On Thu Aug 28, 2025 at 4:11 PM SAST, Gioele Pannetto via dovecot wrote: > Hi,
Hi! I fired up a test VM with Rocky Linux 8.10 to see what's happening. > > I'm having issues while installing Dovecot 2.4 on a Rocky Linux 8.10 serv= er. > > > When I run dnf update I get a GPG error: > > Problem opening package dovecot-2.4.1-4.x86_64.rpm > > Error: GPG check FAILED This happens here, too. > > If I try to import the key manually with=C2=A0rpm --import https://repo.d= ovecot.org/DOVECOT-REPO-GPG-2.4=C2=A0I get:=C2=A0error: https://repo.doveco= t.org/DOVECOT-REPO-GPG-2.4: key 1 import failed. > Same here. The error I get: $ rpm -vvv --checksig /var/cache/dnf/dovecot-2.4-latest-817d1236de55207c/= packages/dovecot-2.4.1-4.x86_64.rpm=20 ufdio: 1 reads, 17154 total bytes in 0.000003 secs D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key D: loading keyring from rpmdb D: opening db environment /var/lib/rpm cdb:0x401 D: opening db index /var/lib/rpm/Packages 0x400 mode=3D0x0 D: locked db index /var/lib/rpm/Packages D: opening db index /var/lib/rpm/Name 0x400 mode=3D0x0 D: read h# 377=20 Header SHA1 digest: OK D: added key gpg-pubkey-6d745a60-60287f36 to keyring D: read h# 615=20 Header SHA1 digest: OK D: added key gpg-pubkey-2f86d6a1-5cf7cefb to keyring D: Using legacy gpg-pubkey(s) from rpmdb /var/cache/dnf/dovecot-2.4-latest-817d1236de55207c/packages/dovecot-2.4.1= -4.x86_64.rpm: Header DSA signature: BAD (package tag 267: invalid OpenPGP signature= ) Header SHA256 digest: OK Header SHA1 digest: OK Payload SHA256 digest: OK MD5 digest: OK ufdio: 104 reads, 3297736 total bytes in 0.000344 secs D: closed db index /var/lib/rpm/Packages D: closed db index /var/lib/rpm/Name D: closed db environment /var/lib/rpm The Dovecot 2.4 key appears to be an ed25119 key. Check with: $ gpg --list-packets DOVECOT-REPO-GPG-2.4 | head However, RPM 4.14.3, which is the version of RPM on Rocky 8.10, does not seem to support Ed25119 signatures. This has nothing to do with OpenSSL, by the way. The GnuPG version does support Ed25519, but RPM does not seem to invoke it. From the RPM release notes I gather that RPM introduced support for EdDSA signature in version 4.17.0 [0]. RedHat, on the other hand, appears to have introduced that support with RHEL 9, though in RPM version 4.16 [1]. The merge appears to have happened in March 2021 [2]. However that may be, EL8 does not seem to support Ed25519. You could reach out to Dovecot and ask if they could also publish an older (RSA?) key for Dovecot 2.4. Alternatively, you would have to disable the gpgcheck for this repo. That would not be ideal, but I am not sure what other options you have, other than sticking with Dovecot 2.3 or upgrading to EL9 or EL10. The repo does not publish .sig files for the rpm's, so you can't manually check them via gpg, either. I hope this helps. Kind regards, Edmund Lodewijks (Just a hobbyist) [0]: https://rpm.org/wiki/Releases/4.17.0 [1]: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/ht= ml/9.0_release_notes/new-features?utm_source=3Dchatgpt.com [2]: https://github.com/rpm-software-management/rpm/pull/1202
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
