Hi, I suspect it's a chicken and egg issue: * Look at /etc/yum.repos.d/fedora-rawhide.repo * You can see the line: gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch * But "$releasever" is determined by the version of "fedora-release" package. * So dnf, tries to (re)import f30 gpg key. * The import is OK, but doesn't help, because packages are signed with f31 key. I cannot test it now, since I already did the "manual upgrade" workaround yesterday. Anyone that want to check it: * Temporarily edit "gpgkey" and modify "$releasever" to "31" * Use dnf to upgrade and check if it imports the new GPG key and work correctly. Bye, -- Oron Peled Voice: +972-4-8228492 "If you take a class in large-scale robotics, can you end up in a situation where the homework eats your dog?" -- Jean-Baptiste Queru On Monday, 11 March 2019 15:05:17 IST Steven A. Falco wrote: > On 3/11/19 7:31 AM, Vít Ondruch wrote: > > Hi, > > > > Can somebody please enlighten me, how to update Rawhide after branching > > and not using --nogpgcheck? > > > > It seems that Rawhide keys were added in fedora-repos-30-0.4. So this is > > the package which is still "rawhide" package and has "f31" keys. But > > this package was not probably signed, because this directory is empty: > > > > https://kojipkgs.fedoraproject.org/packages/fedora-repos/30/0.4/data/signed/ > > > > Installing anything from Rawhide fails, because of missing GPG keys. > > > > So is there a way to get the GPG keys via DNF? Would it be possible to > > sign fedora-repos and fedora-release packages by older key to allow > > smooth updates? > > I was able to update by first manually updating the keys via: > > cd /var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages > rpm -Uvh \ > fedora-gpg-keys-31-0.1.noarch.rpm \ > fedora-release-31-0.1.noarch.rpm \ > fedora-release-common-31-0.1.noarch.rpm \ > fedora-repos-31-0.1.noarch.rpm \ > fedora-repos-rawhide-31-0.1.noarch.rpm > > Then I was able to do a normal "dnf update --refresh". > > Note that your package directory location may be slightly different. I don't know if the "rawhide-2d95c80a1fa0a67d" part is consistent or just where mine happened to be. But if you search for one of the "keys" packages inside the dnf cache area you should be able to find it. > > Steve > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx