[FC] Warning: File 'repomd.xml' from repository 'FCL-leap' is unsigned.
9 views
Skip to first unread message
Felix Miata
Jan 19, 2026, 7:41:26 PMJan 19
to file-co...@googlegroups.com
# inxi -S
System:
Host: gx151 Kernel: 6.4.0-150600.23.78-default arch: x86_64 bits: 64
Desktop: KDE Plasma v: ERR-101 Distro: openSUSE Leap 15.6
# cat /etc/zypp/repos.d/FCL-leap.repo
[FCL-leap]
autorefresh=0
baseurl=http://silk.apana.org.au/rpm-opensuse15-unstable-dev
enabled=1
gpgcheck=1
gpgkey=https://silk.apana.org.au/debian/fc.public.key
name=FCL-leap
# zypper ref
Repository 'Update' is up to date.
Repository 'UpdateBP' is up to date.
Repository 'UpdateNonOSS' is up to date.
Repository 'UpdateSLE' is up to date.
Looking for gpg keys in repository FCL-leap.
gpgkey=https://silk.apana.org.au/debian/fc.public.key
Warning: File 'repomd.xml' from repository 'FCL-leap' is unsigned.
Note: Signing data enables the recipient to verify that no modifications
occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a
corrupted system
and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the
integrity of the
whole repo.
Warning: We can't verify that no one meddled with this file, so it might not
be trustworthy
anymore! You should not continue unless you know it's safe.
File 'repomd.xml' from repository 'FCL-leap' is unsigned.
Continue? [yes/no] (no): y
Retrieving repository 'FCL-leap' metadata ..................................[done]
Building repository 'FCL-leap' cache .......................................[done]
Repository 'KDE3' is up to date.
Repository 'Libdvdcss' is up to date.
Repository 'NonOSS' is up to date.
Repository 'OSS' is up to date.
Repository 'homeEcsosMC' is up to date.
Repository 'openh264' is up to date.
All repositories have been refreshed.
#
Result is same whether http or https. fc.public.key was imported with rpm years
ago. Besides setting gpgcheck=0, what's necessary in order to avoid need to answer
this warning on every zypper transaction involving an fcl repo refresh?
--
Evolution as taught in public schools is, like religion,
based on faith, not based on science.
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata
System:
Host: gx151 Kernel: 6.4.0-150600.23.78-default arch: x86_64 bits: 64
Desktop: KDE Plasma v: ERR-101 Distro: openSUSE Leap 15.6
# cat /etc/zypp/repos.d/FCL-leap.repo
[FCL-leap]
autorefresh=0
baseurl=http://silk.apana.org.au/rpm-opensuse15-unstable-dev
enabled=1
gpgcheck=1
gpgkey=https://silk.apana.org.au/debian/fc.public.key
name=FCL-leap
# zypper ref
Repository 'Update' is up to date.
Repository 'UpdateBP' is up to date.
Repository 'UpdateNonOSS' is up to date.
Repository 'UpdateSLE' is up to date.
Looking for gpg keys in repository FCL-leap.
gpgkey=https://silk.apana.org.au/debian/fc.public.key
Warning: File 'repomd.xml' from repository 'FCL-leap' is unsigned.
Note: Signing data enables the recipient to verify that no modifications
occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a
corrupted system
and in extreme cases even to a system compromise.
Note: File 'repomd.xml' is the repositories master index file. It ensures the
integrity of the
whole repo.
Warning: We can't verify that no one meddled with this file, so it might not
be trustworthy
anymore! You should not continue unless you know it's safe.
File 'repomd.xml' from repository 'FCL-leap' is unsigned.
Continue? [yes/no] (no): y
Retrieving repository 'FCL-leap' metadata ..................................[done]
Building repository 'FCL-leap' cache .......................................[done]
Repository 'KDE3' is up to date.
Repository 'Libdvdcss' is up to date.
Repository 'NonOSS' is up to date.
Repository 'OSS' is up to date.
Repository 'homeEcsosMC' is up to date.
Repository 'openh264' is up to date.
All repositories have been refreshed.
#
Result is same whether http or https. fc.public.key was imported with rpm years
ago. Besides setting gpgcheck=0, what's necessary in order to avoid need to answer
this warning on every zypper transaction involving an fcl repo refresh?
--
Evolution as taught in public schools is, like religion,
based on faith, not based on science.
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata
Brian Havard
Jan 22, 2026, 9:09:02 PMJan 22
to file-co...@googlegroups.com
On 20/1/26 11:41, Felix Miata wrote:
> File 'repomd.xml' from repository 'FCL-leap' is unsigned.
I think I've got this sorted out now.
> File 'repomd.xml' from repository 'FCL-leap' is unsigned.
Felix Miata
Feb 2, 2026, 10:30:36 AMFeb 2
to file-co...@googlegroups.com
Brian Havard composed on 2026-01-23 13:08 (UTC+1100):
> Felix Miata wrote:
>> File 'repomd.xml' from repository 'FCL-leap' is unsigned.
> I think I've got this sorted out now.
OK in openSUSE and .debs so far, but not Fedora:
# dnf upgrade
Updating and loading repositories:
Repositories loaded.
Package Arch Version Repository Size
Upgrading:
filecommander x86_64 2.50-vgit_1877_rocky8 fcl 1.5 MiB
replacing filecommander x86_64 2.50-vgit_1867_rocky8 fcl 1.5 MiB
Transaction Summary:
Upgrading: 1 package
Replacing: 1 package
Total size of inbound packages is 567 KiB. Need to download 0 B.
After this operation, 716 B extra will be used (install 2 MiB, remove 2 MiB).
Is this ok [y/N]: y
[1/1] filecommander-0:2.50-vgit_1877_rocky8.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s
>>> Already downloaded
------------------------------------------------------------------------------------------------------------
[1/1] Total 100% | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi 100% [==================] | 500.0 B/s | 677.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.public.key 100% | 1.2 KiB/s | 677.0 B | 00m01s
------------------------------------------------------------------------------------------------------------
[2/2] Total 100% | 0.0 B/s | 0.0 B | 00m00s
Importing OpenPGP key 0x10BB5BF8:
Fingerprint: F1F26943B898146B2B67084587E7A67D10BB5BF8
From : http://silk.apana.org.au/debian/fc.public.key
Is this ok [y/N]: y
Transaction failed: Signature verification failed.
An error occurred importing key "http://silk.apana.org.au/debian/fc.public.key": Failed to import public key "http://silk.apana.org.au/debian/fc.public.key" to rpmdb: Certificate 87E7A67D10BB5BF8:
Policy rejects 87E7A67D10BB5BF8: Policy rejected asymmetric algorithm
OpenPGP check for package "filecommander-2.50-vgit_1877_rocky8.x86_64" (/var/cache/libdnf5/fcl-46ec855837286390/packages/filecommander-2.50-vgit_1877_rocky8.x86_64.rpm) from repo "fcl" has failed: Public key import failed.
#
> Felix Miata wrote:
>> File 'repomd.xml' from repository 'FCL-leap' is unsigned.
> I think I've got this sorted out now.
# dnf upgrade
Updating and loading repositories:
Repositories loaded.
Package Arch Version Repository Size
Upgrading:
filecommander x86_64 2.50-vgit_1877_rocky8 fcl 1.5 MiB
replacing filecommander x86_64 2.50-vgit_1867_rocky8 fcl 1.5 MiB
Transaction Summary:
Upgrading: 1 package
Replacing: 1 package
Total size of inbound packages is 567 KiB. Need to download 0 B.
After this operation, 716 B extra will be used (install 2 MiB, remove 2 MiB).
Is this ok [y/N]: y
[1/1] filecommander-0:2.50-vgit_1877_rocky8.x86_64 100% | 0.0 B/s | 0.0 B | 00m00s
>>> Already downloaded
------------------------------------------------------------------------------------------------------------
[1/1] Total 100% | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi ???% [<=> ] | 0.0 B/s | 0.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.publi 100% [==================] | 500.0 B/s | 677.0 B | 00m00s
[1/2] http://silk.apana.org.au/debian/fc.public.key 100% | 1.2 KiB/s | 677.0 B | 00m01s
------------------------------------------------------------------------------------------------------------
[2/2] Total 100% | 0.0 B/s | 0.0 B | 00m00s
Importing OpenPGP key 0x10BB5BF8:
Fingerprint: F1F26943B898146B2B67084587E7A67D10BB5BF8
From : http://silk.apana.org.au/debian/fc.public.key
Is this ok [y/N]: y
Transaction failed: Signature verification failed.
An error occurred importing key "http://silk.apana.org.au/debian/fc.public.key": Failed to import public key "http://silk.apana.org.au/debian/fc.public.key" to rpmdb: Certificate 87E7A67D10BB5BF8:
Policy rejects 87E7A67D10BB5BF8: Policy rejected asymmetric algorithm
OpenPGP check for package "filecommander-2.50-vgit_1877_rocky8.x86_64" (/var/cache/libdnf5/fcl-46ec855837286390/packages/filecommander-2.50-vgit_1877_rocky8.x86_64.rpm) from repo "fcl" has failed: Public key import failed.
#
Reply all
Reply to author
Forward
0 new messages