SUMMARY When trying to "Update All", Discover reports: > Update Issue > > Bad GPG signature found: > > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm could not be verified. /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm: digest: SIGNATURE: NOT OK > > Please report this issue to the packagers of your distribution. But at the same time, `dnf update` succeeds without even mentioning a problem. STEPS TO REPRODUCE 1. Click "Update All" in Discover 2. Get "Bad GPG signature found" error message 3. On a terminal type `sudo dnf update` 4. See that the update is installed successfully without even so much as a warning. OBSERVED RESULT > Update Issue > > Bad GPG signature found: > > /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm could not be verified. /var/cache/PackageKit/35/metadata/virtio-win-stable-35-x86_64/packages/virtio-win-0.1.215-2.noarch.rpm: digest: SIGNATURE: NOT OK > > Please report this issue to the packagers of your distribution. EXPECTED RESULT Update installs fine just like with `dnf update`, because it uses the same source of trust as `dnf`. Or, if it really has to use a separate source of trust, Discover offers to import a GPG key. SOFTWARE/OS VERSIONS Operating System: Fedora Linux 35 KDE Plasma Version: 5.23.4 KDE Frameworks Version: 5.89.0 Qt Version: 5.15.2 Kernel Version: 5.15.13-200.fc35.x86_64 (64-bit) Graphics Platform: Wayland Processors: 12 × Intel® Core™ i7-8750H CPU @ 2.20GHz Memory: 62,5 GiB of RAM Graphics Processor: Mesa Intel® UHD Graphics 630 ADDITIONAL INFORMATION
May be related: https://gitlab.gnome.org/GNOME/gnome-software/-/issues/603
Looks like GNOME Software handles this situation a lot more interactively than we do. Might be worth trying to do the same.
Would a dialog asking whether to proceed despite the GPG problem help?
Yes, I think so. Then we could at least explain to the user what's going on plain language and offer them options.
Also affects virtio-win 0.1.217-1.
Also affects the tailscale-stable repo: https://pkgs.tailscale.com/stable/#fedora ``` Bad GPG signature found: /var/cache/PackageKit/36/metadata/tailscale-stable-36-x86_64/packages/tailscale_1.30.0_x86_64.rpm could not be verified. /var/cache/PackageKit/36/metadata/tailscale-stable-36-x86_64/packages/tailscale_1.30.0_x86_64.rpm: digest: SIGNATURE: NOT OK ``` Operating System: Fedora Linux 36 KDE Plasma Version: 5.25.4 KDE Frameworks Version: 5.97.0 Qt Version: 5.15.5 Kernel Version: 5.19.4-200.fc36.x86_64 (64-bit) Graphics Platform: Wayland Processors: 8 × 11th Gen Intel® Core™ i7-11370H @ 3.30GHz Memory: 62.6 GiB of RAM Graphics Processor: Mesa Intel® Xe Graphics Manufacturer: TUXEDO Product Name: TUXEDO InfinityBook Pro 14 Gen6
Are you testing these by installing an rpm file or because you added these as external repositories?
(In reply to Aleix Pol from comment #7) > Are you testing these by installing an rpm file or because you added these > as external repositories? I added additional / external repositories and then installed a package from them. (I did not install the RPM file directly.) In the way it is explained for e.g. Tailscale: https://pkgs.tailscale.com/stable/#fedora
I cannot reproduce this bug. Would you @Dennis Schridde mind explaining **clearly** the steps you take to have this problem? You can start from a "vanilla" installation in a VM and explain what you do.
We are waiting for info here.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!