Installation GPG error on Fedora 38

[farlies]

Description

Failure to install or upgrade Brave browser on Fedora 38.

Steps to Reproduce

Per installation instructions...

1. dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo
2. rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
3. dnf install brave-browser-beta

Actual result:

All goes well until the final step, then:

error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>):
  Certificate 0BB75829C2D4E821 invalid: policy violation
      because: No binding signature at time 2023-05-09T19:32:44Z

Expected result:

Installation of brave-browser-1.51.114-1.x86_64

Reproduces how often:

Reliably reproduced on two different Fedora 38 desktop systems.

Version/Channel Information:

On the Beta channel I see:

Error: GPG check FAILED

Miscellaneous Information:

In /var/log/dnf.log:

2023-05-12T11:42:09-0500 SUBDEBUG 
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 67, in main
    return _main(base, args, cli_class, option_parser_class)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 106, in _main
    return cli_run(cli, base)
           ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 130, in cli_run
    ret = resolving(cli, base)
          ^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/site-packages/dnf/cli/main.py", line 176, in resolving
    base.do_transaction(display=displays)
  File "/usr/lib/python3.11/site-packages/dnf/cli/cli.py", line 238, in do_transaction
    self.gpgsigcheck(install_pkgs)
  File "/usr/lib/python3.11/site-packages/dnf/cli/cli.py", line 305, in gpgsigcheck
    raise dnf.exceptions.Error(_("GPG check FAILED"))
dnf.exceptions.Error: GPG check FAILED

[ciro-mota]

Same problem here on F38.

sudo rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep Brave :

gpg-pubkey-c2d4e821-5bc51032 Brave Software <support@brave.com> public key

[odinfox]

Also got Error: GPG check FAILED on Fedora38

[mminderbinder]

I'm encountering the same error on F38.

[vicjonesold]

I'm also getting this on F38 ARM64

[ronbarbosa]

Same. F38 x86_64

[ShintoPlasm]

Same on a brand new F38 Workstation install.

[aneeshlingala]

Same here on a Fedora 38 KDE install. Flatpak works fine.

[mkiser11]

Same, clean F38 install.

[logg-sar]

Hi there

you can add
gpgcheck=1
repo_gpgcheck=1
to /etc/yum.repos.d/brave-browser.repo

The installation will work, but the better solution is that brave should fix the certificates....

[odinfox]

This still not working
Error: Failed to download metadata for repo 'brave-browser': repomd.xml GPG signature verification error: Bad GPG signature

[pghpete]

To add to this issue, here is the output while trying to install the brave-browser package 1.51.114-1 and the brave-keyring package 1.10-1

error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): Certificate 0BB75829C2D4E821 invalid: policy violation because: No binding signature at time 2023-05-09T19:32:44Z
error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): Certificate 0BB75829C2D4E821 invalid: policy violation because: No binding signature at time 2023-05-09T19:32:46Z
error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): Certificate 0BB75829C2D4E821 invalid: policy violation because: No binding signature at time 2022-05-18T19:56:23Z
error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): Certificate 0BB75829C2D4E821 invalid: policy violation because: No binding signature at time 2022-05-18T19:56:28Z

Problem opening package brave-browser-1.51.114-1.x86_64.rpm Problem opening package brave-keyring-1.10-1.noarch.rpm
Error: GPG check FAILED

[FahimShahriar-Sulfuric]

Same issue here!

[kiloPause]

same

[joewood9364]

Same issue

[JOduMonT]

same

[JOduMonT]

able to install the beta version
don't work with the stable version

[Abdelkader-gnichi]

Same here with F38

[jschuhmann47]

Same here

[marcthestrong]

This is on a fresh F38 install. No luck with disabling gpg and repo check in /etc/yum.repos.d/brave-browser.repo.

Running transaction test RPM: error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): RPM: Certificate 0BB75829C2D4E821 invalid: policy violation RPM: because: No binding signature at time 2022-05-18T19:56:23Z RPM: error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): RPM: Certificate 0BB75829C2D4E821 invalid: policy violation RPM: because: No binding signature at time 2022-05-18T19:56:28Z RPM: error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): RPM: Certificate 0BB75829C2D4E821 invalid: policy violation RPM: because: No binding signature at time 2023-05-09T19:32:44Z RPM: error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>): RPM: Certificate 0BB75829C2D4E821 invalid: policy violation RPM: because: No binding signature at time 2023-05-09T19:32:46Z The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: Transaction test error: package brave-keyring-1.10-1.noarch does not verify: Header V4 RSA/SHA512 Signature, key ID 82d3dc6c: BAD package brave-browser-1.51.114-1.x86_64 does not verify: Header V4 RSA/SHA512 Signature, key ID 82d3dc6c: BAD

[msmafra]

I'm also on a Fedora 38 fresh installation. I was using the Flatpak version, as it's not official, decide to go back to the RPM one. Beta Channel works, but the Release Channel doesn't.

[marcthestrong]

Im surprised that the release channel is still broken. Its been a few days

[samy-k97]

Guys a new release version of the browser and keyring has been released. And I've been able to install Brave after these issues.

[msmafra]

It worked. Thanks!

[Abdelkader-gnichi]

for me when i try to upgrade my system the gpg error still appearing in my terminal and i can't upgrade the system.

[FahimShahriar-Sulfuric]

It's working now. Thanks to Brave team. Cheers!

[farlies]

Working here too. Beyond 'dnf clean packages' I found I needed to remove the gpg key and generally uninstall everything Brave. (Seems like all automatic updates were being blocked by this issue?) After a general upgrade, I was able to reinstall Brave release with version 1.51.118.

[msmafra]

Using DNF5 was not necessary to do anything else than just sudo/doas dnf5 install brave-browser

[buhosiliscodirococo]

man, I'm really exhausted with this browser. I don't want to deal with Brave anymore, I'm getting the browser unusable every week.
Today I made a fool of myself with a client, to whom I needed to show things in the middle of a restaurant.
Now instead of sleeping after an exhausting day I've been trying for hours to remove it from my system (fedora 38) and it's fucking me with a damn digital certificate, I literally do nothing, even when I updated I applied 'exclude=brave-browser' because I was afraid to update.
But I don't want to know about this cancerous browser anymore, sorry but the nickname deserves it, at least with such instability and bugs and all that crap it brought me in my workspace. I will backup the bookmarks and somehow delete this and then go back to the glorious Firefox.

[ciro-mota]

The steps for me were:

sudo dnf remove brave-browser
sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
sudo dnf install brave-browser

It was only by following these steps that I was able to install the new update and not lose any settings previously made in the browser.

[pghpete]

Why does this continue to happen? Every time brave is updated manual steps should not be needed on the users end of things.

[farlies]

Yup, pghpete, it once happened again here. ciro-mota's 3-step solution works, but...ugh. Worst part is that it quietly blocks automatic updates for the whole OS (dnf-automatic). Love both the browser and the distro--why must they fight? Someone not already suffering high blood pressure should perhaps open a slightly broader issue, and cite this one.