cran2copr icon indicating copy to clipboard operation
cran2copr copied to clipboard
verified publisher icon cran4linux

GPG error on update

Open bshor opened this issue 1 year ago • 2 comments

Hello, I'm running a variant of Fedora 40 (Nobara). cran2copr has worked amazingly for me so far.

But today, I am getting a GPG error in the system updater while trying to update cran-tm.

Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  1. Certificate 9D60CBB71A3B4456 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2024-08-13T00:46:08Z
  2. Key 9D60CBB71A3B4456 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2024-08-13T00:46:08Z
error: Verifying a signature using certificate 3124D2EF76DA4D972F6BE4AC9D60CBB71A3B4456 (iucar_cran (None) <iucar#[email protected]>):
  1. Certificate 9D60CBB71A3B4456 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2024-08-13T00:46:08Z
  2. Key 9D60CBB71A3B4456 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2024-08-13T00:46:08Z
Copr repo for cran owned by iucar                                                            57 kB/s | 985  B     00:00    
GPG key at https://download.copr.fedorainfracloud.org/results/iucar/cran/pubkey.gpg (0x1A3B4456) is already installed
The GPG keys listed for the "Copr repo for cran owned by iucar" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: R-CRAN-tm-0.7.14-1.fc40.copr7906035.x86_64
 GPG Keys are configured as: https://download.copr.fedorainfracloud.org/results/iucar/cran/pubkey.gpg
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

This is a problem for updating R packages, but it's also stopping me from updating my system as a whole!

In any case, would be happy to troubleshoot, let me know what info you need. Thanks!

bshor avatar Aug 14 '24 15:08 bshor

Apparently this is an open issue, see https://github.com/fedora-copr/copr/issues/2894

For now, the workaround is to manually drop the old key and import the new one. In our case:

# drop the old key
sudo rpm -e gpg-pubkey-1a3b4456-5d54ab50
# install the prolonged one
sudo rpm --import https://download.copr.fedorainfracloud.org/results/iucar/cran/pubkey.gpg

Let's keep this issue open for visibility, because other users will hit the same wall.

Enchufa2 avatar Aug 14 '24 19:08 Enchufa2

This worked! Agreed on keeping it open.

bshor avatar Aug 14 '24 20:08 bshor

It seems that this is fixed in dnf4 (via --enableplugin=expired-pgp-keys) and dnf5 (default), so closing here.

Enchufa2 avatar Apr 21 '25 11:04 Enchufa2