Bug 2215440
| Summary: | error: Verifying a signature using certificate | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Donald O'Dona <thomas.paulsen> |
| Component: | rust-rpm-sequoia | Assignee: | Rust SIG <rust-sig> |
| Status: | NEW --- | QA Contact: | |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 38 | CC: | daniel.mach, decathorpe, jkolarik, jmracek, jrohel, mblaha, packaging-team-maint, pkratoch, pmatilai, ppisar, rpm-software-management, rust-sig |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Most likely this is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=2214345 As a workaround, would upgrading `brave-keyring` package to the latest version help? I have the same problem(https://bugzilla.redhat.com/show_bug.cgi?id=2215440): Unfortunately upgrading `brave-keyring` package, doesn't help on my machine The error message probably comes rpm-sequoia, a GPG backend for rpm library, and it means that a a stored time of a self-signature of a PGP key signing the package is bogus. Could you please provide us with an URL to the repository and to the repository key? Is it <https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo>? Indeed dnf has no say in this matter, this comes from rpm-sequoia, reassigning. The issue is being discussed upstream: https://github.com/rpm-software-management/rpm-sequoia/issues/46 with a suggested PR that will allow people to upgrade away from affected packages: https://github.com/rpm-software-management/rpm-sequoia/pull/47 As a temporary workaround you can 'rpm -e --nosignature brave-keyring' after which the new package can be installed cleanly. Updating rpm-sequoia to 1.4.1 should allow for a clean upgrade path from this situation. It's now in rawhide (bug 2217961) but needs pulling into F38 too. |
Description of problem: Version-Release number of selected component (if applicable): dnf --version 4.16.1 Installed: dnf-0:4.15.0-1.fc37.noarch at Mon 24 Apr 2023 08:00:18 AM GMT Built : Fedora Project at Thu 06 Apr 2023 08:40:00 AM GMT How reproducible: Steps to Reproduce: 1. dnf remove{reinstall,install} <module> 2. module for example brave-browser 3. Actual results: Dependencies resolved. ... Removing: brave-browser x86_64 1.51.114-1 @brave-browser-rpm-release.s3.brave.com_x86_64 322 M Removing unused dependencies: brave-keyring noarch 1.10-1 @brave-browser-rpm-release.s3.brave.com_x86_64 4.4 k Transaction Summary ... Remove 2 Packages Freed space: 322 M Is this ok [y/N]: y Running transaction check error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support>): Certificate 0BB75829C2D4E821 invalid: policy violation because: No binding signature at time 2023-05-09T19:32:44Z error: rpmdbNextIterator: skipping h# 3966 Header V4 RSA/SHA512 Signature, key ID 82d3dc6c: BAD Header SHA256 digest: OK Header SHA1 digest: OK Error: An rpm exception occurred: package not installed Expected results: Removed,instaled,reinstalled component Additional info: