On Tue, Feb 28, 2023 at 9:39 AM Ralf Corsépius <rc040...@freenet.de> wrote:
> Hi, > > [Resending here, because the test list doesn't allow me to post, there] > > on f38, I am unable to install any locally built package (signed with a > local key, I have been using for many years): > > # rpm -U xpetri-0.4.8-0.fc38.x86_64.rpm > error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 Signature, > key ID a6b9312e: BAD > error: xpetri-0.4.8-0.fc38.x86_64.rpm cannot be installed > > # rpm -qip xpetri-0.4.8-0.fc38.x86_64.rpm > error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 Signature, > key ID a6b9312e: BAD > error: xpetri-0.4.8-0.fc38.x86_64.rpm: not an rpm package (or package > manifest) > > > # dnf install xpetri-0.4.8-0.fc38.x86_64.rpm > Last metadata expiration check: 1:30:47 ago on Tue 28 Feb 2023 06:25:45 > AM CET. > Dependencies resolved. > ... > 0.4.8-0.fc38 @commandline > ... > Installing dependencies: > ... > Downloading Packages: > (1/6): XXX.rpm ... > Total 1.2 MB/s > | 130 kB 00:00 > ... > Problem opening package XXX.rpm > ... > The downloaded packages were saved in cache until the next successful > transaction. > You can remove cached packages by executing 'dnf clean packages'. > Error: GPG check FAILED > > > > Worse, after trying forcefully to install packages using rpm -U --nogpg > this happens: > > # rpm -qa > gpg-pubkey-d651ff2e-5dadbbc1 > gpg-pubkey-8ff214b4-3afa5d46 > gpg-pubkey-a6b9312e-5227e975 > gpg-pubkey-94843c65-5dadbc64 > error: rpmdbNextIterator: skipping h# 5 > Header V4 DSA/SHA1 Signature, key ID 8ff214b4: BAD > Header SHA256 digest: OK > Header SHA1 digest: OK > error: rpmdbNextIterator: skipping h# 6 > Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD > Header SHA256 digest: OK > Header SHA1 digest: OK > gpg-pubkey-5323552a-6112bcdc > ... > => nogpg is not ignored, as it is supposed to be. > > > What are people supposed to do? > That's most certainly this problem: https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 I don't understand these security measures much, but creating a new key using modern tools should be sufficient to resolve this. See the article to learn how to detect and uninstall already affected packages present on your system first.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
