On Wed, Feb 15, 2023 at 07:41:47AM -0800, Scott Beamer wrote:
> Greetings,
>
> I've been unable to import public GPG keys in Fedora 38. Example attempts:
>
> $ sudo rpm --import
https://dl.google.com/linux/linux_signing_key.pub
> [sudo] password for scott:
> error: Certificate A040830F7FAC5991:
> Policy rejects A040830F7FAC5991: No binding signature at time
> 2023-02-15T15:31:30Z
> error:
https://dl.google.com/linux/linux_signing_key.pub: key 1 import
> failed.
> error: Certificate 7721F63BD38B4796:
> Policy rejects 7721F63BD38B4796: No binding signature at time
> 2023-02-15T15:31:30Z
> error:
https://dl.google.com/linux/linux_signing_key.pub: key 2 import
> failed.
>
> AND
>
> $ sudo rpm --import
https://packages.microsoft.com/keys/microsoft.asc
> error: Certificate EB3E94ADBE1229CF:
> Policy rejects EB3E94ADBE1229CF: No binding signature at time
> 2023-02-15T15:32:55Z
> error:
https://packages.microsoft.com/keys/microsoft.asc: key 1 import
> failed.
>
> I'm not sure what the problem is. It's not been an issue in Fedora 37.
It's likely the crypto-policy disallowing SHA-1.
See:
https://www.scrye.com/wordpress/nirik/2023/01/31/error-rpmdbnextiterator-...
https://ask.fedoraproject.org/t/certain-third-party-rpms-fail-to-install-...
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
kevin
Yep. Lovely. Getting Microsoft and Google to fix this should be easy
(ok, not really).
Thanks.
Scott