Can't install python3-neovim on F38 because something is making it choose the old build with same nevra

[jn64]

Note: I initially posted this as a reply on #18, but it seems to be a different problem (or perhaps the same problem presenting in a different way after the related rpm/crypto updates). It is not the toolbox issue mentioned in https://github.com/agriffis/neovim/issues/18#issuecomment-1490016038; my F38 toolbox image is newer than the fixed one, and the problem happens both in and outside toolbox.

Problem

Installing python3-neovim from this Copr results in a "GPG check FAILED" error:

$ sudo dnf in python3-neovim
Copr repo for neovim-nightly owned by agriffis                            17 kB/s |  26 kB     00:01    

[...]

Importing GPG key 0x453D6413:
 Userid     : "agriffis_neovim-nightly (None) <agriffis#neovim-nightly@copr.fedorahosted.org>"
 Fingerprint: 02AE 53EC 1C2A 0A75 EFE9 0FA5 29F1 0B45 453D 6413
 From       : https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg
Is this ok [y/N]: y
Key imported successfully

[...]

error: Verifying a signature using certificate 02AE53EC1C2A0A75EFE90FA529F10B45453D6413 (agriffis_neovim-nightly (None) <agriffis#neovim-nightly@copr.fedorahosted.org>):
  Certificate 29F10B45453D6413 invalid: policy violation
      because: No binding signature at time 2022-08-25T12:48:13Z
Import of key(s) didn't help, wrong key(s)?
Problem opening package python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch.rpm. Failing package is: python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch
 GPG Keys are configured as: https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/pubkey.gpg
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

The clue is in the line No binding signature at time 2022-08-25T12:48:13Z.

There are 2 builds with identical nevra python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch

1. Build 04765755 from 2022-08-25 (this is from rawhide before F38 branched)
2. Build 05726828 from 2023-03-29

Installing the older build 04765755 directly via URL fails with the same error:

$ sudo dnf in https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/fedora-38-x86_64/04765755-python-neovim/python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch.rpm

[...]

RPM: error: Verifying a signature using certificate 02AE53EC1C2A0A75EFE90FA529F10B45453D6413 (agriffis_neovim-nightly (None) <agriffis#neovim-nightly@copr.fedorahosted.org>):
RPM:   Certificate 29F10B45453D6413 invalid: policy violation
RPM:       because: No binding signature at time 2022-08-25T12:48:13Z
Error: Transaction test error:
  package python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch does not verify: Header V3 RSA/SHA256 Signature, key ID 453d6413: BAD

Installing the newer build 05726828 works!

$ sudo dnf in https://download.copr.fedorainfracloud.org/results/agriffis/neovim-nightly/fedora-38-x86_64/05726828-python-neovim/python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch.rpm

[...]

Installed:
  python3-greenlet-1.1.3-2.fc38.x86_64                        python3-msgpack-1.0.4-4.fc38.x86_64       
  python3-neovim-0.4.3.0.git.601.71102c0-1.fc38.noarch       

Complete!

So, for unknown reasons between dnf and Copr, I'm receiving the older build when I ask for python3-neovim.

May I suggest deleting the older build from Copr? F35 chroots are already gone so I don't think there's any benefit of keeping it.

Also, in the future it might be a good idea to bump the release for rebuilds.

[agriffis]

Hi! I deleted the 04765755 build and regenerated the repo. Want to try again?

[jn64]

Thanks, works now. repodata also only lists the newer build.