The package libdnf5-plugin-expired-pgp-keys is recommended by the package dnf5, and therefore will by default be installed when upgrading to Fedora 42.
$ rpmkeys --list
20038257-63ab09c9: Brave Linux Release (Brave Linux Release) <brave-linux-release@brave.com> public key
d651ff2e-5dadbbc1: RPM Fusion free repository for Fedora (2020) <rpmfusion-buildsys@lists.rpmfusion.org> public key
94843c65-5dadbc64: RPM Fusion nonfree repository for Fedora (2020) <rpmfusion-buildsys@lists.rpmfusion.org> public key
eb0ab1b8-60a62437: chriscowleyunix_better_fonts (None) <chriscowleyunix#better_fonts@copr.fedorahosted.org> public key
1eedd52f-6759cb1b: kwizart_kernel-longterm-6.12 (None) <kwizart#kernel-longterm-6.12@copr.fedorahosted.org> public key
6a73cd96-67d85d73: Brave Linux Release (Brave Linux Release) <linux-release@brave.com> public key
105ef944-65ca83d1: Fedora (42) <fedora-42-primary@fedoraproject.org> public key
That doesn’t tell me why it doesn’t delete that same key after I tell dnf to do so. Or maybe it redownloads the same key again and again? Will know tomorrow, because it’s been deleted manually now.
It is
$ sudo /usr/bin/clean-rpm-gpg-pubkey --dry-run
Downloading file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-42-x86_64 for:
Fedora 42 - x86_64 (/etc/yum.repos.d/fedora.repo)
Fedora 42 openh264 (From Cisco) - x86_64 (/etc/yum.repos.d/fedora-cisco-openh264.repo)
Fedora 42 openh264 (From Cisco) - x86_64 - Debug (/etc/yum.repos.d/fedora-cisco-openh264.repo)
Fedora 42 openh264 (From Cisco) - x86_64 - Source (/etc/yum.repos.d/fedora-cisco-openh264.repo)
Fedora 42 - x86_64 - Debug (/etc/yum.repos.d/fedora.repo)
Fedora 42 - Source (/etc/yum.repos.d/fedora.repo)
Fedora 42 - x86_64 - Updates (/etc/yum.repos.d/fedora-updates.repo)
Fedora 42 - x86_64 - Updates - Debug (/etc/yum.repos.d/fedora-updates.repo)
Fedora 42 - Updates Source (/etc/yum.repos.d/fedora-updates.repo)
Fedora 42 - x86_64 - Test Updates (/etc/yum.repos.d/fedora-updates-testing.repo)
Fedora 42 - x86_64 - Test Updates Debug (/etc/yum.repos.d/fedora-updates-testing.repo)
Fedora 42 - Test Updates Source (/etc/yum.repos.d/fedora-updates-testing.repo)
Downloading file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-42 for:
RPM Fusion for Fedora 42 - Free (/etc/yum.repos.d/rpmfusion-free.repo)
RPM Fusion for Fedora 42 - Free - Debug (/etc/yum.repos.d/rpmfusion-free.repo)
RPM Fusion for Fedora 42 - Free - Source (/etc/yum.repos.d/rpmfusion-free.repo)
RPM Fusion for Fedora 42 - Free - Updates (/etc/yum.repos.d/rpmfusion-free-updates.repo)
RPM Fusion for Fedora 42 - Free - Updates Debug (/etc/yum.repos.d/rpmfusion-free-updates.repo)
RPM Fusion for Fedora 42 - Free - Updates Source (/etc/yum.repos.d/rpmfusion-free-updates.repo)
RPM Fusion for Fedora 42 - Free - Test Updates (/etc/yum.repos.d/rpmfusion-free-updates-testing.repo)
RPM Fusion for Fedora 42 - Free - Test Updates Debug (/etc/yum.repos.d/rpmfusion-free-updates-testing.repo)
RPM Fusion for Fedora 42 - Free - Test Updates Source (/etc/yum.repos.d/rpmfusion-free-updates-testing.repo)
Downloading file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-nonfree-fedora-42 for:
RPM Fusion for Fedora 42 - Nonfree (/etc/yum.repos.d/rpmfusion-nonfree.repo)
RPM Fusion for Fedora 42 - Nonfree - Debug (/etc/yum.repos.d/rpmfusion-nonfree.repo)
RPM Fusion for Fedora 42 - Nonfree - Source (/etc/yum.repos.d/rpmfusion-nonfree.repo)
RPM Fusion for Fedora 42 - Nonfree - Updates (/etc/yum.repos.d/rpmfusion-nonfree-updates.repo)
RPM Fusion for Fedora 42 - Nonfree - Updates Debug (/etc/yum.repos.d/rpmfusion-nonfree-updates.repo)
RPM Fusion for Fedora 42 - Nonfree - Updates Source (/etc/yum.repos.d/rpmfusion-nonfree-updates.repo)
RPM Fusion for Fedora 42 - Nonfree - Test Updates (/etc/yum.repos.d/rpmfusion-nonfree-updates-testing.repo)
RPM Fusion for Fedora 42 - Nonfree - Test Updates Debug (/etc/yum.repos.d/rpmfusion-nonfree-updates-testing.repo)
RPM Fusion for Fedora 42 - Nonfree - Test Updates Source (/etc/yum.repos.d/rpmfusion-nonfree-updates-testing.repo)
Downloading file:///usr/share/distribution-gpg-keys/rpmfusion/RPM-GPG-KEY-rpmfusion-nonfree-fedora-42 for:
RPM Fusion for Fedora 42 - Nonfree - NVIDIA Driver (/etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo)
RPM Fusion for Fedora 42 - Nonfree - NVIDIA Driver Debug (/etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo)
RPM Fusion for Fedora 42 - Nonfree - NVIDIA Driver Source (/etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo)
RPM Fusion for Fedora 42 – Nonfree – Steam (/etc/yum.repos.d/rpmfusion-nonfree-steam.repo)
RPM Fusion for Fedora 42 – Nonfree – Steam Debug (/etc/yum.repos.d/rpmfusion-nonfree-steam.repo)
RPM Fusion for Fedora 42 – Nonfree – Steam Source (/etc/yum.repos.d/rpmfusion-nonfree-steam.repo)
Downloading https://brave-browser-rpm-release.s3.brave.com/brave-core.asc for:
Brave Browser (/etc/yum.repos.d/brave-browser.repo)
Downloading https://dl.google.com/linux/linux_signing_key.pub for:
google-chrome (/etc/yum.repos.d/google-chrome.repo)
Downloading https://download.copr.fedorainfracloud.org/results/bgstack15/palemoon/pubkey.gpg for:
Copr repo for palemoon owned by bgstack15 (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:bgstack15:palemoon.repo)
Downloading https://download.copr.fedorainfracloud.org/results/chriscowleyunix/better_fonts/pubkey.gpg for:
Copr repo for better_fonts owned by chriscowleyunix (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:chriscowleyunix:better_fonts.repo)
Downloading https://download.copr.fedorainfracloud.org/results/elxreno/preload/pubkey.gpg for:
Copr repo for preload owned by elxreno (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:elxreno:preload.repo)
Downloading https://download.copr.fedorainfracloud.org/results/kwizart/kernel-longterm-6.12/pubkey.gpg for:
Copr repo for kernel-longterm-6.12 owned by kwizart (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:kwizart:kernel-longterm-6.12.repo)
Downloading https://download.copr.fedorainfracloud.org/results/kwizart/kernel-longterm-6.6/pubkey.gpg for:
Copr repo for kernel-longterm-6.6 owned by kwizart (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:kwizart:kernel-longterm-6.6.repo)
Downloading https://download.copr.fedorainfracloud.org/results/phracek/PyCharm/pubkey.gpg for:
Copr repo for PyCharm owned by phracek (/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo)
Downloading https://repo.vivaldi.com/archive/linux_signing_key.pub for:
vivaldi (/etc/yum.repos.d/vivaldi-fedora.repo)
Total affected keys: 0
I’ve checked today and dnf upgrade did not redownload the offending key. Might be a cron.daily job though. Will post config right after I post the output to your commands.
user@user:~$ cat /etc/default/vivaldi
repo_add_once="false"
user@user:~$ cat /etc/cron.daily/vivaldi
#!/bin/sh
#
# Copyright 2009 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# This script is part of the vivaldi package.
#
# It creates the repository configuration file for package updates, since
# we cannot do this during the vivaldi installation since the repository
# is locked.
#
# This functionality can be controlled by creating the $DEFAULTS_FILE and
# setting "repo_add_once" to "true" or "false" as desired. An empty
# $DEFAULTS_FILE is the same as setting the value to "false".
# System-wide package configuration.
DEFAULTS_FILE="/etc/default/vivaldi"
# sources.list setting for vivaldi updates.
REPOCONFIG="https://repo.vivaldi.com/archive/rpm"
REPOCONFIGREGEX=""
# import Vivaldi public key updates from Vivaldi repo
# Vivaldi public key updates
# Remove expired repository/package signing key (4218647E), if present.
remove_old_rpm_key() {
rpm -q gpg-pubkey-4218647e >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
rpm -e gpg-pubkey-4218647e >/dev/null 2>&1
fi
}
# Install the repository/package signing key (33EAAB8E), if it isn't already.
install_rpm_key() {
# Check to see if the key already exists.
rpm -q gpg-pubkey-33eaab8e >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
# Keys already exist
return 0
fi
# RPM on Mandriva 2009 is dumb and does not understand "rpm --import -"
TMPKEY=$(mktemp /tmp/vivaldi.sig.XXXXXX)
if [ -n "$TMPKEY" ]; then
cat > "$TMPKEY" <<KEYDATA
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGO9ZysBEACeLmXsTfEk6Msqskhkr+fU2uFTinefc6o8p1T9uRVkBiIM641/
n76LtmGuGQkIsDi+a6XkdNE08hn8IHru3Ir5m2/oku8lP99U0iHjKpF6D/37xxJa
5w9NyOQwusd3p4mPY+QB284ngMPPKIO0dudCfnRAPNzZejSwJ/rqoakMpBSPLn6j
U4la52aCfa25dtz2xpE6Q7mAvmi/zX/33ZdY71fJdoALXduQCLOMHj4i7J3BR8uQ
cC9KdJCm2DfaZAL2hz7+U8PeNkd7JOaKV+0nNYUhTN9zfE52vZq3SYWbCmBxlW7h
N+djIVtn85z/9xZX9fhDA8FKxIqL7SThPGZa/M4K7k+hlDxlZ3qhUCOfSN8L0zbk
/3iFb8K7h5YJbg5W5Cmm6bGQHPS9Urb2pAPaXn65fZYTEyGq0KN2aely4bq+HisK
a0N+aqrFeslCa2fJHom2BNle+Yy4Ys18xZ+I8Fji7HGQ6y8PcivaOw29R7Cspn/N
JEVZeR/jPXXylB0jf2zN1tOj7PKKvW3n6I6i3zd69OepkV/hBD9xLUqb0M+QSRGQ
3CMPCCvJA3A5D2UfPY+DSZNMkYG+p97mNEVqgOgBHZzz4wKTK92zF2GcvcdEsqtd
ukcQ9w/gLVU3Vv5KDUAB23wIqm1Jdo3JXRqZge5f2/EV41rVI7vRx63GdQARAQAB
tDVWaXZhbGRpIFBhY2thZ2UgQ29tcG9zZXIgS0VZMDkgPHBhY2thZ2VyQHZpdmFs
ZGkuY29tPokCVAQTAQoAPhYhBDNgGPJj+gAAZc7XxhJPFJgz6quOBQJjvWcrAhsD
BQkEBFIABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBJPFJgz6quOQJsP/Aqb
nLZAO9C3Hmljz0O5B+Ms2FXMVM/KF9DwIdV+AIiwf/WloPRbomYKapTRYIhPsQOU
Ol2C1IvSp3Em2fQM6dtMPzDDs7NkY0wGOVBHWVHeaXinxcPaZUY4Jd+QKsI0q3sd
NJcVMuX60/+cmJ2nzNZNfdxAmcXl2g9/QJpBXyrgTHS4C2EtvkhdEFHvUzg28ne8
5WFsNDVGJqiNpgS+GFbL9lxxHBe5KDZBnJXzURnvS63CnbbZiP5mHk0Xp7849yF1
3WYZYI5L6aZjpAxExpz6hyKz8TLLcCdB+lV98PYlJBSR556dmmR27xCiYjgIYdY2
HhjdwrJN9ARz5RNdFUsne0JXIoFwR8UI6rBPh7dLhQGg9FU5K4ACrcItksnlgc7S
9a9qTBZUhY9pqAS2hn1xKYbNo7xTV2z+afYsvkrv68SuEEOngMLDGNA/i/zUI541
XuJ1htMVDRTEmbApJapEfDr0Y0YoiCfVaTor5YxJw6eO6SC4+TCfcKNsmSwHkj+i
rVcliWNCs0MoUUhthRbKwdPndQgvGioCHFz+KfHOuPK/RAoMrriKxAw1pBTjG8Y0
zWzMKaMTBH7AkHzkT0qXjZhEFEaSFLFJa1OSKQNoodqxOGCDI/JEPvz8kXIAKcGV
1yPctq/EQJJGP3SyqnQON8sYaog3I4xuwLCpO+UduQINBGO9ZysBEACYB6sAsXwU
dBUWjQgWBvx5Sb3K/yrk9+Wj4ahdHOhFFtH//xI1170Jeac3iFONUJJ69dBwOY8I
rPtpsl8pz+/Sr0+4cqyR5whkxuRAqqMKI47F+Voi/I931T4pV8fNcz5Y5rZaEkfx
fUFl6mkGdKzVBdlxkbdcTSFr5gIb0UYQvRc9TzsNO9OFly6sR9Iz/T4h5S7/k1qa
gpiVJeT6il2QiY2OBhSUfmlvBItadCD4ZrFvFeNREyDQ7xJ/mU46R39AGTtqt1Qm
uSdCO1+z6JSToD9x6xv/eF5uLbvztogj9yEw3t8AubRT253dMLLfHm8lnYdC8GwF
el9L0+s5ex2Dj4xyxZosV3dwQXk/oaHefW9BjcQLxGkOH0gBt+ZQ+mHUlI4kgOXQ
guHKuCrBycT5DyrrbQbPFp3kQXbLzKNym7eWHnbvZx6uIQSu70QvBo9zPRiurC7A
4ofKcpvJdRhbojmc9ekprM2hDZEcsyiT0t/6W8+zfxyGBLK4pLMkuhGB8VQV+U7W
vIxkRQLqpzo0nzEEOkxxBSI+O6hLDeZVOLBhuLW49K1E2zfDp6PWoDMEccT684+Z
Pvz/ytVr3jBYHkaMH4Djzxl/BuSMA+njljpzjPvdpjSsCQ753IyqudXQ1aVscfrr
I31OB1JVAjCyziBpGVyNlOjVpYukWLoReQARAQABiQI8BBgBCgAmFiEEM2AY8mP6
AABlztfGEk8UmDPqq44FAmO9ZysCGwwFCQQEUgAACgkQEk8UmDPqq44Jkg/9F2ru
pFszfK9Qes8lMZ/7bqMZam45cIYURQY+6BJ8yqvj8u3we/uiGb0dwF+zOt4TkJU+
U7bqNEyB4pZsOoAQlYA/YPa4y0jTTJKFdjnKIXo/LaqKz8Mc7ONpOZHGZ25MGL+/
vxMYX2Pi0dNGsyqFBXRwuSs1Mx0sJunFf/qyIfwC3CCf6TWlAfCMNlNhoQ4idNmG
Q4hZq0BZFROjNKKuOm+Dm6qYo6VDjP/C+ttgo+N+kydq6Ieytbecys+aQBSFstuJ
ilhj9sRVmFDEze6Q4D2Q5dnuuT3ZET0U1aQ4KOcCUnPA5xrEb/iB/W3n76A/IS+4
2XHIwU8KgpQGMOegE1L9KSX9/ps1BEu1C9z10MmUZBchKydoSJBbTZKh+7+aixsK
7ruWpgU6qLxx+dqTZ7CF55m6JxAwrbbamSFfW91NA4yoNAMtkDx5KP9/fLoVnZum
B6LrSiXbD+mMJ/IqGpFSSH95EjLJO0c8U49MbQVgB5aHgt50k9sq8HtoJ7ewpEmT
sz4xGk7qg09h2SBhBWpiol7i3S96n8BdZOzpjBM0ZBu41foC9r2WFxJhs/vEnlqa
WFyoci3Fngd2+eymsme2AoQi0vHVYcLcL/0HjbU+f/5Cv0YFgj0mvoqFB+IG/ALH
KLjnVlvK3NkBqWBEmDSNS2yMqMM3KjvpwATqCUA=
=EWUm
-----END PGP PUBLIC KEY BLOCK-----
KEYDATA
rpm --import "$TMPKEY" >/dev/null 2>&1
rc=$?
rm -f "$TMPKEY"
if [ "$rc" -eq "0" ]; then
return 0
fi
fi
return 1
}
# Install another key (74C35BC8), if it isn't already, for future use.
install_future_rpm_key() {
# Check to see if the key already exists.
rpm -q gpg-pubkey-74c35bC8 >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
# Keys already exist
return 0
fi
# RPM on Mandriva 2009 is dumb and does not understand "rpm --import -"
TMPKEY=$(mktemp /tmp/vivaldi.sig.XXXXXX)
if [ -n "$TMPKEY" ]; then
cat > "$TMPKEY" <<KEYDATA
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGWvppIBEADEP5eQWayPrhnAs/AQtBAqt9KVkb5exVWsuuneyNgGBq7e8xrg
2Mh4A5+Szj1PwjGgJeAmY2g50gXHJ4rygchCZmxZ09vcBB+s7HXfzp0SNN+LEAzu
Pb0s5Vl4XFW4sgpglB06R65+tIfQJqyPUJK9I8of8417/IAu/kL8IQU93mH0CzIJ
7sK9PAN/LIwdcbDeGwuQJWYgZAlclBcLQc2uG/FBAsCxyBfyv8vSCcJrNXvmFJnS
b1iS903t7GXpOkeIXTt4TcjXQ56IqY+UeCgY7GVZ+3ej6d0x+smfay8o26qdbktl
kjoUSICun+8UdcXBhNjWqscQrv/9Z8h6In6OoyjSf0NtcppI+9UFB7csGm6ySZ5U
E65uUD8evDnocfXhxIiPMhfi01PAAO6CyLMCA9ZytzPZDrIUct13m4YMWdKRtE0I
TRO4FX9Ev0iKyhfS8WNQ95ZtDUZMTyqMeP88SyIOnxIhRRZSNCXnuzxZbPloEuEF
mPY45zRr2mvICZg3d4TLhm8tyvYPgC6C0cEaWcjgRZVKsVl1c4n8N//6GtmlhcrF
V1kbUNVwLt1H8GYsIs7EqyiEI44ciFCNJY+Xccze8LFjwsBz0ro6wvV5N5wA8tIG
RAc2H5qbEoESmd5sF85mnRlXxKF7hz1R8QtbEJCAhht8AifuukOPzdGS8QARAQAB
tDVWaXZhbGRpIFBhY2thZ2UgQ29tcG9zZXIgS0VZMTAgPHBhY2thZ2VyQHZpdmFs
ZGkuY29tPokCVAQTAQoAPhYhBMKiRFsOw7OWvVJuMfc5qsB0w1vIBQJlr6aSAhsD
BQkD3MUABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEPc5qsB0w1vI/pEP/jIc
X+DBSe26osMa1bYDHIGqkRhltLYY6Sjpp0R1l6rmtUuwSER8tuxeDlh2PzkmPwKi
WdvfW1jT1VPUS0RVeOV0Dg0LLH4mgbTGj9aXWLmX1j9QGuXWUasf+ozeHF/cjlDE
KfdzY7mFsDmwHyapZBky/e8szIIagBJBxvAFLgvvezY74RQ5P8RuhbYHY9Nv8LWj
21HhBvUv9sT0OFEtCGNF2VFFKRXjwy07M/hsLoFC4Z/vBBnDIpZlHZmCqqGwo9yg
4afozlIkqUbwJtNcyqybgZjC9wZRfnKGpD6wvDrhL3sSgqnvreQyCju+OWHn6X23
giBwmY7FFuoRi5H24o5qyifQ59UzrU5cgiJCttjBfMi2Zfzz1iCWd87+luw/V4HR
QBWPUGyY6Q9+/8UNEPPy/3kkg0DeuQVR1bogrIiUwqfgOhF1RoWiXONFGIETrykL
kTHlklz7Yc8K+xCrIr22YBwuuMp+953u/RH22m2HipIBwXehIN+p98lUuKpGtfwz
KGninsXPQeBALq++9ELWmtRkUJ0KzveNqTqFU7P1DlIcRXK/94KPK1JrRCu/2nhw
J5Z1EJuZdZ8pkRv7gKopnwIXnNQYjAlgk95ol0AQNmvDZ3qyPFJzN+TfDKbxG3ol
0ZEPYddcymvt8eUCpRmAEDQuX6Wv1JO/bkJIq26MuQINBGWvppIBEACldmKPWvDd
fOiYBgcaIytEDj+FQaLjLJtd/fsdF10cok6tatQpBo5UIvtQOHtdjIoL8udKGqT6
8Zm7+xxsUwOVCNoYhaIJg/IzU9FrjjZ0wqGQWGntdbcSweejQkzkFbCiWMoXTFEV
yac8ETwErpf2oRNb1n7zJtKN1ctJwGO/amVuy1XxLk/aEi0wC0zgkaSObZXxTSZH
IhZah+a0Ua31kD0hd3OriftQw1eqskDkgpPyUe0KRemGD7bJB+dtuQLF2w30AcPO
0ufPG6pK6Y6VOFCDIMFpfkYtbIIyhtyrAmvduXXFC+KxnCHuIi52b+PcP3E44WBt
7EE37jlxxErabzQN8GTnyvELnXA9eiShmwTIVfp+W3AsIT5C+J2TBcHn0ThJ3zL+
P5xzDgnZ/y3k5qIl5t+xrVmhGcSdZtzg6muyOT9pCXCaTpqjmMBqNGMLdBFgNoUq
lQ54/88eXlsSQDb0E7a/uQAKwKKU3i7rWt//wOwaW+6tW0TsK2th2RLBpje+3Shi
diOm1gAeyWhO5XcZYZndu65pnyrvuX3i2+rKkpTSkpGAF69i0cG2hXlOkjSjGnEp
2IhvE2erywZZAY+ktasQspoLD/oN6HZkZhG6wQ8I8N5cfs/D2VryZ2PHiCT2IHPg
a3lXl40sWDtzrBDtsQeiDeeZ+GCAbmqRdwARAQABiQI8BBgBCgAmFiEEwqJEWw7D
s5a9Um4x9zmqwHTDW8gFAmWvppICGwwFCQPcxQAACgkQ9zmqwHTDW8gCVg/+MwU6
P+Ii7Kdn2BXH+BeZCrlB6/5tMsbYkaMgidpxJe07CwLO1kIwiR9EmepbcJbq2qGd
I8KNwb9hIl3mEkn5gmin9NfAo+WozeHZi3y1L4XIxlPLZqs3rn5iMPfqJSwbo59J
CUtJsYU8btL6dcWFcgUoqF/DN20VvrS837Ro0NppNLDPyFcjoTpWgEdf8t0hZtD1
/tzi6PVu9IN17i6yhzSR2IGUiun98k9DOC2QbPtg60WF9KVmycz2vgg8KJck9YgV
1nJ6qSKLii7tBlbHI9cKEqUAxEnaSyfoyKQjOmsx9MUQQ3O8oiarAlICOANo7Twq
mNecHjABcLs6eV4Ta0BLByas8RWjcWi0mBIe3BF/MzF3JyvL446UFOaHHynOjNdJ
rzUIaZtUGOvSUszNYOYm7qPGpmifDq3Tdph9wyNM8otI8IG7M8WI2HSZqcDi/urH
91433HAV2yS3G+LwXBX9mM3PpktNur+OChCX6p3Lv+9PPCxB5wl9OmuGusK+4f94
PBYDWOfoBOpBBsWNvED+3goFrU+CWtDMsXEKiaMg6TPpKWB+anqgMZR6JEYr3FuA
fo9Sa2sKm+dYTrNerUJVr5MW2FtiIVqAyTlsNqHB1z3EmfQQoYhlmtNax+p0qW6Y
GgUqMpeO5Nzvc5+8UBcSfmOp/cVgxKMaXP0rlRU=
=/N0X
-----END PGP PUBLIC KEY BLOCK-----
KEYDATA
rpm --import "$TMPKEY" >/dev/null 2>&1
rc=$?
rm -f "$TMPKEY"
if [ "$rc" -eq "0" ]; then
return 0
fi
fi
return 1
}
determine_rpm_package_manager() {
local RELEASE
# Modern method using os-release(5)
if [ -f "/etc/os-release" ]; then
RELEASE=$(. "/etc/os-release"; echo "$ID")
case $RELEASE in
"fedora"|"rhel"|"centos"|"amzn"|"mageia"|"openmandriva")
PACKAGEMANAGERS=(yum)
;;
"suse"|"sles"|"sled"|"opensuse"|"opensuse-leap"|"opensuse-tumbleweed")
PACKAGEMANAGERS=(zypp)
;;
esac
fi
if [ "$PACKAGEMANAGERS" ]; then
return
fi
# Fallback method using lsb_release(1)
LSB_RELEASE="$(command -v lsb_release 2> /dev/null)"
if [ -x "$LSB_RELEASE" ]; then
RELEASE=$(lsb_release -i 2> /dev/null | sed 's/:\t/:/' | cut -d ':' -f 2-)
case $RELEASE in
"Fedora"|"Amazon"|"Mageia"|"OpenMandrivaLinux")
PACKAGEMANAGERS=(yum)
;;
"SUSE LINUX"|"openSUSE")
PACKAGEMANAGERS=(zypp)
;;
esac
fi
if [ "$PACKAGEMANAGERS" ]; then
return
fi
# Fallback methods that are probably unnecessary on modern systems.
if [ -f "/etc/fedora-release" ] || [ -f "/etc/redhat-release" ]; then
PACKAGEMANAGERS=(yum)
elif [ -f "/etc/system-release" ] && grep -Fq "Amazon Linux" "/etc/system-release"; then
PACKAGEMANAGERS=(yum)
elif [ -f "/etc/SuSE-release" ]; then
PACKAGEMANAGERS=(zypp)
fi
}
DEFAULT_ARCH="x86_64"
YUM_REPO_FILE="/etc/yum.repos.d/vivaldi.repo"
ZYPPER_REPO_FILE="/etc/zypp/repos.d/vivaldi.repo"
install_yum() {
install_rpm_key
if [ ! "$REPOCONFIG" ]; then
return 0
fi
if [ -d "/etc/yum.repos.d" ]; then
cat > "$YUM_REPO_FILE" << REPOCONTENT
[vivaldi]
name=vivaldi
baseurl=$REPOCONFIG/$DEFAULT_ARCH
enabled=1
gpgcheck=1
gpgkey=https://repo.vivaldi.com/archive/linux_signing_key.pub
REPOCONTENT
fi
}
install_zypp() {
if [ ! "$REPOCONFIG" ]; then
return 0
fi
# Ideally, we would run: zypper addrepo -t YUM -f \
# "$REPOCONFIG/$DEFAULT_ARCH" "vivaldi"
# but that does not work when zypper is running.
if [ -d "/etc/zypp/repos.d" ]; then
cat > "$ZYPPER_REPO_FILE" << REPOCONTENT
[vivaldi]
name=vivaldi
enabled=1
autorefresh=1
baseurl=$REPOCONFIG/$DEFAULT_ARCH
gpgcheck=1
gpgkey=https://repo.vivaldi.com/archive/linux_signing_key.pub
type=rpm-md
keeppackages=0
REPOCONTENT
fi
}
# Check if the automatic repository configuration is done, so we know when to
# stop trying.
verify_install() {
# It's probably enough to see that the repo configs have been created. If they
# aren't configured properly, update_bad_repo should catch that when it's run.
case $1 in
"yum")
[ -f "$YUM_REPO_FILE" ]
;;
"zypp")
[ -f "$ZYPPER_REPO_FILE" ]
;;
esac
}
# Update the Google repository if it's not set correctly.
update_bad_repo() {
if [ ! "$REPOCONFIG" ]; then
return 0
fi
determine_rpm_package_manager
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
case $PACKAGEMANAGER in
"yum")
update_repo_file "$YUM_REPO_FILE"
;;
"zypp")
update_repo_file "$ZYPPER_REPO_FILE"
;;
esac
done
}
update_repo_file() {
REPO_FILE="$1"
# Don't do anything if the file isn't there, since that probably means the
# user disabled it.
if [ ! -r "$REPO_FILE" ]; then
return 0
fi
# Check if the correct repository configuration is in there.
REPOMATCH=$(grep "^baseurl=$REPOCONFIG/$DEFAULT_ARCH" "$REPO_FILE" \
2>/dev/null)
# If it's there, nothing to do
if [ "$REPOMATCH" ]; then
return 0
fi
# Check if it's there but disabled by commenting out (as opposed to using the
# 'enabled' setting).
MATCH_DISABLED=$(grep "^[[:space:]]*#.*baseurl=$REPOCONFIG/$DEFAULT_ARCH" \
"$REPO_FILE" 2>/dev/null)
if [ "$MATCH_DISABLED" ]; then
# It's OK for it to be disabled, as long as nothing bogus is enabled in its
# place.
ACTIVECONFIGS=$(grep "^baseurl=.*" "$REPO_FILE" 2>/dev/null)
if [ ! "$ACTIVECONFIGS" ]; then
return 0
fi
fi
# If we get here, the correct repository wasn't found, or something else is
# active, so fix it. This assumes there is a 'baseurl' setting, but if not,
# then that's just another way of disabling, so we won't try to add it.
sed -i -e "s,^baseurl=.*,baseurl=$REPOCONFIG/$DEFAULT_ARCH," "$REPO_FILE"
}
# We only remove the repository configuration during a purge. Since RPM has
# no equivalent to dpkg --purge, the code below is actually never used. We
# keep it only for reference purposes, should we ever need it.
#
#remove_yum() {
# rm -f "$YUM_REPO_FILE"
#}
#
#remove_zypp() {
# # Ideally, we would run: zypper removerepo "vivaldi"
# # but that does not work when zypper is running.
# rm -f /etc/zypp/repos.d/vivaldi.repo
#}
DEFAULT_ARCH="x86_64"
get_lib_dir() {
if [ "$DEFAULT_ARCH" = "i386" ] || [ "$DEFAULT_ARCH" = "armhf" ] || \
[ "$DEFAULT_ARCH" = "mipsel" ]; then
LIBDIR=lib
elif [ "$DEFAULT_ARCH" = "x86_64" ] || [ "$DEFAULT_ARCH" = "aarch64" ] || \
[ "$DEFAULT_ARCH" = "mips64el" ]; then
LIBDIR=lib64
else
echo Unknown CPU Architecture: "$DEFAULT_ARCH"
exit 1
fi
}
## MAIN ##
if [ -r "$DEFAULTS_FILE" ]; then
. "$DEFAULTS_FILE"
fi
remove_old_rpm_key
install_rpm_key
install_future_rpm_key
if [ "$repo_add_once" = "true" ]; then
determine_rpm_package_manager
# Let's run through this for each supported package manager as detected...
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
# The initial install happens in the post-install scripts, but there have been
# reports of configuration problems, so just verify that everything looks
# good, and if not, try to install again.
verify_install $PACKAGEMANAGER
if [ $? -ne 0 ]; then
install_${PACKAGEMANAGER}
fi
done
if [ $? -eq 0 ]; then
# Do this for each supported package manager...
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
# Before we quit auto-configuration, check that everything looks sane, since
# part of this happened during package install and we don't have the return
# value of that process.
verify_install $PACKAGEMANAGER
if [ $? -eq 0 ]; then
sed -i -e 's/[[:space:]]*repo_add_once=.*/repo_add_once="false"/' \
"$DEFAULTS_FILE"
fi
done
fi
else
update_bad_repo
fi
user@user:~$ cat /etc/yum.repos.d/vivaldi-fedora.repo
[vivaldi]
name=vivaldi
enabled=1
baseurl=https://repo.vivaldi.com/archive/rpm/$basearch
gpgcheck=1
gpgkey=https://repo.vivaldi.com/archive/linux_signing_key.pub
user@user:~$ vivaldi --version
Vivaldi 6.8.3381.46 stable
Looks like it’s the /etc/cron.daily/vivaldi redownloading the expired key. I normally don’t upgrade browsers unless they stopped working. Here’s the proposed replacement script to fix the issue:
#!/bin/sh
#
# Copyright 2009 The Chromium Authors
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# This script is part of the vivaldi package.
#
# It creates the repository configuration file for package updates, since
# we cannot do this during the vivaldi installation since the repository
# is locked.
#
# This functionality can be controlled by creating the $DEFAULTS_FILE and
# setting "repo_add_once" to "true" or "false" as desired. An empty
# $DEFAULTS_FILE is the same as setting the value to "false".
# System-wide package configuration.
DEFAULTS_FILE="/etc/default/vivaldi"
# sources.list setting for vivaldi updates.
REPOCONFIG="https://repo.vivaldi.com/archive/rpm"
REPOCONFIGREGEX=""
# import Vivaldi public key updates from Vivaldi repo
# Vivaldi public key updates
# Remove expired repository/package signing key (4218647E), if present.
remove_old_rpm_key() {
rpm -q gpg-pubkey-4218647e >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
rpm -e gpg-pubkey-4218647e >/dev/null 2>&1
fi
}
# Remove expired repository/package signing key (33EAAB8E), if present.
remove_old_rpm_key2() {
rpm -q gpg-pubkey-33eaab8e >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
rpm -e gpg-pubkey-33eaab8e >/dev/null 2>&1
fi
}
# Install another key (74C35BC8), if it isn't already, for future use.
install_future_rpm_key() {
# Check to see if the key already exists.
rpm -q gpg-pubkey-74c35bC8 >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
# Keys already exist
return 0
fi
# RPM on Mandriva 2009 is dumb and does not understand "rpm --import -"
TMPKEY=$(mktemp /tmp/vivaldi.sig.XXXXXX)
if [ -n "$TMPKEY" ]; then
cat > "$TMPKEY" <<KEYDATA
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGWvppIBEADEP5eQWayPrhnAs/AQtBAqt9KVkb5exVWsuuneyNgGBq7e8xrg
2Mh4A5+Szj1PwjGgJeAmY2g50gXHJ4rygchCZmxZ09vcBB+s7HXfzp0SNN+LEAzu
Pb0s5Vl4XFW4sgpglB06R65+tIfQJqyPUJK9I8of8417/IAu/kL8IQU93mH0CzIJ
7sK9PAN/LIwdcbDeGwuQJWYgZAlclBcLQc2uG/FBAsCxyBfyv8vSCcJrNXvmFJnS
b1iS903t7GXpOkeIXTt4TcjXQ56IqY+UeCgY7GVZ+3ej6d0x+smfay8o26qdbktl
kjoUSICun+8UdcXBhNjWqscQrv/9Z8h6In6OoyjSf0NtcppI+9UFB7csGm6ySZ5U
E65uUD8evDnocfXhxIiPMhfi01PAAO6CyLMCA9ZytzPZDrIUct13m4YMWdKRtE0I
TRO4FX9Ev0iKyhfS8WNQ95ZtDUZMTyqMeP88SyIOnxIhRRZSNCXnuzxZbPloEuEF
mPY45zRr2mvICZg3d4TLhm8tyvYPgC6C0cEaWcjgRZVKsVl1c4n8N//6GtmlhcrF
V1kbUNVwLt1H8GYsIs7EqyiEI44ciFCNJY+Xccze8LFjwsBz0ro6wvV5N5wA8tIG
RAc2H5qbEoESmd5sF85mnRlXxKF7hz1R8QtbEJCAhht8AifuukOPzdGS8QARAQAB
tDVWaXZhbGRpIFBhY2thZ2UgQ29tcG9zZXIgS0VZMTAgPHBhY2thZ2VyQHZpdmFs
ZGkuY29tPokCVAQTAQoAPhYhBMKiRFsOw7OWvVJuMfc5qsB0w1vIBQJlr6aSAhsD
BQkD3MUABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEPc5qsB0w1vI/pEP/jIc
X+DBSe26osMa1bYDHIGqkRhltLYY6Sjpp0R1l6rmtUuwSER8tuxeDlh2PzkmPwKi
WdvfW1jT1VPUS0RVeOV0Dg0LLH4mgbTGj9aXWLmX1j9QGuXWUasf+ozeHF/cjlDE
KfdzY7mFsDmwHyapZBky/e8szIIagBJBxvAFLgvvezY74RQ5P8RuhbYHY9Nv8LWj
21HhBvUv9sT0OFEtCGNF2VFFKRXjwy07M/hsLoFC4Z/vBBnDIpZlHZmCqqGwo9yg
4afozlIkqUbwJtNcyqybgZjC9wZRfnKGpD6wvDrhL3sSgqnvreQyCju+OWHn6X23
giBwmY7FFuoRi5H24o5qyifQ59UzrU5cgiJCttjBfMi2Zfzz1iCWd87+luw/V4HR
QBWPUGyY6Q9+/8UNEPPy/3kkg0DeuQVR1bogrIiUwqfgOhF1RoWiXONFGIETrykL
kTHlklz7Yc8K+xCrIr22YBwuuMp+953u/RH22m2HipIBwXehIN+p98lUuKpGtfwz
KGninsXPQeBALq++9ELWmtRkUJ0KzveNqTqFU7P1DlIcRXK/94KPK1JrRCu/2nhw
J5Z1EJuZdZ8pkRv7gKopnwIXnNQYjAlgk95ol0AQNmvDZ3qyPFJzN+TfDKbxG3ol
0ZEPYddcymvt8eUCpRmAEDQuX6Wv1JO/bkJIq26MuQINBGWvppIBEACldmKPWvDd
fOiYBgcaIytEDj+FQaLjLJtd/fsdF10cok6tatQpBo5UIvtQOHtdjIoL8udKGqT6
8Zm7+xxsUwOVCNoYhaIJg/IzU9FrjjZ0wqGQWGntdbcSweejQkzkFbCiWMoXTFEV
yac8ETwErpf2oRNb1n7zJtKN1ctJwGO/amVuy1XxLk/aEi0wC0zgkaSObZXxTSZH
IhZah+a0Ua31kD0hd3OriftQw1eqskDkgpPyUe0KRemGD7bJB+dtuQLF2w30AcPO
0ufPG6pK6Y6VOFCDIMFpfkYtbIIyhtyrAmvduXXFC+KxnCHuIi52b+PcP3E44WBt
7EE37jlxxErabzQN8GTnyvELnXA9eiShmwTIVfp+W3AsIT5C+J2TBcHn0ThJ3zL+
P5xzDgnZ/y3k5qIl5t+xrVmhGcSdZtzg6muyOT9pCXCaTpqjmMBqNGMLdBFgNoUq
lQ54/88eXlsSQDb0E7a/uQAKwKKU3i7rWt//wOwaW+6tW0TsK2th2RLBpje+3Shi
diOm1gAeyWhO5XcZYZndu65pnyrvuX3i2+rKkpTSkpGAF69i0cG2hXlOkjSjGnEp
2IhvE2erywZZAY+ktasQspoLD/oN6HZkZhG6wQ8I8N5cfs/D2VryZ2PHiCT2IHPg
a3lXl40sWDtzrBDtsQeiDeeZ+GCAbmqRdwARAQABiQI8BBgBCgAmFiEEwqJEWw7D
s5a9Um4x9zmqwHTDW8gFAmWvppICGwwFCQPcxQAACgkQ9zmqwHTDW8gCVg/+MwU6
P+Ii7Kdn2BXH+BeZCrlB6/5tMsbYkaMgidpxJe07CwLO1kIwiR9EmepbcJbq2qGd
I8KNwb9hIl3mEkn5gmin9NfAo+WozeHZi3y1L4XIxlPLZqs3rn5iMPfqJSwbo59J
CUtJsYU8btL6dcWFcgUoqF/DN20VvrS837Ro0NppNLDPyFcjoTpWgEdf8t0hZtD1
/tzi6PVu9IN17i6yhzSR2IGUiun98k9DOC2QbPtg60WF9KVmycz2vgg8KJck9YgV
1nJ6qSKLii7tBlbHI9cKEqUAxEnaSyfoyKQjOmsx9MUQQ3O8oiarAlICOANo7Twq
mNecHjABcLs6eV4Ta0BLByas8RWjcWi0mBIe3BF/MzF3JyvL446UFOaHHynOjNdJ
rzUIaZtUGOvSUszNYOYm7qPGpmifDq3Tdph9wyNM8otI8IG7M8WI2HSZqcDi/urH
91433HAV2yS3G+LwXBX9mM3PpktNur+OChCX6p3Lv+9PPCxB5wl9OmuGusK+4f94
PBYDWOfoBOpBBsWNvED+3goFrU+CWtDMsXEKiaMg6TPpKWB+anqgMZR6JEYr3FuA
fo9Sa2sKm+dYTrNerUJVr5MW2FtiIVqAyTlsNqHB1z3EmfQQoYhlmtNax+p0qW6Y
GgUqMpeO5Nzvc5+8UBcSfmOp/cVgxKMaXP0rlRU=
=/N0X
-----END PGP PUBLIC KEY BLOCK-----
KEYDATA
rpm --import "$TMPKEY" >/dev/null 2>&1
rc=$?
rm -f "$TMPKEY"
if [ "$rc" -eq "0" ]; then
return 0
fi
fi
return 1
}
determine_rpm_package_manager() {
local RELEASE
# Modern method using os-release(5)
if [ -f "/etc/os-release" ]; then
RELEASE=$(. "/etc/os-release"; echo "$ID")
case $RELEASE in
"fedora"|"rhel"|"centos"|"amzn"|"mageia"|"openmandriva")
PACKAGEMANAGERS=(yum)
;;
"suse"|"sles"|"sled"|"opensuse"|"opensuse-leap"|"opensuse-tumbleweed")
PACKAGEMANAGERS=(zypp)
;;
esac
fi
if [ "$PACKAGEMANAGERS" ]; then
return
fi
# Fallback method using lsb_release(1)
LSB_RELEASE="$(command -v lsb_release 2> /dev/null)"
if [ -x "$LSB_RELEASE" ]; then
RELEASE=$(lsb_release -i 2> /dev/null | sed 's/:\t/:/' | cut -d ':' -f 2-)
case $RELEASE in
"Fedora"|"Amazon"|"Mageia"|"OpenMandrivaLinux")
PACKAGEMANAGERS=(yum)
;;
"SUSE LINUX"|"openSUSE")
PACKAGEMANAGERS=(zypp)
;;
esac
fi
if [ "$PACKAGEMANAGERS" ]; then
return
fi
# Fallback methods that are probably unnecessary on modern systems.
if [ -f "/etc/fedora-release" ] || [ -f "/etc/redhat-release" ]; then
PACKAGEMANAGERS=(yum)
elif [ -f "/etc/system-release" ] && grep -Fq "Amazon Linux" "/etc/system-release"; then
PACKAGEMANAGERS=(yum)
elif [ -f "/etc/SuSE-release" ]; then
PACKAGEMANAGERS=(zypp)
fi
}
DEFAULT_ARCH="x86_64"
YUM_REPO_FILE="/etc/yum.repos.d/vivaldi.repo"
ZYPPER_REPO_FILE="/etc/zypp/repos.d/vivaldi.repo"
install_yum() {
install_rpm_key
if [ ! "$REPOCONFIG" ]; then
return 0
fi
if [ -d "/etc/yum.repos.d" ]; then
cat > "$YUM_REPO_FILE" << REPOCONTENT
[vivaldi]
name=vivaldi
baseurl=$REPOCONFIG/$DEFAULT_ARCH
enabled=1
gpgcheck=1
gpgkey=https://repo.vivaldi.com/archive/linux_signing_key.pub
REPOCONTENT
fi
}
install_zypp() {
if [ ! "$REPOCONFIG" ]; then
return 0
fi
# Ideally, we would run: zypper addrepo -t YUM -f \
# "$REPOCONFIG/$DEFAULT_ARCH" "vivaldi"
# but that does not work when zypper is running.
if [ -d "/etc/zypp/repos.d" ]; then
cat > "$ZYPPER_REPO_FILE" << REPOCONTENT
[vivaldi]
name=vivaldi
enabled=1
autorefresh=1
baseurl=$REPOCONFIG/$DEFAULT_ARCH
gpgcheck=1
gpgkey=https://repo.vivaldi.com/archive/linux_signing_key.pub
type=rpm-md
keeppackages=0
REPOCONTENT
fi
}
# Check if the automatic repository configuration is done, so we know when to
# stop trying.
verify_install() {
# It's probably enough to see that the repo configs have been created. If they
# aren't configured properly, update_bad_repo should catch that when it's run.
case $1 in
"yum")
[ -f "$YUM_REPO_FILE" ]
;;
"zypp")
[ -f "$ZYPPER_REPO_FILE" ]
;;
esac
}
# Update the Google repository if it's not set correctly.
update_bad_repo() {
if [ ! "$REPOCONFIG" ]; then
return 0
fi
determine_rpm_package_manager
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
case $PACKAGEMANAGER in
"yum")
update_repo_file "$YUM_REPO_FILE"
;;
"zypp")
update_repo_file "$ZYPPER_REPO_FILE"
;;
esac
done
}
update_repo_file() {
REPO_FILE="$1"
# Don't do anything if the file isn't there, since that probably means the
# user disabled it.
if [ ! -r "$REPO_FILE" ]; then
return 0
fi
# Check if the correct repository configuration is in there.
REPOMATCH=$(grep "^baseurl=$REPOCONFIG/$DEFAULT_ARCH" "$REPO_FILE" \
2>/dev/null)
# If it's there, nothing to do
if [ "$REPOMATCH" ]; then
return 0
fi
# Check if it's there but disabled by commenting out (as opposed to using the
# 'enabled' setting).
MATCH_DISABLED=$(grep "^[[:space:]]*#.*baseurl=$REPOCONFIG/$DEFAULT_ARCH" \
"$REPO_FILE" 2>/dev/null)
if [ "$MATCH_DISABLED" ]; then
# It's OK for it to be disabled, as long as nothing bogus is enabled in its
# place.
ACTIVECONFIGS=$(grep "^baseurl=.*" "$REPO_FILE" 2>/dev/null)
if [ ! "$ACTIVECONFIGS" ]; then
return 0
fi
fi
# If we get here, the correct repository wasn't found, or something else is
# active, so fix it. This assumes there is a 'baseurl' setting, but if not,
# then that's just another way of disabling, so we won't try to add it.
sed -i -e "s,^baseurl=.*,baseurl=$REPOCONFIG/$DEFAULT_ARCH," "$REPO_FILE"
}
# We only remove the repository configuration during a purge. Since RPM has
# no equivalent to dpkg --purge, the code below is actually never used. We
# keep it only for reference purposes, should we ever need it.
#
#remove_yum() {
# rm -f "$YUM_REPO_FILE"
#}
#
#remove_zypp() {
# # Ideally, we would run: zypper removerepo "vivaldi"
# # but that does not work when zypper is running.
# rm -f /etc/zypp/repos.d/vivaldi.repo
#}
DEFAULT_ARCH="x86_64"
get_lib_dir() {
if [ "$DEFAULT_ARCH" = "i386" ] || [ "$DEFAULT_ARCH" = "armhf" ] || \
[ "$DEFAULT_ARCH" = "mipsel" ]; then
LIBDIR=lib
elif [ "$DEFAULT_ARCH" = "x86_64" ] || [ "$DEFAULT_ARCH" = "aarch64" ] || \
[ "$DEFAULT_ARCH" = "mips64el" ]; then
LIBDIR=lib64
else
echo Unknown CPU Architecture: "$DEFAULT_ARCH"
exit 1
fi
}
## MAIN ##
if [ -r "$DEFAULTS_FILE" ]; then
. "$DEFAULTS_FILE"
fi
remove_old_rpm_key
remove_old_rpm_key2
install_future_rpm_key
if [ "$repo_add_once" = "true" ]; then
determine_rpm_package_manager
# Let's run through this for each supported package manager as detected...
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
# The initial install happens in the post-install scripts, but there have been
# reports of configuration problems, so just verify that everything looks
# good, and if not, try to install again.
verify_install $PACKAGEMANAGER
if [ $? -ne 0 ]; then
install_${PACKAGEMANAGER}
fi
done
if [ $? -eq 0 ]; then
# Do this for each supported package manager...
for PACKAGEMANAGER in ${PACKAGEMANAGERS[*]}
do
# Before we quit auto-configuration, check that everything looks sane, since
# part of this happened during package install and we don't have the return
# value of that process.
verify_install $PACKAGEMANAGER
if [ $? -eq 0 ]; then
sed -i -e 's/[[:space:]]*repo_add_once=.*/repo_add_once="false"/' \
"$DEFAULTS_FILE"
fi
done
fi
else
update_bad_repo
fi
or get an up to date /etc/cron/daily/vivaldi script.
Thanks again. Did not upgrade the package. Only the /etc/cron.daily/vivaldi from the package. I’m reticent to upgrade web browsers when they’re not broken.
Old web browsers are broken… The security issues keep coming up and if you have a browser that you are not updating then it’s almost certainly exposing you to security issues.
That’s what they want you to believe. I run chromium 108 and 109 based browsers on Win 7, that’s Jan 2023, and never had a single problem. Naturally I need to install extensions manually in developer mode. Bonus: those extensions won’t auto-update, neither will the browser. Works perfectly well. They know that. That’s why they pretend they’re broken. They don’t want you to use software they can’t control anymore.
Granted. I accept the risk and I’m doing it knowingly. Never had a single problem in 35 years though. OTOH you expose yourself to backdoors, malware, keyloggers, blocklists by upgrading constantly. Popular software like browsers, vlc are targets for monitoring your activities. Not to mention modern browsers are bloatware.
According to WikiLeaks documents revealed in 2017, the CIA allegedly exploited an older portable version of VLC Media Player as an attack vector to spy on targets. The method involved modifying the software to inject malicious dynamic link libraries (DLLs), enabling data collection while the target used VLC to play videos or music. VideoLAN, the organization behind VLC, acknowledged these revelations and worked on patches to secure the software. This attack targeted specific individuals, not the general public.
According to WikiLeaks’ Vault 7 disclosures, the CIA developed a tool called Archimedes, used to conduct man-in-the-middle (MitM) attacks on web browsers within a local area network (LAN). Archimedes redirected a target’s browser traffic through a CIA-controlled computer before it reached its intended destination, allowing the agency to monitor or manipulate the browsing session while making it appear normal. This tool didn’t involve planting spyware directly in the browser but exploited browser sessions to spy on targets. The documents, published on May 5, 2017, suggest Archimedes could be used to intercept data or deliver malicious payloads, though specific instances of its use weren’t detailed.
In 2025, a critical vulnerability in Google Chrome, identified as CVE-2025-2783, was exploited in a spying campaign called “Operation ForumTroll,” primarily targeting organizations in Russia. This flaw, located in Chrome’s Mojo engine on Windows, allowed hackers to bypass browser protections to monitor victims’ browsing habits and remotely install malware via malicious links sent by email. Google patched this vulnerability in Chrome versions 134.0.6998.177 and .178.
I’m very skeptical regarding software that auto-updates like browsers and browser extensions.
And naturally, I do not use google chrome regularly and whenever I need to, I use the oldest version that work. Currently a version from oct 2023.
Thanks for the warning. I’m sure you’re well intentioned.