Since some days I get the above unexpected summary when updating my FEDORA 42, and since this happened I have now a lot of doubts whether or not my system still is sure. Is dnf now corrupted? Please help. Reproducible: Always Steps to Reproduce: 1.For example: "sudo dnf ugrade" 2.it works, but each time I get the msg "gpg: WARNING: No valid encryption subkey left over." 3. Actual Results: See reproducing steps. Expected Results: No warning
dnf check: No output!
The warning comes from GnuPG tool when checking an expiration time of installed keys by expired-pgp-keys libdnf5 plugin. The warning could be suppressed with <https://github.com/rpm-software-management/dnf5/commit/c910b09be803c2be95f4d5428285093d576bca9a> fix which is already in upstream but not yet in Fedora 42. To verify it I would need you to show me the public key you have in RPM database in which triggers this warning. I believe your system is secure despite the warning. I'm not sure whether the warning indeed only complains about missing a valid key for encryption (that's not a problem), or whether it mistakenly also pertain a missing valid key for verifying a signature (that should be a reason for removing the primary key from the system). To check it, I would again need to see the key. Is the warning followed by a DNF5 question for removing a key? To resolve the warning for good you would need to uninstall the key. To identify the key, you would have to import keys from RPM database one by one to GnuPG keyring and observe the warnings. A command like this could do it: for KEY in $(rpm -q gpg-pubkey); do echo $KEY; rpm -qi "$KEY" | gpg --import ; done Then paste an output for a key which triggered it here (an example: rpm -qi gpg-pubkey-e99d6ad1-64d2612c).
I was able to reproduce it. The warning is triggered with a main key whose subkey is for encryption only and which has expired. That means the warning correctly only pertains encryption keys. I also verified that developmental DNF5 code does not print the warning anymore.
FEDORA-2025-a5e5885906 (dnf5-5.2.15.0-1.fc42 and librepo-1.20.0-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-a5e5885906
FEDORA-2025-fb095dd283 (dnf5-5.2.15.0-1.fc41 and librepo-1.20.0-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-fb095dd283
FEDORA-2025-a5e5885906 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-a5e5885906` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-a5e5885906 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-fb095dd283 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-fb095dd283` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-fb095dd283 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-9ae670b810 (dnf5-5.2.15.0-2.fc42 and librepo-1.20.0-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2025-9ae670b810
FEDORA-2025-fdcda3af30 (dnf5-5.2.15.0-2.fc41 and librepo-1.20.0-1.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2025-fdcda3af30
FEDORA-2025-9ae670b810 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-9ae670b810` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-9ae670b810 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-fdcda3af30 has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-fdcda3af30` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-fdcda3af30 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2025-9ae670b810 (dnf5-5.2.15.0-2.fc42 and librepo-1.20.0-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-fdcda3af30 (dnf5-5.2.15.0-2.fc41 and librepo-1.20.0-1.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.