On 11/28/25 1:36 PM, Stephen Morris wrote:
Why isn't the upstream provider signing their rpms? If they are,
you need to import their key.
The software supply does have a key for their repository which I have
imported with rpmkey but it makes no difference to the issue, the dnf
install/reinstall still fails with a nodigest error.
I can reproduce the issue.
# rpmkeys --list
cc7d2edf4808effa0e00fc723413da98aa3e7f5e SoftMaker repository (GPG key
for signing files) <[email protected]> public key
c6e7f081cf80e13146676e88829b606631645531 Fedora (43) <fedora-43-
[email protected]> public key
# rpm --checksig vim-enhanced-9.1.1914-1.fc43.x86_64.rpm
vim-enhanced-9.1.1914-1.fc43.x86_64.rpm: digests signatures OK
# rpm --checksig softmaker-office-nx-1228.x86_64.rpm
softmaker-office-nx-1228.x86_64.rpm: DIGESTS signatures NOT OK
The weird thing is that the softmaker rpm appears to be signed twice
with the same key.
# rpm -qip vim-enhanced-9.1.1914-1.fc43.x86_64.rpm
Signature :
RSA/SHA256, Fri 14 Nov 2025 10:25:40 AM UTC, Key ID
829b606631645531
# rpm -qip softmaker-office-nx-1228.x86_64.rpm
Signature :
RSA/SHA256, Sat 06 Sep 2025 05:00:35 AM UTC, Key ID
3413da98aa3e7f5e
RSA/SHA256, Sat 06 Sep 2025 05:00:34 AM UTC, Key ID
3413da98aa3e7f5e
That might cause a problem.
Thanks Samuel, with the Softmaker package I installed their repository
as per their Fedora instructions, what was interesting was they supplied
Ubuntu instructions to create their key locally and import their
repository, but for Fedora they just said import their repository and
install the product, and, if Fedora prompts for the key then supply it.
I also downloaded rpms for FreeOffice and WPS Office (all 3 of which I
have installed under Windows as well) and the rpm's for those two
products also have the same digest issue. Can these issues be being
caused because of the migration to RPM 6? I've also seen instructions on
the net for importing gpg keys into Fedora (which may be old) and they
specified to use RPM --IMPORT not RPMKEYS --IMPORT which is what the RPM
6 documentation I was pointed at is specifying. Does this mean that
Fedora has branched away from mainstream Linux (I'm not suggesting this
is an issue if Fedora has done that)?
I've always used "rpm --import", but I expect they do the same thing.
It looks like I neglected to include the import line in the list of
commands in the previous email. I don't know why the key verification
is failing for those rpms. Maybe file an issue in rpm upstream to get
an answer. The double signature is very curious.
--
_______________________________________________
users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
