Re: F38 proposal: Strong crypto settings: phase 3, forewarning 2/2 (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tommy Nguyen kirjoitti 15.9.2022 klo 16.28:


On Thu, 2022-09-15 at 16:18 +0300, Otto Liljalaakso wrote:

To test this, I did enable TEST-FEDORA39 on my system, first
installed
as Fedora 24, now running 36. For some rpm and dnf operations, I get
the
following kind of errors:

error: rpmdbNextIterator: skipping h#     740
Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK

I first noticed this with 'dnf upgrade', simplified to 'dnf reinstall
glibc', perhaps the best reproduces is 'rpm -qa > /dev/null'.

Regardless of these errors, all the commands work as expected. Still
I
wonder, is it expected that old installations will see, and keep
seeing,
these errors after distrusting SHA-1?


That is the RPM Fusion signing key.
Yes, I have RPM Fusion enabled. I also see that there are more problems with RPM Fusion: 

$ sudo dnf install vlc
...
Problem opening package faad2-libs-2.10.0-3.fc36.x86_64.rpm
Problem opening package libdca-0.0.7-5.fc36.x86_64.rpm
Problem opening package live555-2022.02.07-1.fc36.x86_64.rpm
The downloaded packages were saved in cache until the next successful transaction. 
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
If I install vlc when the DEFAULT policy is in force, then put TEST-FEDORA39 back, I cannot remove vlc any more: 

$ sudo dnf remove vlc
...
Remove  96 Packages
Freed space: 377 M
Is this ok [y/N]: y
Running transaction check
error: rpmdbNextIterator: skipping h#     526
Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
Error: An rpm exception occurred: package not installed
So maybe it is just that, for Fedora 36 at least, RPM Fusion it not compatible with the new crypto settings.
I also see the following key ids in the errors I reported in the original message. How can I check what those are, more RPM Fusion keys? 

6dc1be18
d651ff2e
94843c65
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux