Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrong GPG keys #27

Closed
devpaps opened this issue Mar 5, 2024 · 4 comments
Closed

Wrong GPG keys #27

devpaps opened this issue Mar 5, 2024 · 4 comments

Comments

@devpaps
Copy link

devpaps commented Mar 5, 2024

Problem

I tried to run sudo dnf update then at the end of the update i can see this message:

`error: Verifying a signature using certificate 02AE53EC1C2A0A75EFE90FA529F10B45453D6413 (agriffis_neovim-nightly (None) agriffis#neovim-nightly@copr.fedorahosted.org):

  1. Certificiate 29F10B45453D6413 invalid: certificate is not alive
    because: The primary key is not live
    because: Expired on 2024-02-29T15:55:37Z
  2. Key 29F10B45453D6413 invalid: key is not alive
    because: The primary key is not live
    because: Expired on 2024-02-29T15:55:37Z
    error: Verifying a signature using certificate 02AE53EC1C2A0A75EFE90FA529F10B45453D6413 (agriffis_neovim-nightly (None) agriffis#neovim-nightly@copr.fedorahosted.org):
  3. Certificiate 29F10B45453D6413 invalid: certificate is not alive
    because: The primary key is not live
    because: Expired on 2024-02-29T15:55:37Z
  4. Key 29F10B45453D6413 invalid: key is not alive
    because: The primary key is not live
    because: Expired on 2024-02-29T15:55:37Z
    Copr repo for neovim-nightly owned by agriffis 22 kB/s | 1.0 kB 00:00
    GPG key at https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg (0x453D6413) is already installed
    The GPG keys listed for the "Copr repo for neovim-nightly owned by agriffis" repository are already installed but they are not correct for this package.
    Check that the correct key URLs are configured for this repository.. Failing package is: neovim-0.10.0~dev.2507.g3df1211eb-1.fc39.x86_64
    GPG Keys are configured as: https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg
    The downloaded packages were saved in cache until the next successful transaction.
    You can remove cached packages by executing 'dnf clean packages'.
    Error: GPG check FAILED`

I checked that my system has the correct GPG key for the package by looking in my repository package file. First i run this command: cat /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:agriffis:neovim-nightly.repo then this is the content:

[copr:copr.fedorainfracloud.org:agriffis:neovim-nightly]
name=Copr repo for neovim-nightly owned by agriffis
baseurl=https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/fedora-$releasever-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1

This in uncharted ground for me, but it seems that i can't do anything from my side. It seems that the GPG key is expired as i can read in the error, because: Expired on 2024-02-29T15:55:37Z? But maybe there is an easy fix for this, but i never had this kind of problem before. 😄

Thank you for your time on this project. 👍🏻 Really appreciate it!

Steps to reproduce

Run sudo dnf update in Fedora 39.

Expected behavior

Be able to update the package.

Neovim version (nvim -v)

v0.10.0-dev+2384-g848fc8ede

Vim (not Nvim) behaves the same?

Operating system/version

Fedora 39

Terminal name/version

Kitty 0.31

$TERM environment variable

xterm-kitty

Installation

copr

@agriffis
Copy link
Owner

agriffis commented Mar 5, 2024

Hmm, this is working for me on F39. The gpg key is supplied by COPR, and doesn't expire until 2028.

It seems like you're hitting some other cert, also supplied by COPR, that expired a few days ago. But I don't know what it is.

There's a Matrix channel for Fedora COPR and infra. You might want to ask there, and let me know if you find something I should change on my end.

@devpaps
Copy link
Author

devpaps commented Mar 6, 2024

Thank you @agriffis ! I've asked for some support on the Fedora Build System Matrix channel. I'll keep you noted.

@devpaps
Copy link
Author

devpaps commented Mar 6, 2024

@agriffis I found the solution for it. It is most likely that something happened with the GPG key when i upgraded to F39 sometime ago (i usually don't work on this laptop).

This is the steps i did:

  1. Run sudo dnf clean all to remove cache and start fresh
  2. Locate the GPG Id for your package: sudo rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n" gpg-pubkey
  3. Remove it: sudo rpm -e gpg-pubkey-{id}
  4. Add the new one: rpm --import https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg
  5. Run sudo dnf update
  6. Done 🙂

For reference this is where if found a similar issue: https://www.reddit.com/r/Fedora/comments/181omz0/how_to_fix_expired_gpg_keys_on_old_copr_repos/

I'll make an update on the Matrix channel as well. Feel free to close this issue. 👍🏻

Edit: i got this great reference for the same issue on the Matrix channel: rpm-software-management/dnf5#1192

@agriffis
Copy link
Owner

agriffis commented Mar 6, 2024

@devpaps Thank you! That will be a big help to anyone else who runs into this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants