"zypper ref -f" with latest zypper/zypplib unable to authenticate

Problem:
With libzypp-17.37.5-150600.3.60.1 and zypper-1.14.90-150600.10.34.3 the command zypper ref -f (for cleaning up all repos and refresh them from scratch) runs into the following error:

Forcing raw metadata refresh
Looking for gpg keys in repository SLE-Product-SLES_SAP15-SP6…
gpgkey=https://foreman.…/katello/api/content_credentials/55/content
Authentication required for ‘https://foreman…’
User Name:
(waiting for user input forever(!) which is really bad when invoked by an update script for autopatching!)

Expected outcome:
Before (I downgraded to libzypp-17.36.7-150600.3.53.1.x86_64 and zypper-1.14.89-150600.10.31.1.x86_64) the command zypper ref -fwas doing fine.

Foreman and Proxy versions:
Foreman 3.13.1

Foreman and Proxy plugin versions:

Name	Description	Author	Version
foreman-tasks	The goal of this plugin is to unify the way of showing task statuses across the Foreman instance. It defines Task model for keeping the information about the tasks and Lock for assigning the tasks to resources. The locking allows dealing with preventing multiple colliding tasks to be run on the same resource. It also optionally provides Dynflow infrastructure for using it for managing the tasks.	Ivan Nečas	10.0.1
foreman_ansible	Ansible integration with Foreman	Daniel Lobato Garcia	15.0.1
foreman_dhcp_browser	Plugin for Foreman to browse and add/edit/delete DHCP leases independent of Foreman's host creation	Ohad Levy	0.1.2
foreman_discovery	MaaS Discovery Plugin engine for Foreman	Aditi Puntambekar, alongoldboim, Alon Goldboim, amirfefer, Amit Karsale, Amit Upadhye, Amos Benari, Avi Sharvit, Bryan Kearney, bshuster, Daniel Lobato, Daniel Lobato Garcia, Daniel Lobato García, Danny Smit, David Davis, Djebran Lezzoum, Dominic Cleal, Dominik Matoulek, Eric D. Helms, Ewoud Kohl van Wijngaarden, Frank Wall, Greg Sutcliffe, ChairmanTubeAmp, Ido Kanner, imriz, Imri Zvik, Ivan Nečas, Jan Matusz, John Mazzie, Joseph Mitchell Magen, June Zhang, kgaikwad, Lars Berntzon, ldjebran, Leos Stejskal, Lukas Zapletal, Lukáš Zapletal, Marek Hulan, Marek Hulán, MariaAga, Martin Bačovský, Matt Jarvis, Michael Moll, Nick, odovzhenko, Ohad Levy, Ondrej Prazak, Ondřej Ezr, Ori Rabin, orrabin, Partha Aji, Petr Chalupa, Phirince Philip, Rahul Bajaj, Robert Antoni Buj Gelonch, Ron Lavi, Scubafloyd, Sean O\'Keeffe, Sebastian Gräßl, Shimon Shtein, Shlomi Zadok, Stephen Benjamin, Swapnil Abnave, Thomas Gelf, Timo Goebel, Tomas Strych, Tom Caspy, Tomer Brisker, and Yann Cézard	25.0.0
foreman_dlm	Adds a Distributed Lock Manager to Foreman. This enables painless system updates for clusters.	Timo Goebel	4.0.0
foreman_expire_hosts	A Foreman plugin that allows hosts to expire at a configurable date. Hosts will be shut down and automatically deleted after a grace period.	Nagarjuna Rachaneni and Timo Goebel	9.0.1
foreman_gaffer_tape	Foreman plugin that contains patches, backports and features made for dmTECH.	Timo Goebel and Manuel Laug	5.0.0
foreman_leapp	A Foreman plugin to support inplace RHEL upgrades with Leapp utility.	Foreman Leapp team	2.0.1
foreman_monitoring	Foreman plugin for monitoring system integration.	Timo Goebel	3.3.0
foreman_puppet	Allow assigning Puppet environments and classes to the Foreman Hosts.	Ondřej Ezr and Shira Maximov	8.0.0
foreman_remote_execution	A plugin bringing remote execution to the Foreman, completing the config management functionality with remote management functionality.	Foreman Remote Execution team	14.0.2
foreman_rescue	Foreman Plugin to provide the ability to boot a host into a rescue system.	Timo Goebel	5.0.0
foreman_scc_manager	Foreman plugin to sync SUSE Customer Center products and repositories into Katello.	ATIX AG	4.0.0
foreman_snapshot_management	Foreman-plugin to manage snapshots in a virtual-hardware environments.	ATIX AG	4.0.0
foreman_statistics	Statistics and Trends for Foreman gives users overview of their infrastructure.	Ondrej Ezr	2.1.0
foreman_supervisory_authority	This plug-in for Foreman sends data to Elastic APM.	Timo Goebel	0.1.1
foreman_templates	Engine to synchronise provisioning templates from GitHub	Greg Sutcliffe	10.0.1
foreman_vault		dmTECH GmbH	3.0.0
foreman_virt_who_configure	A plugin to make virt-who configuration easy	Foreman virt-who-configure team	0.5.25
foreman_webhooks	Plugin for Foreman that allows to configure Webhooks.	Timo Goebel	4.0.0
foreman_wreckingball	Adds status checks of the VMWare VMs to Foreman.	Timo Goebel	6.0.0
katello	Katello adds Content and Subscription Management to Foreman. For this it relies on Candlepin and Pulp.	N/A	4.15.1
puppetdb_foreman	Disable hosts on PuppetDB after they are deleted or built in Foreman. Follow https://github.com/theforeman/puppetdb_foreman and raise an issue/submit a pull request if you need extra functionality. You can also find some help via the Foreman support pages (https://theforeman.org/support.html).	Daniel Lobato Garcia	6.0.2

Does anyone else has this issue with latest (or a more later) zypper/zypplib on SLES15SP6?

I asked SUSE and this problem is already known. They’re working on a fix for libzypp but they do not have any time estimate yet.

This needs"–non-interactive" parameter for broken zypper to be able to do a “zypper ref -f” again!

TL; DR:

  • the new workflow changed behaviour regarding gpgkey parameter
  • all (not only “most”) our repos use “repo_gpgcheck=off” - but also all our repos use “gpgcheck=1” ==> this combination is acceptable for us and for you/SUSE, too :slight_smile:
  • because “gpgkey=URL” isn’t accessible in our current setup (no auth!), we can and should remove it, as all gpgkeys are already in rpmdb
2 Likes