When I ‘dnf -y update’ it downloads all the packages, but at the end crashes with this error message:
Importing OpenPGP key 0x7FAC5991:
UserID : “Google, Inc. Linux Package Signing Key linux-packages-keymaster@google.com“
Fingerprint: 4CCA1EAF950CEE4AB83976DCA040830F7FAC5991
From : https://dl.google.com/linux/linux_signing_key.pub
The key was successfully imported.
Importing OpenPGP key 0xD38B4796:
UserID : “Google Inc. (Linux Packages Signing Authority) linux-packages-keymaster@google.com“
Fingerprint: EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796
From : https://dl.google.com/linux/linux_signing_key.pub
The key was successfully imported.
Transaction failed: Signature verification failed.
OpenPGP check for package “google-chrome-stable-134.0.6998.35-1.x86_64” (/var/cache/libdnf5/google-chrome-6ed7e4f336f6863c/packages/google-chrome-stable-134.0.6998.35-1.x86_64.rpm) from repo “google-chrome” has failed: Import of the key didn’t help, wrong key?
Any idea how to tell it to ignore this and just do the other updates? I don’t see any obvious options on “dnf update.”
Thanks for the advice in comments. Unfortunately, I can’t deal with it until I get back from a trip on Friday.
dnf’s “–nogpgcheck” flag should get it to ignore the error, but that’s not necessarily the best idea, security-wise. I’d try running a “dnf clean all”, then manually remove and re-add the google-chrome repo that appears to be giving you the problem.
How does one remove and add a repo?
Try the manual key installation here first: https://www.google.com/linuxrepositories/
root@LinuxDesktop:~# wget https://dl.google.com/linux/linux_signing_key.pub
Saving ‘linux_signing_key.pub’
HTTP response 200 [https://dl.google.com/linux/linux_signing_key.pub]
linux_signing_key.pu 100% [=============================>] 18.67K –.-KB/s
[Files: 1 Bytes: 18.67K [78.48]
root@LinuxDesktop:~# rpm –import linux_signing_key.pub
warning: Certificate A040830F7FAC5991:
Policy rejects subkey 4F30B6B4C07CB649: Policy rejected asymmetric algorithm
warning: Certificate 7721F63BD38B4796:
Subkey 4EB27DB2A3B88B8B is expired: The subkey is not live
Subkey 1397BC53640DB551 is expired: The subkey is not live
Subkey 78BD65473CB3BD13 is expired: The subkey is not live
Subkey 6494C6D6997C215E is expired: The subkey is not live
root@LinuxDesktop:~# diff < (gpg --show-keys <(sudo rpm -qi gpg-pubkey-7fac5991-* gpg-pubkey-d38b4796-*) 2> /dev/null) \
< (gpg --show-keys linux_signing_key.pub) > /dev/null \
&& echo “Import successful” || echo “Import failed”
Import failed
root@LinuxDesktop:~# rpm -e gpg-pubkey-7fac5991-* gpg-pubkey-d38b4796-*
root@LinuxDesktop:~# rpm –import linux_signing_key.pub
warning: Certificate A040830F7FAC5991:
Policy rejects subkey 4F30B6B4C07CB649: Policy rejected asymmetric algorithm
warning: Certificate 7721F63BD38B4796:
Subkey 4EB27DB2A3B88B8B is expired: The subkey is not live
Subkey 1397BC53640DB551 is expired: The subkey is not live
Subkey 78BD65473CB3BD13 is expired: The subkey is not live
Subkey 6494C6D6997C215E is expired: The subkey is not live
Now what?
Remove file
/etc/dnf/libdnf5-plugins/expired-pgp-keys.conf
Reinstall
libdnf5-plugin-expired-pgp-keys
From this.
https://discussion.fedoraproject.org/t/cant-update-expired-pgp-keys-conf/146709