Hey Everyone,
First time posting here so let me know if there are any rules I’m not following and I’ll be sure to correct myself.
Issue description:
Cannot install RPMs from TLP repository when using Fedora Silverblue 29
I have reviewed this topic but it did not help: Cannot install Launchpad COPR repo
I am following the installation instructions here (TLP - Optimize Linux Laptop Battery Life — TLP 1.5 documentation) under the “Fedora” section.
I am using a Thinkpad so I am attempting to install the packages under the section “Thinkpads only”. When using standard Fedora 29 Workstation or even a Fedora 29 Container there is no issue with adding the repositories mentioned and installing the packages “akmod-tp_smapi” and “akmod-acpi_call”. When I attempt to install these packages on Fedora 29 Silverblue, on a real or virtual machine, I get the following error:
[user@localhost ~]$ rpm-ostree status
State: busy
AutomaticUpdates: disabled
Transaction: upgrade (download only)
Deployments:
● ostree://fedora-workstation:fedora/29/x86_64/silverblue
Version: 29.1.2 (2018-10-24 23:20:30)
BaseCommit: f17b670fa8cf69144be5ae0c968dc2ee7eb6999a5f7a54f1ee71eec7783e434a
GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
LocalPackages: rpmfusion-free-release-29-1.noarch tlp-release-1.29.0-1.fc29.noarch
ostree://fedora-workstation:fedora/29/x86_64/silverblue
Version: 29.1.2 (2018-10-24 23:20:30)
Commit: f17b670fa8cf69144be5ae0c968dc2ee7eb6999a5f7a54f1ee71eec7783e434a
GPGSignature: Valid signature by 5A03B4DD8254ECA02FDA1637A20AA56B429476B4
[user@localhost ~]$ rpm-ostree install tlp tlp-rdw akmod-tp_smapi akmod-acpi_call kernel-devel
Checking out tree f17b670... done
Enabled rpm-md repositories: updates tlp rpmfusion-free tlp-updates rpmfusion-free-updates fedora
rpm-md repo 'updates' (cached); generated: 2018-12-12 02:39:44
rpm-md repo 'tlp' (cached); generated: 2018-11-01 00:31:00
rpm-md repo 'rpmfusion-free' (cached); generated: 2018-10-23 11:05:19
rpm-md repo 'tlp-updates' (cached); generated: 2018-11-01 00:31:05
rpm-md repo 'rpmfusion-free-updates' (cached); generated: 2018-12-12 08:26:17
rpm-md repo 'fedora' (cached); generated: 2018-10-24 22:20:15
Importing metadata [=============] 100%
Resolving dependencies... done
Will download: 2 packages (14.6 MB)
Downloading from updates: [=============] 100%
error: package akmod-acpi_call-1.1.1-4.fc29.x86_64 cannot be verified and repo tlp is GPG enabled: failed to lookup digest in keyring for /var/cache/rpm-ostree/repomd/tlp-29-x86_64/packages/akmod-acpi_call-1.1.1-4.fc29.x86_64.rpm
[user@localhost ~]$
Since the error line is stating that the failure is due to GPG I have ensured that the GPG key for this repository is in /etc/pki/rpm-gpg:
[user@localhost ~]$ ls -al /etc/pki/rpm-gpg/ | grep tlp
lrwxrwxrwx. 1 root root 33 Dec 11 09:16 RPM-GPG-KEY-tlp -> RPM-GPG-KEY-tlp-fedora-29-primary
lrwxrwxrwx. 1 root root 33 Dec 11 09:16 RPM-GPG-KEY-tlp-28 -> RPM-GPG-KEY-tlp-fedora-28-primary
lrwxrwxrwx. 1 root root 33 Dec 11 09:16 RPM-GPG-KEY-tlp-29 -> RPM-GPG-KEY-tlp-fedora-29-primary
lrwxrwxrwx. 1 root root 33 Dec 11 09:16 RPM-GPG-KEY-tlp-30 -> RPM-GPG-KEY-tlp-fedora-30-primary
-rw-r--r--. 1 root root 3090 Dec 11 09:16 RPM-GPG-KEY-tlp-fedora-28-primary
-rw-r--r--. 1 root root 3825 Dec 11 09:16 RPM-GPG-KEY-tlp-fedora-29-primary
-rw-r--r--. 1 root root 3825 Dec 11 09:16 RPM-GPG-KEY-tlp-fedora-30-primary
[user@localhost ~]$
The repo file looks like this:
[user@localhost ~]$ cat /etc/yum.repos.d/tlp.repo
[tlp]
name=tlp RPM packages
#baseurl=https://repo.linrunner.de/fedora/tlp/repos/releases/29/x86_64/os/
mirrorlist=https://repo.linrunner.de/fedora/tlp/mirrors/29/x86_64/tlp.txt
enabled=1
metadata_expire=7d
skip_if_unavailable=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp-29
[tlp-debuginfo]
name=tlp RPM packages - Sources
#baseurl=https://repo.linrunner.de/fedora/tlp/repos/releases/29/x86_64/debug/
mirrorlist=https://repo.linrunner.de/fedora/tlp/mirrors/29/x86_64/tlp-debuginfo.txt
enabled=0
metadata_expire=7d
skip_if_unavailable=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp-29
[tlp-source]
name=tlp RPM packages - Sources
#baseurl=https://repo.linrunner.de/fedora/tlp/repos/releases/29/x86_64/sources/SRPMS/
mirrorlist=https://repo.linrunner.de/fedora/tlp/mirrors/29/x86_64/tlp-source.txt
enabled=0
metadata_expire=7d
skip_if_unavailable=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tlp-29
[user@localhost ~]$
I can use the rpm command to check the signature and it returns with the following. This is the same output I receive on a standard Fedora 29 Workstation installation.
[user@localhost ~]$ rpm -v -K /var/cache/rpm-ostree/repomd/tlp-29-x86_64/packages/akmod-acpi_call-1.1.1-4.fc29.x86_64.rpm
/var/cache/rpm-ostree/repomd/tlp-29-x86_64/packages/akmod-acpi_call-1.1.1-4.fc29.x86_64.rpm:
Header V4 RSA/SHA256 Signature, key ID cf4988c9: NOKEY
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID cf4988c9: NOKEY
MD5 digest: OK
[user@localhost ~]$
I do not fully understand the way that RPM handles GPG keys but it seems that the key being in /etc/pki/rpm-gpg and the repo file being configured to use it is not enough. The error fails when checking the digest, I don’t know what this is or how it is built. This seems to be the source of the issue. Maybe RPM is not pulling in these GPG keys properly.
error: package akmod-acpi_call-1.1.1-4.fc29.x86_64 cannot be verified and repo tlp is GPG enabled: failed to lookup digest in keyring for /var/cache/rpm-ostree/repomd/tlp-29-x86_64/packages/akmod-acpi_call-1.1.1-4.fc29.x86_64.rpm
NOTE: I also have tested installing from RPM fusion to make sure it is not an issue with all third party repos. Installing something like chromium-libs-media-freeworld completes without error. The issue is only with packages from this repository on Fedora Silverblue