On Wed, Feb 15, 2023 at 07:41:47AM -0800, Scott Beamer wrote: > Greetings, > > I've been unable to import public GPG keys in Fedora 38. Example attempts: > > $ sudo rpm --import https://dl.google.com/linux/linux_signing_key.pub > [sudo] password for scott: > error: Certificate A040830F7FAC5991: > Policy rejects A040830F7FAC5991: No binding signature at time > 2023-02-15T15:31:30Z > error: https://dl.google.com/linux/linux_signing_key.pub: key 1 import > failed. > error: Certificate 7721F63BD38B4796: > Policy rejects 7721F63BD38B4796: No binding signature at time > 2023-02-15T15:31:30Z > error: https://dl.google.com/linux/linux_signing_key.pub: key 2 import > failed. > > AND > > $ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc > error: Certificate EB3E94ADBE1229CF: > Policy rejects EB3E94ADBE1229CF: No binding signature at time > 2023-02-15T15:32:55Z > error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import > failed. > > I'm not sure what the problem is. It's not been an issue in Fedora 37. It's likely the crypto-policy disallowing SHA-1. See: https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/ https://ask.fedoraproject.org/t/certain-third-party-rpms-fail-to-install-update-remove-due-to-sha1-signature-verification/31594 https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2 kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
