Fedora 38 repository questions, update tor and virtualbox

Fedora 38 improved the security of updates by requiring gpg signatures. Because 38 is new, metadata for some repositories aren’t available yet. I am wondering about tor (releaseserver/basearch) and virtualbox (36) specifically. Both tor and virtualbox are in yum.repos but yum update tor -y doesn’t provide an update and all I get are error messages about metadata and gpg unless dnf config-manager --disable tor is used. What is the best way to dnf update all packages when the release server is newer than the stable sources?
. . .
Error: Failed to download metadata for repo ‘virtualbox’: repomd.xml GPG signature verification error: Bad GPG signature
. . .

No extra action is required if you install VirtualBox from the RPM Fusion repo.
Otherwise, you need to update the repo file and the GPG key:

sudo dnf config-manager --add-repo \
    https://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
sudo rpm --import \
    https://www.virtualbox.org/download/oracle_vbox_2016.asc

The Tor repo is not yet available for Fedora 38, so it is reasonable to disable.
In any case, you can install the Tor package from the main Fedora repo.

1 Like

Thanks. That worked for virtualbox.

I already have TBB (which is “Tor repo” / dnf calls is “tor”) installed since I upgraded from 37. Is there a way to get updates from 37 while on 38? Is there something like Fedora backports?

1 Like

Tor updates are delivered to the Fedora Updates repo, that is enabled by default.