search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
534 stars 46 forks source link

qubes-contrib-dom0-r4.0-current-testing: Error while verifying signature #5842

Open w1k1n9cc opened 4 years ago

w1k1n9cc commented 4 years ago

Qubes OS version R4.0

Affected component(s) or functionality Whole qubes-contrib-dom0-r4.0-current-testing repo is affected.

Brief summary

sudo qubes-dom0-update --enablerepo=qubes-contrib-dom0-r4.0-current-testing i3-gaps                                                                                                             7s  ~ 
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time...
Last metadata expiration check: 12:45:33 ago on Fri May 22 23:49:16 2020.
Dependencies resolved.
==============================================================================================
 Package             Arch    Version            Repository                                Size
==============================================================================================
Installing:
 i3-gaps             x86_64  1000:4.18.1-1.fc25 qubes-contrib-dom0-r4.0-current-testing  325 k
Installing dependencies:
 xorg-x11-xbitmaps   noarch  1.1.1-9.fc24       fedora                                    41 k
Installing weak dependencies:
 rxvt-unicode        x86_64  9.22-2.fc25        fedora                                   746 k
 xorg-x11-apps       x86_64  7.7-15.fc24        fedora                                   320 k
Removing dependent packages:
 i3                  x86_64  1000:4.17.1-2.fc25 @System                                  924 k

Transaction Summary
==============================================================================================
Install  4 Packages
Remove   1 Package

Total size: 1.4 M
DNF will only download packages for the transaction.
Downloading Packages:
[SKIPPED] rxvt-unicode-9.22-2.fc25.x86_64.rpm: Already downloaded              
[SKIPPED] xorg-x11-apps-7.7-15.fc24.x86_64.rpm: Already downloaded             
[SKIPPED] xorg-x11-xbitmaps-1.1.1-9.fc24.noarch.rpm: Already downloaded        
[SKIPPED] i3-gaps-4.18.1-1.fc25.x86_64.rpm: Already downloaded                 
warning: /var/lib/qubes/dom0-updates/var/cache/yum/x86_64/4.0/qubes-contrib-dom0-r4.0-current-testing-8801c9554e16b90e/packages/i3-gaps-4.18.1-1.fc25.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID d0941e87: NOKEY
Qubes OS Contrib Repository for dom0 (updates-t 1.7 MB/s | 1.7 kB     00:00    
Importing GPG key 0xD0941E87:
 Userid     : "Qubes OS Contrib Release 4 Signing Key"
 Fingerprint: 04A8 F986 B97F BCB8 38F0 8C30 5FE4 986A D094 1E87
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-contrib-fedora
Key imported successfully
Complete!
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
*** ERROR while receiving updates:
Error while verifing i3-gaps-4.18.1-1.fc25.x86_64.rpm signature: /var/lib/qubes/updates/rpm/i3-gaps-4.18.1-1.fc25.x86_64.rpm: (RSA) sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: RSA#d0941e87 (MD5) PGP#d0941e87) 

--> if you want to use packages that were downloaded correctly, use dnf directly now

To Reproduce Steps to reproduce the behavior:

  1. Install qubes-repo-contrib in dom0 
    sudo qubes-dom0-update qubes-repo-contrib
  2. Install qubes-repo-contrib in UpdateVM (sys-firewall) for gpg keys 
    sudo dnf install qubes-repo-contrib
  3. Try to install any package in dom0 (i3-gaps, rpfi or polybar) 
    sudo qubes-dom0-update --enablerepo=qubes-contrib-dom0-r4.0-current-testing i3-gaps
  4. Error message from above

Expected behavior Install package as usual.

Actual behavior Error occurs.

Additional context Also occurs for another person. I know the packages are in testing but the gpg signature should be correct and I think that the packages are actual signed with the wrong key.

ghost commented 4 years ago

Hi, I can confirm too.

marmarek commented 4 years ago

Looks like something went wrong during key import. You can do that manually:

sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-4-contrib-fedora
w1k1n9cc commented 4 years ago

Thank you, now it works. Is this error correlated to the contrib package or have I to import the key always manual?

P.S.: I think their is a mistake

Error while verifing

should be

Error while verifying
fepitre commented 4 years ago

On 2020-05-23 15:58, w1k1n9cc wrote:

Thank you, now it works. Is this error correlated to the package or have I to import the key always manual?

It's related to the meta-package defining the QubesOS-contrib repository, not the package you are installing.

P.S.: I think their is a mistake

|Error while verifing |

should be

|Error while verifying |

Yes it's a typo.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/QubesOS/qubes-issues/issues/5842#issuecomment-633059033, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGHKKJ6C3ISUPDWB3CTU3RDRS7JAFANCNFSM4NIMS4LA.

w1k1n9cc commented 4 years ago

It's related to the meta-package defining the QubesOS-contrib repository, not the package you are installing.

This was what I mean. I don't know if this can be fixed. I didn't build such repo packages yet myself.

fepitre commented 4 years ago

It can as you install QubesOS packages :)