scaronni
commented
1 year ago Hi, I had an issue with my previous gpg key (~2008, SHA1 based), of course it's no longer up to standards and it's no longer allowed in non-default crypto policies in EL8/EL9/Fedora and in the default one for Fedora 38.
I generated a new ECC based one, which was all good except I forgot to check if ECC was actually supported on old EL releases. Turned out it's not supported by EL7/EL8 and in that case the system can't even assess what type of file the signed RPMs are.
Long story short, reissued a "more modern" GPG key, resigned everything in all repos and reuploaded everything online. It should be fixed now, just clear the cache and you should be asked to import the new key.
enlightenalpha
OS: CentOS 7.9
Not sure if this is the correct place to log this, but we recently tried to update our existing nvidia-drive-cuda-libs installation and started receiving signature failure messages:
Total size: 60 M Installed size: 229 M Is this ok [y/d/N]: y Downloading packages: error: skipping package /var/cache/yum/x86_64/7/epel-nvidia/packages/nvidia-driver-cuda-libs-525.89.02-1.el7.x86_64.rpm with unverifiable signature
If we choose to skip gpg-check, yum refuses to install, with no error summary provided.
Transaction check error: Unknown error during transaction test in RPM
Upon checking https://negativo17.org/repos/RPM-GPG-KEY-slaanesh, it looks like a recent update resulted in a much smaller key. Perhaps the key is corrupt? To confirm, below is the repo we are configured to use:
[epel-nvidia] name=negativo17 - Nvidia baseurl=https://negativo17.org/repos/nvidia/epel-$releasever/$basearch/ enabled=1 skip_if_unavailable=1 gpgcheck=1 gpgkey=https://negativo17.org/repos/RPM-GPG-KEY-slaanesh enabled_metadata=1 metadata_expire=6h type=rpm-md repo_gpgcheck=0