Documentation survey

同步查错

同步失败的原因有很多。要获取有关连接问题的详细信息,请运行以下命令:

export URLGRABBER_DEBUG=DEBUG
spacewalk-repo-sync -c <通道名称> <选项> > /var/log/spacewalk-repo-sync-$(date +%F-%R).log 2>&1

还可以检查 Zypper 在 /var/log/zypper.log 处创建的日志

GPG 密钥不匹配

SUSE Multi-Linux Manager 不会自动信任第三方 GPG 密钥。如果软件包同步失败,原因可能是某个 GPG 密钥不受信任。您可以通过打开 /var/log/rhn/reposync 并查找如下所示的错误来确定这是否是原因所在:

['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-
nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']
RepoMDError:无法访问储存库。可能未导入储存库 GPG 密钥

要解决该问题,需要将 GPG 密钥导入 SUSE Multi-Linux Manager。有关导入 GPG 密钥的详细信息,请参见 储存库元数据

spacewalk-repo-sync 去除 GPG 密钥

使用 spacewalk-repo-sync 手动导入储存库的 GPG 密钥后,如果不再需要此密钥(例如,由于该密钥已泄露或仅用于测试目的),可通过以下命令从 spacewalk-repo-sync 使用的 zypper RPM 数据库中去除该密钥:

rpm --dbpath=/var/lib/spacewalk/reposync/root/var/lib/rpm/ -e gpg-pubkey-*

其中 gpg-pubkey-* 是要去除的 GPG 密钥的名称。

续订 GPG 密钥

如果您要续订某个 GPG 密钥,请先去除旧密钥,然后生成并导入新密钥。

校验和不匹配

如果校验和失败,/var/log/rhn/reposync/*.log 日志文件中可能会显示如下所示的错误:

Repo Sync Errors: (50, u'checksums did not match
326a904c2fbd7a0e20033c87fc84ebba6b24d937 vs
afd8c60d7908b2b0e2d95ad0b333920aea9892eb', 'Invalid information uploaded
to the server')
The package microcode_ctl-1.17-102.57.62.1.x86_64 which is referenced by
patch microcode_ctl-8413 was not found in the database. This patch has
been skipped.

可以通过在命令提示符下使用 -Y 选项运行同步来解决此错误:

spacewalk-repo-sync --channel <通道名称> -Y

此选项在同步之前校验储存库数据,而不是依赖于本地缓存的校验和。

连接超时

如果下载超时并出现以下错误:

28:操作速度太慢。过去 300 秒的传输速率小于 1000 字节/秒

您可以通过在 /etc/rhn/rhn.conf 中指定 reposync_timeoutreposync_minrate 配置值来解决此错误。默认情况下,如果在 300 秒内的传输速率小于 1000 字节/秒,则下载将会中止。您可以使用 reposync_minrate 调整每秒字节数,并使用 reposync_timeout 调整等待的秒数。

Manually Trusting the Key During reposync

It is possible that in some cases when reposync is run, you may need to accept the GPG key manually. For example:

# spacewalk-repo-sync -c nvidia-compute-sle-15-x86_64-we-sp3
17:07:40 ======================================
17:07:40 | Channel: nvidia-compute-sle-15-x86_64-we-sp3
17:07:40 ======================================
17:07:40 Sync of channel started.
New repository or package signing key received:
  Repository:       nvidia-compute-sle-15-x86_64-we-sp3
  Key Fingerprint:  610C 7B14 E068 A878 070D A4E9 9CD0 A493 D42D 0685
  Key Name:         cudatools <cudatools@nvidia.com>
  Key Algorithm:    RSA 4096
  Key Created:      Thu Apr 14 16:04:01 2022
  Key Expires:      (does not expire)
  Rpm Name:         gpg-pubkey-d42d0685-62589a51
    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.
    Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
    you are not sure whether the presented key is authentic, ask the repository provider or check
    their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
    are using.
Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r):