https://bugs.kde.org/show_bug.cgi?id=448646
Bug ID: 448646 Summary: Discover reports "Bad GPG signature found" where "dnf update" succeeds Product: Discover Version: 5.23.4 Platform: Fedora RPMs OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: PackageKit Assignee: lei...@leinir.dk Reporter: dennis.schri...@freiheit.com CC: aleix...@kde.org Target Milestone: --- SUMMARY When trying to "Update All", Discover reports: > Update Issue > > Bad GPG signature found: > > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm > could not be verified. > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm: > digest: SIGNATURE: NOT OK > > Please report this issue to the packagers of your distribution. But at the same time, `dnf update` succeeds without even mentioning a problem. STEPS TO REPRODUCE 1. Click "Update All" in Discover 2. Get "Bad GPG signature found" error message 3. On a terminal type `sudo dnf update` 4. See that the update is installed successfully without even so much as a warning. OBSERVED RESULT > Update Issue > > Bad GPG signature found: > > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm > could not be verified. > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm: > digest: SIGNATURE: NOT OK > > Please report this issue to the packagers of your distribution. EXPECTED RESULT Update installs fine just like with `dnf update`, because it uses the same source of trust as `dnf`. Or, if it really has to use a separate source of trust, Discover offers to import a GPG key. SOFTWARE/OS VERSIONS Operating System: Fedora Linux 35 KDE Plasma Version: 5.23.4 KDE Frameworks Version: 5.89.0 Qt Version: 5.15.2 Kernel Version: 5.15.13-200.fc35.x86_64 (64-bit) Graphics Platform: Wayland Processors: 12 × Intel® Core™ i7-8750H CPU @ 2.20GHz Memory: 62,5 GiB of RAM Graphics Processor: Mesa Intel® UHD Graphics 630 ADDITIONAL INFORMATION -- You are receiving this mail because: You are watching all bug changes.