Fedora 38 repository questions, update tor and virtualbox

Fedora 38 improved the security of updates by requiring gpg signatures. Because 38 is new, metadata for some repositories aren’t available yet. I am wondering about tor (releaseserver/basearch) and virtualbox (36) specifically. Both tor and virtualbox are in yum.repos but yum update tor -y doesn’t provide an update and all I get are error messages about metadata and gpg unless dnf config-manager --disable tor is used. What is the best way to dnf update all packages when the release server is newer than the stable sources?
. . .
Error: Failed to download metadata for repo ‘virtualbox’: repomd.xml GPG signature verification error: Bad GPG signature
. . .

No extra action is required if you install VirtualBox from the RPM Fusion repo.
Otherwise, you need to update the repo file and the GPG key:

sudo dnf config-manager --add-repo \
sudo rpm --import \

The Tor repo is not yet available for Fedora 38, so it is reasonable to disable.
In any case, you can install the Tor package from the main Fedora repo.

1 Like

Thanks. That worked for virtualbox.

I already have TBB (which is “Tor repo” / dnf calls is “tor”) installed since I upgraded from 37. Is there a way to get updates from 37 while on 38? Is there something like Fedora backports?

1 Like

Tor updates are delivered to the Fedora Updates repo, that is enabled by default.