Hi,
I've just attempted to do a sudo dnf upgrade to install the 343 updates that are available, and after downloading all the packages it got a GPG error and terminated. Has anyone else seen this and is able to provide some guidance on what I need to look at to identify why?
[SKIPPED] vulkan-filesystem-1.1.70.0-1.fc27.noarch.rpm: Already downloaded [SKIPPED] xdg-utils-1.1.2-4.fc27.noarch.rpm: Already downloaded [SKIPPED] xfsprogs-4.15.1-1.fc27.x86_64.rpm: Already downloaded Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
regards,
Steve
On 03/17/18 18:04, Stephen Morris wrote:
I've just attempted to do a sudo dnf upgrade to install the 343 updates that are available, and after downloading all the packages it got a GPG error and terminated. Has anyone else seen this and is able to provide some guidance on what I need to look at to identify why?
[SKIPPED] vulkan-filesystem-1.1.70.0-1.fc27.noarch.rpm: Already downloaded [SKIPPED] xdg-utils-1.1.2-4.fc27.noarch.rpm: Already downloaded [SKIPPED] xfsprogs-4.15.1-1.fc27.x86_64.rpm: Already downloaded Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
First, if you want to upgrade all you packages except for the one with the gpg problem you can always do....
dnf -x flash-plugin update
Next, are you saying that this command returns nothing?
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep -i ado
it should return
gpg-pubkey-f6777c67-45e5b1b9 gpg(Adobe Systems Incorporated (Linux RPM Signing Key) secure@adobe.com)
Do you have the adobe-release-x86_64-1.0-1.noarch.rpm package installed? I believe that would include installing the keys.
On 03/17/18 18:26, Ed Greshko wrote:
Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
Oh, I see I mis-read the error message. The package isn't signed.
My flash-plugin package is
flash-plugin-29.0.0.113-release.x86_64
while you're trying to install
flash-plugin-29.0.0.113-1.fc27.x86_64.rpm
Where did you get that package? It seems not from the Adobe repo.
Hi, I think from Russian Fedora. Kind regards
-----Ursprüngliche Mitteilung----- Von: Ed Greshko ed.greshko@greshko.com An: users users@lists.fedoraproject.org Verschickt: Sa, 17. Mrz 2018 11:44 Betreff: Re: dnf Upgrade Produces GPG Error
On 03/17/18 18:26, Ed Greshko wrote:
Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
Oh, I see I mis-read the error message. The package isn't signed.
My flash-plugin package is
flash-plugin-29.0.0.113-release.x86_64
while you're trying to install
flash-plugin-29.0.0.113-1.fc27.x86_64.rpm
Where did you get that package? It seems not from the Adobe repo.
On 17/3/18 9:44 pm, Ed Greshko wrote:
On 03/17/18 18:26, Ed Greshko wrote:
Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
Oh, I see I mis-read the error message. The package isn't signed.
My flash-plugin package is
flash-plugin-29.0.0.113-release.x86_64
while you're trying to install
flash-plugin-29.0.0.113-1.fc27.x86_64.rpm
Where did you get that package? It seems not from the Adobe repo.
Thanks Ed, I had no idea about the command you suggested to search for the keys. The flash-plugin package I have installed is 28.0.0.161-Release: 1.fc27 and this one and the one the update is trying to install are from the Negativo17 Flash repository. The adobe repository has the version of flash you have installed, so I'll try and install that if dnfdragora/yumex offer it, otherwise I'll and figure out how to get dnf to install that specific version. I'll also get in contact with the Negativo17 flash repository maintainer and see if I can get the signing issue rectified. I thought I had keys from that repository installed when I added it, but your command is indicating differently.
regards,
Steve
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 03/17/18 21:51, Stephen Morris wrote:
On 17/3/18 9:44 pm, Ed Greshko wrote:
On 03/17/18 18:26, Ed Greshko wrote:
Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
Oh, I see I mis-read the error message. The package isn't signed.
My flash-plugin package is
flash-plugin-29.0.0.113-release.x86_64
while you're trying to install
flash-plugin-29.0.0.113-1.fc27.x86_64.rpm
Where did you get that package? It seems not from the Adobe repo.
Thanks Ed, I had no idea about the command you suggested to search for the keys. The flash-plugin package I have installed is 28.0.0.161-Release: 1.fc27 and this one and the one the update is trying to install are from the Negativo17 Flash repository. The adobe repository has the version of flash you have installed, so I'll try and install that if dnfdragora/yumex offer it, otherwise I'll and figure out how to get dnf to install that specific version. I'll also get in contact with the Negativo17 flash repository maintainer and see if I can get the signing issue rectified. I thought I had keys from that repository installed when I added it, but your command is indicating differently.
Well, you very well may have the keys for Negativo17 but it is just that whoever is the maintainer missed signing the RPM as the error states.
IMHO, since the flash-plugin is available directly from Adobe and their repo it makes little sense to get it from Negativo17. I can't see how they would add value.
On 18/3/18 1:06 am, Ed Greshko wrote:
On 03/17/18 21:51, Stephen Morris wrote:
On 17/3/18 9:44 pm, Ed Greshko wrote:
On 03/17/18 18:26, Ed Greshko wrote:
Package flash-plugin-29.0.0.113-1.fc27.x86_64.rpm is not signed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED
Oh, I see I mis-read the error message. The package isn't signed.
My flash-plugin package is
flash-plugin-29.0.0.113-release.x86_64
while you're trying to install
flash-plugin-29.0.0.113-1.fc27.x86_64.rpm
Where did you get that package? It seems not from the Adobe repo.
Thanks Ed, I had no idea about the command you suggested to search for the keys. The flash-plugin package I have installed is 28.0.0.161-Release: 1.fc27 and this one and the one the update is trying to install are from the Negativo17 Flash repository. The adobe repository has the version of flash you have installed, so I'll try and install that if dnfdragora/yumex offer it, otherwise I'll and figure out how to get dnf to install that specific version. I'll also get in contact with the Negativo17 flash repository maintainer and see if I can get the signing issue rectified. I thought I had keys from that repository installed when I added it, but your command is indicating differently.
Well, you very well may have the keys for Negativo17 but it is just that whoever is the maintainer missed signing the RPM as the error states.
IMHO, since the flash-plugin is available directly from Adobe and their repo it makes little sense to get it from Negativo17. I can't see how they would add value.
When I used dnfdragora to remove the 28.0.0 version from negativo17 and install the 29.0.0 version from Adobe's repository, it told me the Adobe version was a downgrade from the installed version, which I didn't understand. I have now managed to get dnf to install all the updates without it attempting to put on the negativo17 flash update.
I wasn't explicitly using the version of flash from negativo17, it was an incidental process. Originally I was only using negativo17's steam, handbrake and nvidia repositories, until they recommended replacing their nvidia repository with their multimedia repository. A little while ago I was getting a conflict between the xorg nvidia packages I had installed and their nvidia package for xorg, and while I was investigating how to resolve that (which I finished up resolving by removing all the xorg nvidia packages) I found they had a .repo file that contained definitions for all of their repositories, so, rather than having multiple .repo files for their repositories I replaced them with the single .repo file. As a result of this, having resolved the nvidia packages conflict, I issued the dnf upgrade and it immediately upgraded the Adobe flash I had installed at the time to the version that was in the negativo17 flash repository.
regards,
Steve
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 03/18/18 08:41, Stephen Morris wrote:
When I used dnfdragora to remove the 28.0.0 version from negativo17 and install the 29.0.0 version from Adobe's repository, it told me the Adobe version was a downgrade from the installed version, which I didn't understand. I have now managed to get dnf to install all the updates without it attempting to put on the negativo17 flash update.
I wasn't explicitly using the version of flash from negativo17, it was an incidental process. Originally I was only using negativo17's steam, handbrake and nvidia repositories, until they recommended replacing their nvidia repository with their multimedia repository. A little while ago I was getting a conflict between the xorg nvidia packages I had installed and their nvidia package for xorg, and while I was investigating how to resolve that (which I finished up resolving by removing all the xorg nvidia packages) I found they had a .repo file that contained definitions for all of their repositories, so, rather than having multiple .repo files for their repositories I replaced them with the single .repo file. As a result of this, having resolved the nvidia packages conflict, I issued the dnf upgrade and it immediately upgraded the Adobe flash I had installed at the time to the version that was in the negativo17 flash repository.
I don't think I see a question in the above.
But I would note the potential for problems when one uses multiple repos and packages are duplicated. In those cases it is advisable that one edits the repo file from which you don't want to install the duplicate package to add the "exclude" directive.
On 18/3/18 12:02 pm, Ed Greshko wrote:
On 03/18/18 08:41, Stephen Morris wrote:
When I used dnfdragora to remove the 28.0.0 version from negativo17 and install the 29.0.0 version from Adobe's repository, it told me the Adobe version was a downgrade from the installed version, which I didn't understand. I have now managed to get dnf to install all the updates without it attempting to put on the negativo17 flash update.
I wasn't explicitly using the version of flash from negativo17, it was an incidental process. Originally I was only using negativo17's steam, handbrake and nvidia repositories, until they recommended replacing their nvidia repository with their multimedia repository. A little while ago I was getting a conflict between the xorg nvidia packages I had installed and their nvidia package for xorg, and while I was investigating how to resolve that (which I finished up resolving by removing all the xorg nvidia packages) I found they had a .repo file that contained definitions for all of their repositories, so, rather than having multiple .repo files for their repositories I replaced them with the single .repo file. As a result of this, having resolved the nvidia packages conflict, I issued the dnf upgrade and it immediately upgraded the Adobe flash I had installed at the time to the version that was in the negativo17 flash repository.
I don't think I see a question in the above.
But I would note the potential for problems when one uses multiple repos and packages are duplicated. In those cases it is advisable that one edits the repo file from which you don't want to install the duplicate package to add the "exclude" directive.
You are right, I wasn't looking at it from that perspective, I was approaching it from the perspective of dnf being able to decide which was the best package to use if there were multiples providing the same functionality. I may have to disable to negativo17 flash repository, or set up a permanent exclude of the flash package if there are other useful packages in the negativo17 repository that the adobe repository doesn't provide, but before deciding which way to go I will have to thoroughly investigate what is in both repositories.
regards,
Steve
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On 03/18/18 11:57, Stephen Morris wrote:
You are right, I wasn't looking at it from that perspective, I was approaching it from the perspective of dnf being able to decide which was the best package to use if there were multiples providing the same functionality. I may have to disable to negativo17 flash repository, or set up a permanent exclude of the flash package if there are other useful packages in the negativo17 repository that the adobe repository doesn't provide, but before deciding which way to go I will have to thoroughly investigate what is in both repositories.
The flash plugin provided by negativo17 is *exactly* the same as that provided by Adobe which I've installed in a VM for the rare time I need it.
Adobe's
[egreshko@f27k flash-plugin]$ sha256sum libflashplayer.so 3989b0c4f538050317d5a4b678b60ed91b4149f54bb1ad9f84e3384f4bfe3b22 libflashplayer.so
negativo17's (pulled from the rpm via rpm2cpio)
[egreshko@meimei plugins]$ sha256sum libflashplayer.so 3989b0c4f538050317d5a4b678b60ed91b4149f54bb1ad9f84e3384f4bfe3b22 libflashplayer.so
So, there is no *best* when it comes to functionality.
Just for clarity, when negativo17 repackages the plugin in "improved" form they bump the version so that if you have both adobe and their repository enabled dnf will see theirs as the "most recent". Unless someone is aware that is being done they may conclude the negativo17 package somehow "better" or an upgrade over what Adobe is supplying.
flash-plugin-29.0.0.113-release.x86_64 Adobe flash-plugin-29.0.0.113-1.fc27.x86_64.rpm negativo17 ^
Ed Greshko wrote:
Well, you very well may have the keys for Negativo17 but it is just that whoever is the maintainer missed signing the RPM as the error states.
FWIW, the maintainer at negativo17.org said this error has been corrected (in the comment section at the URL below).
IMHO, since the flash-plugin is available directly from Adobe and their repo it makes little sense to get it from Negativo17. I can't see how they would add value.
The packaging of flash-plugin from Adobe is rather awful (as is typical when vendors supply packages). According to
https://negativo17.org/adobe-flash-plugin/
the improvements over the Adobe packaging include:
This package tries to comply as maximum to the Fedora Packaging Guidelines; this means the packages has debuginfo packages, default Fedora’s GCC compile time options (where possible) and standard locations for binaries, data and docs.
Features:
* Separate Control Center integration package for the native architecture (64 bit/32 bit).
* No copying of the plugin around the filesystem after the package is installed; installation in the original Adobe package is all done in %post section!
* 32 bit plugin can also be installed along the 64 bit one in a 64 bit environment; this is useful for example with the 32 bit Steam client or 32 bit browsers.
Of course, it's still packaging flash, which is a steaming turd that provides very little benefit these days (I'm not counting "it's a great attack vector" as a benefit. ;) )
Unless someone is absolutely forced to use a site that requires flash, not installing the flash-plugin package from anywhere is the best plan.
On 18/3/18 2:49 pm, Todd Zullinger wrote:
Ed Greshko wrote:
Well, you very well may have the keys for Negativo17 but it is just that whoever is the maintainer missed signing the RPM as the error states.
FWIW, the maintainer at negativo17.org said this error has been corrected (in the comment section at the URL below).
Thanks Tod, it has indeed been rectified.
regards,
Steve
IMHO, since the flash-plugin is available directly from Adobe and their repo it makes little sense to get it from Negativo17. I can't see how they would add value.
The packaging of flash-plugin from Adobe is rather awful (as is typical when vendors supply packages). According to
https://negativo17.org/adobe-flash-plugin/the improvements over the Adobe packaging include:
This package tries to comply as maximum to the Fedora Packaging Guidelines; this means the packages has debuginfo packages, default Fedora’s GCC compile time options (where possible) and standard locations for binaries, data and docs. Features: * Separate Control Center integration package for the native architecture (64 bit/32 bit). * No copying of the plugin around the filesystem after the package is installed; installation in the original Adobe package is all done in %post section! * 32 bit plugin can also be installed along the 64 bit one in a 64 bit environment; this is useful for example with the 32 bit Steam client or 32 bit browsers.Of course, it's still packaging flash, which is a steaming turd that provides very little benefit these days (I'm not counting "it's a great attack vector" as a benefit. ;) )
Unless someone is absolutely forced to use a site that requires flash, not installing the flash-plugin package from anywhere is the best plan.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
-
Ed Greshko -
Joerg Lechner -
Stephen Morris -
Todd Zullinger