Can't check signature: public key not found

Hi all,

I have been trying to upgrade fcos with little luck. Right now I am running:

* ostree://fedora:fedora/x86_64/coreos/stable
                   Version: 34.20210427.3.0 (2021-05-18T08:56:57Z)
                    Commit: b4b2199ec09b9e4200024b52062b119035a06b3ffc27b4268c5b8c3aa6fcde17
              GPGSignature: Valid signature by 8C5BA6990BDB26E19F2A1A801161AE6945719A39

I have tried having zincati do the upgrade but I get the following error

Jun 01 09:40:26 ip-10-82-161-101 zincati[1380366]:
Jun 01 09:45:41 ip-10-82-161-101 zincati[1380366]: [INFO ] target release '34.20210611.3.0' selected, proceeding to stage it
Jun 01 09:45:46 ip-10-82-161-101 zincati[1380366]: [ERROR] failed to stage deployment: rpm-ostree deploy failed:
Jun 01 09:45:46 ip-10-82-161-101 zincati[1380366]:     error: Commit a8d8c301ec3e4267106208ed194603e2b1979a67458fb8d3542c54b05b5b1766: Signature made Wed May 31 10:23:59 2023 using RSA key ID 809A8D7CEB10B464
Jun 01 09:45:46 ip-10-82-161-101 zincati[1380366]:     Can't check signature: public key not found

I get the same when I try it manually

# rpm-ostree upgrade --preview --bypass-driver
error: While pulling fedora/x86_64/coreos/stable: Commit a8d8c301ec3e4267106208ed194603e2b1979a67458fb8d3542c54b05b5b1766: Signature made Wed May 31 10:23:59 2023 using RSA key ID 809A8D7CEB10B464
Can't check signature: public key not found

I have tried a lot of different things found all over the internet like downloading the PGP using ostree but I simply can’t get it to work.

Do any of you have a clue on what I can do to solve this short of reinstalling?

Thanks.

This issue is https://github.com/coreos/fedora-coreos-tracker/issues/749

You need to follow the workaround in Cannot upgrade from N-2 releases due to missing GPG key · Issue #749 · coreos/fedora-coreos-tracker · GitHub but you need to do it all the way to Fedora 38.

curl -L https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-primary
curl -L https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-36-primary | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-36-primary
curl -L https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-37-primary | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-37-primary
curl -L https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-38-primary | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-38-primary

Some of the keys may already exist. You’ll need to just put in place the ones that don’t yet.

1 Like

Hi @dustymabe ,
Thanks for the tip. I had seen the post and forgot to mention it. However, I had not done them, just 35.

I ran it and added the links to the different arch and it did the job. Many thanks!