Greetings,
I've been unable to import public GPG keys in Fedora 38. Example attempts:
$ sudo rpm --import https://dl.google.com/linux/linux_signing_key.pub [sudo] password for scott: error: Certificate A040830F7FAC5991: Policy rejects A040830F7FAC5991: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 1 import failed. error: Certificate 7721F63BD38B4796: Policy rejects 7721F63BD38B4796: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 2 import failed.
AND
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc error: Certificate EB3E94ADBE1229CF: Policy rejects EB3E94ADBE1229CF: No binding signature at time 2023-02-15T15:32:55Z error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import failed.
I'm not sure what the problem is. It's not been an issue in Fedora 37.
Scott
On Wed, Feb 15, 2023 at 07:41:47AM -0800, Scott Beamer wrote:
Greetings,
I've been unable to import public GPG keys in Fedora 38. Example attempts:
$ sudo rpm --import https://dl.google.com/linux/linux_signing_key.pub [sudo] password for scott: error: Certificate A040830F7FAC5991: Policy rejects A040830F7FAC5991: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 1 import failed. error: Certificate 7721F63BD38B4796: Policy rejects 7721F63BD38B4796: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 2 import failed.
AND
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc error: Certificate EB3E94ADBE1229CF: Policy rejects EB3E94ADBE1229CF: No binding signature at time 2023-02-15T15:32:55Z error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import failed.
I'm not sure what the problem is. It's not been an issue in Fedora 37.
It's likely the crypto-policy disallowing SHA-1.
See:
https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-ski...
https://ask.fedoraproject.org/t/certain-third-party-rpms-fail-to-install-upd...
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
kevin
On 2/15/2023 11:35 AM, Kevin Fenzi wrote:
On Wed, Feb 15, 2023 at 07:41:47AM -0800, Scott Beamer wrote:
Greetings,
I've been unable to import public GPG keys in Fedora 38. Example attempts:
$ sudo rpm --import https://dl.google.com/linux/linux_signing_key.pub [sudo] password for scott: error: Certificate A040830F7FAC5991: Policy rejects A040830F7FAC5991: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 1 import failed. error: Certificate 7721F63BD38B4796: Policy rejects 7721F63BD38B4796: No binding signature at time 2023-02-15T15:31:30Z error: https://dl.google.com/linux/linux_signing_key.pub: key 2 import failed.
AND
$ sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc error: Certificate EB3E94ADBE1229CF: Policy rejects EB3E94ADBE1229CF: No binding signature at time 2023-02-15T15:32:55Z error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import failed.
I'm not sure what the problem is. It's not been an issue in Fedora 37.
It's likely the crypto-policy disallowing SHA-1.
See:
https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-ski...
https://ask.fedoraproject.org/t/certain-third-party-rpms-fail-to-install-upd...
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
kevin
Yep. Lovely. Getting Microsoft and Google to fix this should be easy (ok, not really).
Thanks.
Scott
On Wed, Feb 15, 2023 at 01:23:13PM -0800, Scott Beamer wrote:
Yep. Lovely. Getting Microsoft and Google to fix this should be easy (ok, not really).
I read somewhere that google has already updated things internally, it's just going thru some process to publish. (I can't recall where off hand).
kevin