On Mon, Dec 19, 2022 at 12:17:22PM +1100, Ian Laurie wrote:
In testing and playing with Rawhide 20221217.n.0 I found I was unable
to
install the 3rd party program bcompare (Beyond Compare) for which I am
licensed.
With their repo installed "sudo dnf install bcompare" produces the error:
Error: GPG check FAILED
However, if I use "sudo dnf install bcompare --nogpgcheck" I get a different
error:
Error: Transaction test error:
package bcompare-4.4.4-27058.x86_64 does not verify: Header V4 DSA/SHA1
Signature, key ID 7f8840ce: BAD
Is this because DNF no longer will accept SHA1?
It's because rpm switched to the sequoia gpg handling library, and that
library honor's the system wide crypto policy we have set (where the old
internal rpm one did not). This policy disallowed SHA1 by default for
signatures.
Interestingly, on another Rawhide VM with bcompare already installed
and
working, "rpm -q bcompare" produces:
error: rpmdbNextIterator: skipping h# 3507
Header V4 DSA/SHA1 Signature, key ID 7f8840ce: BAD
Header SHA256 digest: OK
Header SHA1 digest: OK
package bcompare is not installed
This output is clearly wrong, because bcompare is installed and working.
Is there a way to get around this problem and force the install?
You can change your crypto policy:
sudo update-crypto-policies --set LEGACY
kevin