additional info: Output from YaST2 when refreshing repository: File repomd.xml from repository Jottacloud CLI https://repo.jotta.us/redhat is signed with the following GnuPG key, but the integrity check failed:
ID: 7DEFBCE9947F9F0F Fingerprint: E2CB EED2 DECB 21BF 686A B4B3 7DEF BCE9 947F 9F0F Name: Jottacloud Packaging Team packaging@jottacloud.com Created: 23. okt. 2017 Expires: 22. okt. 2022
The file has been changed, either by accident or by an attacker, since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
It's been reporting this error for some days now. First I expected it to go over - that it was just a temporary problem - now I am not so sure about that.