Integrity check fails for RPM repository GnuPG key

[kjetil-kilhavn]

Make sure you are running the latest version of jotta-cli before reporting an issue.

jotta-cli release (jotta-cli version): jottad version : 0.12.51202 remote version : not checked jotta-cli version : 0.12.51202

Description of problem: Unable to upgrade from repository https://repo.jotta.us/redhat with openSUSE YaST2 due to untrusted GPG key

Expected: Repository is secured with valid and trusted GPG key

jotta-cli status (jotta-cli status): Not relevant

Relevant logs for the issue (~/.jottad/jottabackup.log or /var/lib/jotta/jottabackup.log ) Not relevant

Traceback Not relevant

Additional info: Output from YaST2 when refreshing repository: File repomd.xml from repository Jottacloud CLI https://repo.jotta.us/redhat is signed with the following GnuPG key, but the integrity check failed:

ID: 7DEFBCE9947F9F0F Fingerprint: E2CB EED2 DECB 21BF 686A B4B3 7DEF BCE9 947F 9F0F Name: Jottacloud Packaging Team packaging@jottacloud.com Created: 23. okt. 2017 Expires: 22. okt. 2022

The file has been changed, either by accident or by an attacker, since the repository creator signed it. Using it is a big risk for the integrity and security of your system.

It's been reporting this error for some days now. First I expected it to go over - that it was just a temporary problem - now I am not so sure about that.

[existemi]

Hello @kjetil-kilhavn, I'm sorry for the very late response to this. Our test-suite did not include a package manager for rpm packages that verify signatures of the repomd.xml (just the rpms themselves). This should now be fixed