Re: Unable to install locally built rpms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Feb 28, 2023 at 9:39 AM Ralf Corsépius <rc040203@xxxxxxxxxx> wrote:
Hi,

[Resending here, because the test list doesn't allow me to post, there]

on f38, I am unable to install any locally built package (signed with a
local key, I have been using for many years):

# rpm -U xpetri-0.4.8-0.fc38.x86_64.rpm
error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 Signature,
key ID a6b9312e: BAD
error: xpetri-0.4.8-0.fc38.x86_64.rpm cannot be installed

# rpm -qip xpetri-0.4.8-0.fc38.x86_64.rpm
error: xpetri-0.4.8-0.fc38.x86_64.rpm: Header V4 RSA/SHA256 Signature,
key ID a6b9312e: BAD
error: xpetri-0.4.8-0.fc38.x86_64.rpm: not an rpm package (or package
manifest)


# dnf install xpetri-0.4.8-0.fc38.x86_64.rpm
Last metadata expiration check: 1:30:47 ago on Tue 28 Feb 2023 06:25:45
AM CET.
Dependencies resolved.
...
     0.4.8-0.fc38                              @commandline
...
Installing dependencies:
...
Downloading Packages:
(1/6): XXX.rpm ...
Total                                                           1.2 MB/s
| 130 kB     00:00
...
Problem opening package XXX.rpm
...
The downloaded packages were saved in cache until the next successful
transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED



Worse, after trying forcefully to install packages using rpm -U --nogpg
this happens:

# rpm -qa
gpg-pubkey-d651ff2e-5dadbbc1
gpg-pubkey-8ff214b4-3afa5d46
gpg-pubkey-a6b9312e-5227e975
gpg-pubkey-94843c65-5dadbc64
error: rpmdbNextIterator: skipping h#       5
Header V4 DSA/SHA1 Signature, key ID 8ff214b4: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
error: rpmdbNextIterator: skipping h#       6
Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
gpg-pubkey-5323552a-6112bcdc
...
=> nogpg is not ignored, as it is supposed to be.


What are people supposed to do?

That's most certainly this problem:
https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594

I don't understand these security measures much, but creating a new key using modern tools should be sufficient to resolve this. See the article to learn how to detect and uninstall already affected packages present on your system first.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux