> On Sep 15, 2022, at 10:26 AM, Otto Liljalaakso <otto.liljalaakso@xxxxxx> wrote: > > Tommy Nguyen kirjoitti 15.9.2022 klo 16.28: >>> On Thu, 2022-09-15 at 16:18 +0300, Otto Liljalaakso wrote: >>> To test this, I did enable TEST-FEDORA39 on my system, first >>> installed >>> as Fedora 24, now running 36. For some rpm and dnf operations, I get >>> the >>> following kind of errors: >>> >>> error: rpmdbNextIterator: skipping h# 740 >>> Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD >>> Header SHA256 digest: OK >>> Header SHA1 digest: OK >>> >>> I first noticed this with 'dnf upgrade', simplified to 'dnf reinstall >>> glibc', perhaps the best reproduces is 'rpm -qa > /dev/null'. >>> >>> Regardless of these errors, all the commands work as expected. Still >>> I >>> wonder, is it expected that old installations will see, and keep >>> seeing, >>> these errors after distrusting SHA-1? >> That is the RPM Fusion signing key. > > Yes, I have RPM Fusion enabled. I also see that there are more problems with RPM Fusion: > > $ sudo dnf install vlc > ... > Problem opening package faad2-libs-2.10.0-3.fc36.x86_64.rpm > Problem opening package libdca-0.0.7-5.fc36.x86_64.rpm > Problem opening package live555-2022.02.07-1.fc36.x86_64.rpm > The downloaded packages were saved in cache until the next successful transaction. > You can remove cached packages by executing 'dnf clean packages'. > Error: GPG check FAILED > > If I install vlc when the DEFAULT policy is in force, then put TEST-FEDORA39 back, I cannot remove vlc any more: > > $ sudo dnf remove vlc > ... > Remove 96 Packages > Freed space: 377 M > Is this ok [y/N]: y > Running transaction check > error: rpmdbNextIterator: skipping h# 526 > Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD > Header SHA256 digest: OK > Header SHA1 digest: OK > Error: An rpm exception occurred: package not installed > > So maybe it is just that, for Fedora 36 at least, RPM Fusion it not compatible with the new crypto settings. > > I also see the following key ids in the errors I reported in the original message. How can I check what those are, more RPM Fusion keys? > > 6dc1be18 > d651ff2e > 94843c65 > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue A while back I reported the issue and someone said that it has to do with their sub key. Not much that can be done except report it to rpmfusion (unless it’s already been done). In order to identify the rest of the keys, try: rpm -qa gpg-pubkey\* rpm -qi gpg-pubkey-keyid-goeshere For now either disable rpmfusion or set the crypto policy back to default. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
