Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fedora repository GPG key concerns #210

Closed
jkpl opened this issue May 23, 2016 · 15 comments
Closed

Fedora repository GPG key concerns #210

jkpl opened this issue May 23, 2016 · 15 comments
Assignees
@Anturix
Labels
documentation change Fedora akmods released repo

Comments

@jkpl
Copy link

jkpl commented May 23, 2016

Hi, thanks for the awesome tools! I'm concerned about the GPG key that you use for the Fedora repository. First of all, the appears to be expired:

$ curl -sL 'http://repo.linrunner.de/fedora/tlp/repos/RPM-GPG-KEY-tlp' | gpg --with-fingerprint
pub  dsa1024/C2FB431C 2012-04-16 [expires: 2013-04-16]
      Key fingerprint = 8AD5 9D64 3341 C382 1333  3FBD C89A 1C1A C2FB 431C
uid                   Andreas Roederer (tlp Repository) <tlp@warpnine.de>
sub  elg1024/00C9A31B 2012-04-16 [expires: 2013-04-16]

Second, I could not find the key on any key servers I looked.

$ gpg --keyserver hkp://pool.sks-keyservers.net --search-key 'tlp@warpnine.de'
gpg: error searching keyserver: No data
gpg: keyserver search failed: No data

Also, I could not find any mention of the key or its fingerprint anywhere outside the repository.
@linrunner
Copy link
Owner

linrunner commented May 25, 2016
edited

Hi,

thanks for your hint. The Fedora repo maintainer will look into that.

@linrunner linrunner added the repo label May 25, 2016
@linrunner
Copy link
Owner

  1. Key is no longer expired, please re-check.
  2. No solution yet.

@jkpl
Copy link
Author

jkpl commented May 27, 2016

Verified that key the key is no longer expired.

$ curl -sL 'http://repo.linrunner.de/fedora/tlp/repos/RPM-GPG-KEY-tlp' | gpg2 --with-fingerprint
pub  1024D/C2FB431C 2012-04-16 [expires: 2017-07-13]
      Key fingerprint = 8AD5 9D64 3341 C382 1333  3FBD C89A 1C1A C2FB 431C
uid                            Andreas Roederer (tlp Repository) <tlp@warpnine.de>
sub  1024g/00C9A31B 2012-04-16 [expires: 2017-07-13]

@linrunner linrunner self-assigned this Jan 19, 2017
@stefangweichinger
Copy link

I also have problems updating tlp-packages with current Fedora 26.

Importing GPG key 0xC2FB431C:
 Userid  Warnung: /var/cache/dnf/tlp-fc68e1be389b3a64/packages/akmod-tp_smapi-0.42-3.fc26.x86_64.rpm: Header V4 RSA/SHA256 Signature, Schlüssel-ID 1482d93f: NOKEY
Importing GPG key 0xC2FB431C:
 Userid     : "Andreas Roederer (tlp Repository) <tlp@warpnine.de>"
 Fingerprint: 8AD5 9D64 3341 C382 1333 3FBD C89A 1C1A C2FB 431C
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-tlp
Ist dies in Ordnung? [j/N]:j
Schlüssel erfolgreich importiert
Importieren der Schlüssel hat nicht geholfen, falsche Schlüssel?
Importieren der Schlüssel hat nicht geholfen, falsche Schlüssel?



Öffentlicher Schlüssel für akmod-tp_smapi-0.42-3.fc26.x86_64.rpm ist nicht installiertFehlgeschlagenes Paket ist: akmod-tp_smapi-0.42-3.fc26.x86_64
 GPG-Schlüssel sind eingerichtet als: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp




Öffentlicher Schlüssel für tp_smapi-0.42-3.fc26.noarch.rpm ist nicht installiertFehlgeschlagenes Paket ist: tp_smapi-0.42-3.fc26.noarch
 GPG-Schlüssel sind eingerichtet als: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp   : "Andreas Roederer (tlp Repository) <tlp@warpnine.de>"
 Fingerprint: 8AD5 9D64 3341 C382 1333 3FBD C89A 1C1A C2FB 431C
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-tlp
Ist dies in Ordnung? [j/N]:j
Schlüssel erfolgreich importiert
Importieren der Schlüssel hat nicht geholfen, falsche Schlüssel?
Importieren der Schlüssel hat nicht geholfen, falsche Schlüssel?



Öffentlicher Schlüssel für akmod-tp_smapi-0.42-3.fc26.x86_64.rpm ist nicht installiertFehlgeschlagenes Paket ist: akmod-tp_smapi-0.42-3.fc26.x86_64
 GPG-Schlüssel sind eingerichtet als: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp




Öffentlicher Schlüssel für tp_smapi-0.42-3.fc26.noarch.rpm ist nicht installiertFehlgeschlagenes Paket ist: tp_smapi-0.42-3.fc26.noarch
 GPG-Schlüssel sind eingerichtet als: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp

@runcom
Copy link

runcom commented Aug 21, 2017

Fedora 26 failing indeed:

warning: /var/cache/dnf/tlp-fc68e1be389b3a64/packages/tlp-release-1.0.8-1.fc26.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 1482d93f: NOKEY
Importing GPG key 0xC2FB431C:
 Userid     : "Andreas Roederer (tlp Repository) <tlp@warpnine.de>"
 Fingerprint: 8AD5 9D64 3341 C382 1333 3FBD C89A 1C1A C2FB 431C
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-tlp
Is this ok [y/N]: y
Key imported successfully
Import of key(s) didn't help, wrong key(s)?



Public key for tlp-release-1.0.8-1.fc26.noarch.rpm is not installedFailing package is: tlp-release-1.0.8-1.fc26.noarch
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp

The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

@sabotatore
Copy link

I have the same issue on Fedora 26.

@cunio
Copy link

cunio commented Aug 21, 2017

I'm confirming last issues on Fedora 26

@Anturix
Copy link

Anturix commented Aug 21, 2017

You can safely import the right key manually.
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-tlp-fedora-26-primary

After that, please check your /etc/yum.repos.d/tlp*.repo files. You are using the old ones.

Explanation. I have replaced the old signature key with a new one.

OR use:
dnf remove tlp-release
dnf install http://repo.linrunner.de/fedora/tlp/repos/releases/tlp-release.fc26.noarch.rpm

@stefangweichinger
Copy link

2nd suggestion worked for me right now, thanks. Will repeat on other systems asap.

@linrunner
Copy link
Owner

Right. For F26 you have to install a new repo key. I added this to Installation/Fedora.

@linrunner linrunner mentioned this issue Aug 22, 2017
Closed
@andypillip
Copy link

I'm on F28 and getting the warning about the key, which seems to be a new one now:

Warnung: /var/cache/dnf/tlp-65642a015776da19/packages/akmod-tp_smapi-0.43-1.fc28.x86_64.rpm: Header V4 RSA/SHA256 Signature, Schlüssel-ID 1a853c73: NOKEY
Importing GPG key 0x1A853C73:
Userid : "TLP Repository for Fedora (28) tlp@warpnine.de"
Fingerprint: C807 AEB6 3DD0 4587 E695 9DD2 455A 80BA 1A85 3C73
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-tlp-28

I don't find the fingerprint anywhere.

@inhumantsar
Copy link

@andypillip I ran into this issue on FC28 as well. Running the remove/install again worked:

dnf remove tlp-release
dnf install http://repo.linrunner.de/fedora/tlp/repos/releases/tlp-release.fc28.noarch.rpm

@linrunner
Copy link
Owner

Signature fingerprints are documented here now: https://linrunner.de/en/tlp/docs/tlp-fedora-repo-keys.html

@andypillip
Copy link

Hi again. Would you mind having a look at this fingerprint mismatch issue?

https://www.linrunner.de/tlp/installation/fedora.html
lists the fingerprint for Fedora 33 as follows

1E4F 2F53 A348 6025 FC4E FD86 7704 0BAF FA30 D1C8

If I follow the instructions above on that page, and when updating to Fedora 33, I'm getting the following:

0D3C F36C EB28 B582 D6DE F296 82B6 D96F 1381 B02A

Why is that? Thanks!

@linrunner linrunner assigned Anturix and unassigned linrunner Oct 30, 2020
@Anturix
Copy link

Anturix commented Oct 30, 2020

Moin

Thank you for the info.

"0D3C F36C EB28 B582 D6DE F296 82B6 D96F 1381 B02A" is the correct Fingerprint for the F33 Key.

"1E4F 2F53 A348 6025 FC4E FD86 7704 0BAF FA30 D1C8" is the correct Fingerprint for the F34 Key.

Update to the doc follows soon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Anturix Anturix

Labels
documentation change Fedora akmods released repo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@sabotatore @inhumantsar @linrunner @cunio @runcom @jkpl @andypillip @stefangweichinger @Anturix