communication #159108
openRepository 'update-sle (15.5)' is invalid.
0%
Description
$ zypper lr --uri | grep update-sle
55 | openSUSE:update-sle | update-sle (15.5) | Yes | (r ) Yes | Yes | http://cdn.opensuse.org/update/leap/15.5/sle
Doing a "zypper -v up -d" results in the following. Deleting the contents of /var/cache/zypp does not help. This has been the case for at least 2 days now.
...
Checking whether to refresh metadata for update-sle (15.5)
Retrieving: repomd.xml ...............................................................................................................................................................................................................................................................[done (916 B/s)]
Retrieving: repomd.xml.asc ...........................................................................................................................................................................................................................................................[done (481 B/s)]
Retrieving: repomd.xml.key ...........................................................................................................................................................................................................................................................[done (924 B/s)]
Retrieving: repomd.xml .........................................................................................................................................................................................................................................................................[done]
Repository: update-sle (15.5)
Key Fingerprint: FEAB 5025 39D8 46DB 2C09 61CA 70AF 9E81 39DB 7C82
Key Name: SuSE Package Signing Key build@suse.de
Key Algorithm: RSA 2048
Key Created: Mon Sep 21 09:21:47 2020
Key Expires: Fri Sep 20 09:21:47 2024
Rpm Name: gpg-pubkey-39db7c82-5f68629b
Signature verification failed for file 'repomd.xml' from repository 'update-sle (15.5)'.
Note: Signing data enables the recipient to verify that no modifications occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
whole repo.
Warning: This file was modified after it has been signed. This may have been a malicious change,
so it might not be trustworthy anymore! You should not continue unless you know it's safe.
Note: This might be a transient issue if the server is in the midst of receiving new data. The
data file and its signature are two files which must fit together. In case the request hit the
server in the midst of updating them, the signature verification might fail. After a few
minutes, when the server has updated its data, it should work again.
Signature verification failed for file 'repomd.xml' from repository 'update-sle (15.5)'. Continue? yes/no: yes
Retrieving: 432eb59088755eb918c8b75cdb13917f37c7f11405d54afa8a673d235190f93d-deltainfo.xml.gz .............................................................................................................................................................................................[not found]
Retrieving repository 'update-sle (15.5)' metadata ............................................................................................................................................................................................................................................[error]
Repository 'update-sle (15.5)' is invalid.
[openSUSE:update-sle|http://cdn.opensuse.org/update/leap/15.5/sle] Valid metadata not found at specified URL
History:
- File './repodata/432eb59088755eb918c8b75cdb13917f37c7f11405d54afa8a673d235190f93d-deltainfo.xml.gz' not found on medium 'http://cdn.opensuse.org/update/leap/15.5/sle'
- Can't provide ./repodata/432eb59088755eb918c8b75cdb13917f37c7f11405d54afa8a673d235190f93d-deltainfo.xml.gz
Please check if the URIs defined for this repository are pointing to a valid repository.
Files
Updated by vkrevs about 1 month ago
Not sure why this is marked as "Private". Can someone change it to "public" pls.
Updated by crameleon about 1 month ago
- Category set to Mirrors
- Private changed from Yes to No
Updated by vkrevs about 1 month ago
vkrevs wrote in #note-1:
Not sure why this is marked as "Private". Can someone change it to "public" pls.
Looks like the issue has been resolved. Thank you!
Updated by devzzzero 20 days ago
Hi, I am having this issue as well.
I haven't been able to do the normal update for at least a few weeks now.
Help
rm -rf /var/cache/zypp/*
zsh: sure you want to delete all 4 files in /var/cache/zypp [yn]? y
[root@D5280:x86_64-Linux5:/home/jason]# zypper refresh
Retrieving repository 'repo-non-oss (15.5)' metadata ......................................................................................................................................................................................................................................................[done]
Building repository 'repo-non-oss (15.5)' cache ...........................................................................................................................................................................................................................................................[done]
Retrieving repository 'repo-openh264 (15.5)' metadata .....................................................................................................................................................................................................................................................[done]
Building repository 'repo-openh264 (15.5)' cache ..........................................................................................................................................................................................................................................................[done]
Retrieving repository 'repo-oss (15.5)' metadata ..........................................................................................................................................................................................................................................................[done]
Building repository 'repo-oss (15.5)' cache ...............................................................................................................................................................................................................................................................[done]
Retrieving repository 'update-backports (15.5)' metadata ..................................................................................................................................................................................................................................................[done]
Building repository 'update-backports (15.5)' cache .......................................................................................................................................................................................................................................................[done]
Retrieving repository 'update-non-oss (15.5)' metadata ....................................................................................................................................................................................................................................................[done]
Building repository 'update-non-oss (15.5)' cache .........................................................................................................................................................................................................................................................[done]
Retrieving repository 'update-oss (15.5)' metadata ........................................................................................................................................................................................................................................................[done]
Building repository 'update-oss (15.5)' cache .............................................................................................................................................................................................................................................................[done]
Retrieving repository 'openSUSE:update-sle' metadata .....................................................................................................................................................................................................................................................[error]
Repository 'openSUSE:update-sle' is invalid.
[openSUSE:update-sle|http://cdn.opensuse.org/update/leap/15.5/sle] Valid metadata not found at specified URL
History:
- File './repodata/4eaf6d2cf075569d872a18074dee79d4a12c64bae6d5e481d42ca5a388c07cdb-deltainfo.xml.gz' not found on medium 'http://cdn.opensuse.org/update/leap/15.5/sle'
Please check if the URIs defined for this repository are pointing to a valid repository.
Skipping repository 'openSUSE:update-sle' because of the above error.
Retrieving repository 'Online updates for openSUSE Leap 15.5 (standard)' metadata .........................................................................................................................................................................................................................[done]
Building repository 'Online updates for openSUSE Leap 15.5 (standard)' cache ..............................................................................................................................................................................................................................[done]
Retrieving repository 'packman' metadata ..................................................................................................................................................................................................................................................................[done]
Building repository 'packman' cache .......................................................................................................................................................................................................................................................................[done]
Retrieving repository 'Update repository of openSUSE Backports' metadata ..................................................................................................................................................................................................................................[done]
Building repository 'Update repository of openSUSE Backports' cache .......................................................................................................................................................................................................................................[done]
Retrieving repository 'Non-OSS Repository' metadata .......................................................................................................................................................................................................................................................[done]
Building repository 'Non-OSS Repository' cache ............................................................................................................................................................................................................................................................[done]
Retrieving repository 'Open H.264 Codec (openSUSE Leap)' metadata .........................................................................................................................................................................................................................................[done]
Building repository 'Open H.264 Codec (openSUSE Leap)' cache ..............................................................................................................................................................................................................................................[done]
Retrieving repository 'Main Repository' metadata ..........................................................................................................................................................................................................................................................[done]
Building repository 'Main Repository' cache ...............................................................................................................................................................................................................................................................[done]
Retrieving repository 'Update repository with updates from SUSE Linux Enterprise 15' metadata .............................................................................................................................................................................................................[done]
Building repository 'Update repository with updates from SUSE Linux Enterprise 15' cache ..................................................................................................................................................................................................................[done]
Retrieving repository 'Main Update Repository' metadata ...................................................................................................................................................................................................................................................[done]
Building repository 'Main Update Repository' cache ........................................................................................................................................................................................................................................................[done]
Retrieving repository 'Update Repository (Non-Oss)' metadata ..............................................................................................................................................................................................................................................[done]
Building repository 'Update Repository (Non-Oss)' cache ...................................................................................................................................................................................................................................................[done]
Retrieving repository 'snappy' metadata ...................................................................................................................................................................................................................................................................[done]
Building repository 'snappy' cache ........................................................................................................................................................................................................................................................................[done]
Some of the repositories have not been refreshed because of an error.
Updated by andriinikitin 18 days ago ยท Edited
- Status changed from New to Feedback
- Assignee set to andriinikitin
In my understanding the asynchronous workflow of the infrastructure (OBS publishing, syncing to openSUSE mirrors, and download redirector scanner) does not guarantee absence of occasional errors related to concurrent changes.
Especially for the projects that are published often and being requested by many users.
Now, caching at CDN side probably contributes to the problem to some extend.
So, first recommendation will be: just retry in a few minutes and see if the problem is resolved.
If that doesn't help or if you still want us to look into the root cause - please provide corresponding fragment of timeline from /var/log/zypper.log , it should have more explanation e.g. about timing and exact url(s) in use, status codes, etc.
Regards,
Andrii Nikitin
Updated by devzzzero 16 days ago
Hi, after forcibly removing the 15.5 update-sle repo, (and then having appear back magically), it now seems to be fixed.
I am still somewhat suspicious -- are you guys sure you guys haven't been hacked?
Obviously, a successful hijacking of an OS update service would be a great way to screw people over for fun and profit.......
Thank you.
p.s.
(Please do not dismiss my question out of hand without due diligence.)
p.p.s. I had the update outage from about late March 2024 to about 3 days ago.
I had assumed that it was a glitch at first, and ignored updating, until about a week ago when I decided to manually update, and ran into the issue repeatedly.
That seems to be an inordinately long time for a "glitch"
Updated by andriinikitin 15 days ago
devzzzero wrote in #note-6:
I am still somewhat suspicious -- are you guys sure you guys haven't been hacked?
Obviously, a successful hijacking of an OS update service would be a great way to screw people over for fun and profit.......
It is possible that a mirror might be hacked / provide corrupted files, etc. But zypper and rpm systems have internal integrity checks of packages, which will catch that.
In other words - compromised download infrastructure will not lead to compromised target systems.
You can read more in this paragraph that I added to the wiki recently:
https://en.opensuse.org/openSUSE:Mirrors#Security_information_about_using_mirrors
p.p.s. I had the update outage from about late March 2024 to about 3 days ago.
I had assumed that it was a glitch at first, and ignored updating, until about a week ago when I decided to manually update, and ran into the issue repeatedly.
That seems to be an inordinately long time for a "glitch"
Again - we need to look at /var/log/zypper.log for problem days to be able to comment about details.
Updated by andriinikitin 14 days ago
- File summary.log summary.log added
devzzzero wrote in #note-8:
Thank you. I emailed the logs to andrii.nikitin @ suse.com
I've attached file summary.log captured with command:
xzgrep -A1 -E 'Exiting main|Hi, me zypper|ABORT|Signature verification failed' zypper.log* | grep -v -- '--' > summary.log
It indicates no problem with updates for recent moths.
There was problem on 26-Apr with repo refresh during zypper search, but it resolved after retry in few minutes.
Updated by andriinikitin 8 days ago
vkrevs wrote:
- File './repodata/432eb59088755eb918c8b75cdb13917f37c7f11405d54afa8a673d235190f93d-deltainfo.xml.gz' not found on medium 'http://cdn.opensuse.org/update/leap/15.5/sle'
Another case was reported on slack and it looks I have identified root cause: repomd.xml is rendered by Apache instead of MirrorCache and it sets incorrect cache control flags, so repomd.xml is cached on cdn longer than needed.
I plan to fix it until tomorrow evening
Updated by andriinikitin 8 days ago
- Status changed from Feedback to In Progress