On Tue, 2023-02-28 at 10:34 +0100, Kamil Paral wrote: > On Tue, Feb 28, 2023 at 9:39 AM Ralf Corsépius <rc040...@freenet.de> > wrote: > > Hi, > > > > [Resending here, because the test list doesn't allow me to post, > > there] > > > > on f38, I am unable to install any locally built package (signed > > with a > > local key, I have been using for many years): > > > > # rpm -U xpetri-0.4.8-0.fc38.x86_64.rpm > > error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 > > Signature, > > key ID a6b9312e: BAD > > error: xpetri-0.4.8-0.fc38.x86_64.rpm cannot be installed > > > > # rpm -qip xpetri-0.4.8-0.fc38.x86_64.rpm > > error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 > > Signature, > > key ID a6b9312e: BAD > > error: xpetri-0.4.8-0.fc38.x86_64.rpm: not an rpm package (or > > package > > manifest) > > > > > > # dnf install xpetri-0.4.8-0.fc38.x86_64.rpm > > Last metadata expiration check: 1:30:47 ago on Tue 28 Feb 2023 > > 06:25:45 > > AM CET. > > Dependencies resolved. > > ... > > 0.4.8-0.fc38 @commandline > > ... > > Installing dependencies: > > ... > > Downloading Packages: > > (1/6): XXX.rpm ... > > Total 1.2 > > MB/s > > | 130 kB 00:00 > > ... > > Problem opening package XXX.rpm > > ... > > The downloaded packages were saved in cache until the next > > successful > > transaction. > > You can remove cached packages by executing 'dnf clean packages'. > > Error: GPG check FAILED > > > > > > > > Worse, after trying forcefully to install packages using rpm -U -- > > nogpg > > this happens: > > > > # rpm -qa > > gpg-pubkey-d651ff2e-5dadbbc1 > > gpg-pubkey-8ff214b4-3afa5d46 > > gpg-pubkey-a6b9312e-5227e975 > > gpg-pubkey-94843c65-5dadbc64 > > error: rpmdbNextIterator: skipping h# 5 > > Header V4 DSA/SHA1 Signature, key ID 8ff214b4: BAD > > Header SHA256 digest: OK > > Header SHA1 digest: OK > > error: rpmdbNextIterator: skipping h# 6 > > Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD > > Header SHA256 digest: OK > > Header SHA1 digest: OK > > gpg-pubkey-5323552a-6112bcdc > > ... > > => nogpg is not ignored, as it is supposed to be. > > > > > > What are people supposed to do? > > > > > That's most certainly this problem: > https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 > > I don't understand these security measures much, but creating a new > key using modern tools should be sufficient to resolve this. See the > article to learn how to detect and uninstall already affected > packages present on your system first.
I wrote this one reply in discussion.fedoraproject.org site , ATM ask.fedoraproject.org site and discussion site are independent sites. https://discussion.fedoraproject.org/t/header-v3-rsa-sha1-signature-key-id-d651ff2e-bad/42350 this issue definitely should go to the common bugs , IMO. > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- Sérgio M. B.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
