Re: Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
On Sun, 2023-02-19 at 23:04 +, Leigh Scott via rpmfusion-developers wrote: > I don't think a +2 release upgrade is a valid test case, I believe > f37 > is SHA256 signed. > All packages are signed except the packages that are in skip list of mass rebuild for F37 [1] https://github.com/rpmfusion-infra/rpmfusion-tools/blob/master/mass-rebuild.py#L33 > > On 19/02/2023 22:41, Sérgio Basto via rpmfusion-developers wrote: > > Hi, > > > > I spent this weekend understanding why when update my vm to F38 > > branched I got a lot of [1] the key ID d651ff2e is "our" key RPM- > > GPG- > > KEY-rpmfusion-free-fedora-2020 > > > > For an introduction to this topic I recommend this 2 articles [2] . > > > > In resume rpm sign with SHA1 aren't installed in F38 unless we > > change > > the defaul crypto police (update-crypto-policies --set LEGACY) , I > > wrote in > > https://discussion.fedoraproject.org/t/header-v3-rsa-sha1-signature-key-id-d651ff2e-bad/42350/4 > > one solution . > > > > And I have checked all rpmfusion packages with fc36 have SHA1 when > > now > > we need to have SHA256 , ATM I found these 5 packages [3] , which I > > will rebuild it to be signed again or have you other suggestions ? > > > > Best regards, > > > > [3] > > rfpkg-minimal-0.4.2-1.fc36.noarch.rpm > > rpmfusion-free-obsolete-packages-35-1.fc36.noarch.rpm > > wormsofprey-data-20051221-15.fc36.noarch.rpm > > lpf-cleartype-fonts-1.0-3.fc36.noarch.rpm > > lpf-mscore-tahoma-fonts-1.0-3.fc36.noarch.rpm > > > > > > > > > > [1] > > Running transaction check > > error: rpmdbNextIterator: skipping h# 1777 > > Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD > > Header SHA256 digest: OK > > Header SHA1 digest: OK > > > > [2] > > https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/ > > https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 > ___ > rpmfusion-developers mailing list -- > rpmfusion-developers@lists.rpmfusion.org > To unsubscribe send an email to > rpmfusion-developers-le...@lists.rpmfusion.org -- Sérgio M. B. ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
On Sun, Feb 19, 2023 at 11:05 PM Leigh Scott via rpmfusion-developers wrote: > > I don't think a +2 release upgrade is a valid test case, I believe f37 > is SHA256 signed. > Fedora officially supports a +2 release upgrade, and for reasons[0][1], some people only upgrade to N when N-2 is about to go off support, since there is a one month overlap, so some people will want to upgrade from F36 to F38 (more than 2, it is recommended to go in smaller steps). [0] I am guessing they want something approaching stability without being willing to go to the centos level of stability. [1] I might be the exception, but I tend to upgrade a few of my systems to N-next as soon as the beta is released, and the rest of my systems at about the time of the final N compose packages make it to the mirrors, so I don't need to worry about +2 upgrades, only +1 upgrades. ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Re: Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
I don't think a +2 release upgrade is a valid test case, I believe f37 is SHA256 signed. On 19/02/2023 22:41, Sérgio Basto via rpmfusion-developers wrote: Hi, I spent this weekend understanding why when update my vm to F38 branched I got a lot of [1] the key ID d651ff2e is "our" key RPM-GPG- KEY-rpmfusion-free-fedora-2020 For an introduction to this topic I recommend this 2 articles [2] . In resume rpm sign with SHA1 aren't installed in F38 unless we change the defaul crypto police (update-crypto-policies --set LEGACY) , I wrote in https://discussion.fedoraproject.org/t/header-v3-rsa-sha1-signature-key-id-d651ff2e-bad/42350/4 one solution . And I have checked all rpmfusion packages with fc36 have SHA1 when now we need to have SHA256 , ATM I found these 5 packages [3] , which I will rebuild it to be signed again or have you other suggestions ? Best regards, [3] rfpkg-minimal-0.4.2-1.fc36.noarch.rpm rpmfusion-free-obsolete-packages-35-1.fc36.noarch.rpm wormsofprey-data-20051221-15.fc36.noarch.rpm lpf-cleartype-fonts-1.0-3.fc36.noarch.rpm lpf-mscore-tahoma-fonts-1.0-3.fc36.noarch.rpm [1] Running transaction check error: rpmdbNextIterator: skipping h#1777 Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD Header SHA256 digest: OK Header SHA1 digest: OK [2] https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/ https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org
Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD
Hi, I spent this weekend understanding why when update my vm to F38 branched I got a lot of [1] the key ID d651ff2e is "our" key RPM-GPG- KEY-rpmfusion-free-fedora-2020 For an introduction to this topic I recommend this 2 articles [2] . In resume rpm sign with SHA1 aren't installed in F38 unless we change the defaul crypto police (update-crypto-policies --set LEGACY) , I wrote in https://discussion.fedoraproject.org/t/header-v3-rsa-sha1-signature-key-id-d651ff2e-bad/42350/4 one solution . And I have checked all rpmfusion packages with fc36 have SHA1 when now we need to have SHA256 , ATM I found these 5 packages [3] , which I will rebuild it to be signed again or have you other suggestions ? Best regards, [3] rfpkg-minimal-0.4.2-1.fc36.noarch.rpm rpmfusion-free-obsolete-packages-35-1.fc36.noarch.rpm wormsofprey-data-20051221-15.fc36.noarch.rpm lpf-cleartype-fonts-1.0-3.fc36.noarch.rpm lpf-mscore-tahoma-fonts-1.0-3.fc36.noarch.rpm [1] Running transaction check error: rpmdbNextIterator: skipping h#1777 Header V3 RSA/SHA1 Signature, key ID d651ff2e: BAD Header SHA256 digest: OK Header SHA1 digest: OK [2] https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-skipping-in-fedora-38/ https://ask.fedoraproject.org/t/popular-third-party-rpms-fail-to-install-update-remove-due-to-security-policies-verification/31594 -- Sérgio M. B. ___ rpmfusion-developers mailing list -- rpmfusion-developers@lists.rpmfusion.org To unsubscribe send an email to rpmfusion-developers-le...@lists.rpmfusion.org