On Tue, 28 Feb 2023 at 07:18, Ralf Corsépius <rc040...@freenet.de> wrote:
> > > Am 28.02.23 um 10:34 schrieb Kamil Paral: > > > That's most certainly this problem: > > > https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 > < > https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 > > > > > Yes, it certainly is this problem. > > AFAICT, the cause seems to be my old gpg-signing key (created 2013) is > using "digest algo 2" signature digests (whatever this means). > > I think that means the key is using SHA-1 keys (going from https://bfh.science/OLD/software/gnupg/best-practice.html) It looks like you can update a GPG key to the newer hash with something like https://wiki.ubuntu.com/SecurityTeam/GPGMigration (or https://old.nixaid.com/gpg-migration-sha1-to-sha2/ though lots of ads ) > > I don't understand these security measures much, but creating a new key > > using modern tools should be sufficient to resolve this. > > Which tools whould you suggest? So far, for me, all such attempts, using > seahorse on fc37 failed. > > Though the newly created key seems to comply to the new rules, now gpg > -sign and rpm --resign fail: > > > # rpm --resign libmail-2.3.5-1.fc38.x86_64.rpm > libmail-2.3.5-1.fc38.x86_64.rpm: > gpg: signing failed: Permission denied > gpg: signing failed: Permission denied > error: gpg exec failed (2) > > No idea, about what's going on. > > > See the article > > to learn how to detect and uninstall already affected packages present > > on your system first. > > Well, ... > > IMHO, this stuff + FC38's rpm and dnf are not in a release-ready shape. > Too many cryptic and non-understandable/non-readable error messages, far > too radical changes, far too little backward compatibility and far too > little help. > > Ralf > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
