On 2/15/2023 11:35 AM, Kevin Fenzi wrote:
On Wed, Feb 15, 2023 at 07:41:47AM -0800, Scott Beamer wrote:
Greetings,
I've been unable to import public GPG keys in Fedora 38. Example attempts:
$ sudo rpm --import https://dl.google.com/linux/linux_signing_key.pub
[sudo] password for scott:
error: Certificate A040830F7FAC5991:
Policy rejects A040830F7FAC5991: No binding signature at time
2023-02-15T15:31:30Z
error: https://dl.google.com/linux/linux_signing_key.pub: key 1 import
failed.
error: Certificate 7721F63BD38B4796:
Policy rejects 7721F63BD38B4796: No binding signature at time
2023-02-15T15:31:30Z
error: https://dl.google.com/linux/linux_signing_key.pub: key 2 import
failed.
AND
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc
error: Certificate EB3E94ADBE1229CF:
Policy rejects EB3E94ADBE1229CF: No binding signature at time
2023-02-15T15:32:55Z
error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import
failed.
I'm not sure what the problem is. It's not been an issue in Fedora 37.
It's likely the crypto-policy disallowing SHA-1.
See:
https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/
https://ask.fedoraproject.org/t/certain-third-party-rpms-fail-to-install-update-remove-due-to-sha1-signature-verification/31594
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
kevin
Yep. Lovely. Getting Microsoft and Google to fix this should be easy
(ok, not really).
Thanks.
Scott
_______________________________________________
test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
