When runnging rpm-ostree update got below error
error: importing RPMs: package google-chrome-stable-114.0.5735.90-1.x86_64 cannot be verified and repo google-chrome is GPG enabled: /var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm could not be verified.
/var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm: digest: SIGNATURE: NOT OK
I had the same issue this morning. Haven’t had the time to investigate yet.
Let’s use SHA-1 signed RPMs (Chrome) on Silverblue 38 · Issue #408 · fedora-silverblue/issue-tracker · GitHub to track this
The latest Chrome update, 114.0.5735.90, is failing to install here. Not just that: all of the other updates simply don’t install, nothing happens when pressing the download button from the Updates page of GNOME Software. pkcon update returns this:
fatal error: package google-chrome-stable-114.0.5735.90-1.x86_64 cannot be verified and repo google-chrome is GPG enabled: /var/cache/PackageKit/38/metadata/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm could not be verified.
/var/cache/PackageKit/38/metadata/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm: digest: SIGNATURE: NOT OK
pkcon update also doesn’t update the other packages that need updating. Is there anything I can do to fix this?
I’m using Fedora 38 Workstation.
Since your using workstation have you tried sudo dnf upgrade --refresh from the terminal
From Silverblue, still got the same error:
Checking out tree 7af9f28... done
Enabled rpm-md repositories: fedora-cisco-openh264 fedora-modular updates-modular updates fedora teamviewer copr:copr.fedorainfracloud.org:phracek:PyCharm google-chrome rpmfusion-nonfree-nvidia-driver rpmfusion-nonfree-steam updates-archive
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular' (cached); generated: 2023-04-13T20:30:47Z solvables: 1082
rpm-md repo 'updates-modular' (cached); generated: 2018-02-20T19:18:14Z solvables: 0
rpm-md repo 'updates' (cached); generated: 2023-06-01T03:25:51Z solvables: 13930
rpm-md repo 'fedora' (cached); generated: 2023-04-13T20:37:10Z solvables: 69222
rpm-md repo 'teamviewer' (cached); generated: 2023-05-23T07:04:12Z solvables: 105
rpm-md repo 'copr:copr.fedorainfracloud.org:phracek:PyCharm' (cached); generated: 2023-05-23T12:23:04Z solvables: 8
rpm-md repo 'google-chrome' (cached); generated: 2023-05-31T18:00:41Z solvables: 3
rpm-md repo 'rpmfusion-nonfree-nvidia-driver' (cached); generated: 2023-05-31T10:56:14Z solvables: 31
rpm-md repo 'rpmfusion-nonfree-steam' (cached); generated: 2023-05-19T19:13:13Z solvables: 2
rpm-md repo 'updates-archive' (cached); generated: 2023-06-01T03:49:37Z solvables: 14720
Resolving dependencies... done
Will download: 1 package (8.1 kB)
Downloading from 'fedora'... done
Importing packages... done
error: importing RPMs: package google-chrome-stable-114.0.5735.90-1.x86_64 cannot be verified and repo google-chrome is GPG enabled: /var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm could not be verified.
/var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm: digest: SIGNATURE: NOT OK
From Workstation, installation is OK:
Copr repo for PyCharm owned by phracek 125 kB/s | 87 kB 00:00
Fedora 38 - x86_64 6.5 kB/s | 5.9 kB 00:00
Fedora 38 openh264 (From Cisco) - x86_64 3.5 kB/s | 989 B 00:00
Fedora Modular 38 - x86_64 39 kB/s | 5.8 kB 00:00
Fedora 38 - x86_64 - Updates 9.1 kB/s | 6.6 kB 00:00
Fedora 38 - x86_64 - Updates 4.7 MB/s | 13 MB 00:02
Fedora Modular 38 - x86_64 - Updates 7.8 kB/s | 5.7 kB 00:00
google-chrome 23 kB/s | 3.6 kB 00:00
RPM Fusion for Fedora 38 - Nonfree - NVIDIA Dri 16 kB/s | 15 kB 00:00
RPM Fusion for Fedora 38 - Nonfree - Steam 1.4 kB/s | 2.2 kB 00:01
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
google-chrome-stable x86_64 114.0.5735.90-1 google-chrome 91 M
Installing dependencies:
liberation-fonts noarch 1:2.1.5-4.fc38 fedora 7.9 k
Transaction Summary
================================================================================
Install 2 Packages
Total download size: 91 M
Installed size: 300 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): liberation-fonts-2.1.5-4.fc38.noarch.rpm 45 kB/s | 7.9 kB 00:00
(2/2): google-chrome-stable-114.0.5735.90-1.x86 11 MB/s | 91 MB 00:08
--------------------------------------------------------------------------------
Total 10 MB/s | 91 MB 00:09
Fedora 38 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0xEB10B464:
Userid : "Fedora (38) <fedora-38-primary@fedoraproject.org>"
Fingerprint: 6A51 BBAB BA3D 5467 B617 1221 809A 8D7C EB10 B464
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-38-x86_64
Is this ok [y/N]: y
Key imported successfully
google-chrome 258 kB/s | 14 kB 00:00
Importing GPG key 0x7FAC5991:
Userid : "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>"
Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
From : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate A040830F7FAC5991:
Policy rejects subkey 4F30B6B4C07CB649: Policy rejected asymmetric algorithm
Key imported successfully
Importing GPG key 0xD38B4796:
Userid : "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>"
Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
From : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate 7721F63BD38B4796:
Subkey 1397BC53640DB551 is expired: The subkey is not live
Subkey 78BD65473CB3BD13 is expired: The subkey is not live
Subkey 6494C6D6997C215E is expired: The subkey is not live
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : liberation-fonts-1:2.1.5-4.fc38.noarch 1/2
Running scriptlet: google-chrome-stable-114.0.5735.90-1.x86_64 2/2
Installing : google-chrome-stable-114.0.5735.90-1.x86_64 2/2
Running scriptlet: google-chrome-stable-114.0.5735.90-1.x86_64 2/2
Verifying : liberation-fonts-1:2.1.5-4.fc38.noarch 1/2
Verifying : google-chrome-stable-114.0.5735.90-1.x86_64 2/2
Installed:
google-chrome-stable-114.0.5735.90-1.x86_64
liberation-fonts-1:2.1.5-4.fc38.noarch
Complete!
You can try removing the overlayed package, then re-installing from the latest RPM, and then re-installing again to remove the version lock:
$ rpm-otree update --uninstall google-chrome-stable
$ reboot
$ rpm-ostree install google-chrome-stable.rpm
$ reboot
$ rpm-ostree update --uninstall google-chrome-stable-<version> --install google-chrome-stable
$ reboot
This is weird, but only removing and re-importing the Google GPG key worked for me.
The issue does happen in Workstation too as PackageKit can’t install Chrome. However, installing it with dnf shows a prompt to import the Google key:
Downloading Packages:
(1/4): liberation-fonts-2.1.5-4.fc38.noarch.rpm 33 kB/s | 7.9 kB 00:00
(2/4): liberation-serif-fonts-2.1.5-4.fc38.noar 1.7 MB/s | 605 kB 00:00
(3/4): liberation-sans-fonts-2.1.5-4.fc38.noarc 1.6 MB/s | 605 kB 00:00
(4/4): google-chrome-stable-114.0.5735.90-1.x86 23 MB/s | 91 MB 00:04
--------------------------------------------------------------------------------
Total 16 MB/s | 92 MB 00:05
google-chrome 34 kB/s | 14 kB 00:00
Importing GPG key 0x7FAC5991:
Userid : "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>"
Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
From : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate A040830F7FAC5991:
Policy rejects subkey 4F30B6B4C07CB649: Policy rejected asymmetric algorithm
Key imported successfully
Importing GPG key 0xD38B4796:
Userid : "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>"
Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
From : https://dl.google.com/linux/linux_signing_key.pub
Is this ok [y/N]: y
warning: Certificate 7721F63BD38B4796:
Subkey 1397BC53640DB551 is expired: The subkey is not live
Subkey 78BD65473CB3BD13 is expired: The subkey is not live
Subkey 6494C6D6997C215E is expired: The subkey is not live
Key imported successfully
$ rpm-ostree update --uninstall google-chrome-stable-114.0.5735.90-1_x86_64 --install google-chrome-stable
error: Package/capability 'google-chrome-stable-114.0.5735.90-1_x86_64' is not currently requested
My rpm-ostree status
â—Źfedora:fedora/38/x86_64/silverblue
Version: 38.20230601.0 (2023-06-01T02:19:44Z)
BaseCommit: 7af9f2887c3c0463e6714600e87858b638892e29ce5ace54ad6779d5ea65d6f8
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
LayeredPackages: bridge-utils dmg2img git ibus-cangjie-engine-cangjie libvirt python3-pip qemu qemu-img qemu-kvm virt-install virt-manager
LocalPackages: google-chrome-stable-114.0.5735.90-1.x86_64 ICAClient-23.5.0.58-0.x86_64 teamviewer-15.40.8-0.x86_64
fedora:fedora/38/x86_64/silverblue
Version: 38.20230601.0 (2023-06-01T02:19:44Z)
BaseCommit: 7af9f2887c3c0463e6714600e87858b638892e29ce5ace54ad6779d5ea65d6f8
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
LayeredPackages: bridge-utils dmg2img git ibus-cangjie-engine-cangjie libvirt python3-pip qemu qemu-img qemu-kvm virt-install virt-manager
LocalPackages: ICAClient-23.5.0.58-0.x86_64 teamviewer-15.40.8-0.x86_64
Have you tried
$ rpm-ostree update --uninstall google-chrome-stable --install google-chrome-stable
No Luck.
$ rpm-ostree status
State: idle
Deployments:
â—Ź fedora:fedora/38/x86_64/silverblue
Version: 38.20230603.0 (2023-06-03T00:50:31Z)
BaseCommit: f00544f6d9c5c90e5efb9c1193b3feb2fd76f4f12727ddabe0300ab832425902
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
LayeredPackages: bridge-utils dmg2img git ibus-cangjie-engine-cangjie libvirt python3-pip qemu qemu-img qemu-kvm virt-install
virt-manager
LocalPackages: google-chrome-stable-114.0.5735.90-1.x86_64
fedora:fedora/38/x86_64/silverblue
Version: 38.20230603.0 (2023-06-03T00:50:31Z)
BaseCommit: f00544f6d9c5c90e5efb9c1193b3feb2fd76f4f12727ddabe0300ab832425902
GPGSignature: Valid signature by 6A51BBABBA3D5467B6171221809A8D7CEB10B464
LayeredPackages: bridge-utils dmg2img git ibus-cangjie-engine-cangjie libvirt python3-pip qemu qemu-img qemu-kvm virt-install
virt-manager
[fcc@x300 ~]$ rpm-ostree update --uninstall google-chrome-stable --install google-chrome-stable
2 metadata, 0 content objects fetched; 788 B transferred in 2 seconds; 0 bytes content written
Checking out tree f00544f... done
Enabled rpm-md repositories: fedora-cisco-openh264 fedora-modular updates-modular updates fedora copr:copr.fedorainfracloud.org:phracek:PyCharm google-chrome rpmfusion-nonfree-nvidia-driver rpmfusion-nonfree-steam updates-archive
Importing rpm-md... done
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular' (cached); generated: 2023-04-13T20:30:47Z solvables: 1082
rpm-md repo 'updates-modular' (cached); generated: 2018-02-20T19:18:14Z solvables: 0
rpm-md repo 'updates' (cached); generated: 2023-06-01T03:25:51Z solvables: 13930
rpm-md repo 'fedora' (cached); generated: 2023-04-13T20:37:10Z solvables: 69222
rpm-md repo 'copr:copr.fedorainfracloud.org:phracek:PyCharm' (cached); generated: 2023-05-23T12:23:04Z solvables: 8
rpm-md repo 'google-chrome' (cached); generated: 2023-05-31T18:00:41Z solvables: 3
rpm-md repo 'rpmfusion-nonfree-nvidia-driver' (cached); generated: 2023-05-31T10:56:14Z solvables: 31
rpm-md repo 'rpmfusion-nonfree-steam' (cached); generated: 2023-05-19T19:13:13Z solvables: 2
rpm-md repo 'updates-archive' (cached); generated: 2023-06-03T03:32:39Z solvables: 15445
Resolving dependencies... done
Importing packages... done
error: importing RPMs: package google-chrome-stable-114.0.5735.90-1.x86_64 cannot be verified and repo google-chrome is GPG enabled: /var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm could not be verified.
/var/cache/rpm-ostree/repomd/google-chrome-38-x86_64/packages/google-chrome-stable-114.0.5735.90-1.x86_64.rpm: digest: SIGNATURE: NOT OK
It isn’t better to report this issue in bugs.chromium.org?
Seems like they don’t see it as their responsibility or their job to make it work again.
Just had this problem, too, trying to update fedora 38 on silverblue. Have chrome dev version installed
As a workaround, uninstalled the rpm-ostree version, installed the flatpak version via gnome-software. Looks good so far.
For me, the FlatPak version cannot display Chinese web contents.
Is that something recommended for the community? That Flatpak isn’t maintained by Google itself. I think Flatpaks are great! But I have some doubts when they’re not directly offered by upstream, which I think was the point of Flatpaks. The ability for developers to directly offer their software to all platforms. I don’t feel comfortable to install something that’s not maintained by Google. Sure, for RPMs we also have maintainers. But there are a lot more (automated and non-automated) checks and balances to ensure the proper source is used and it’s easier to inspect and there are more people to inspect it. Don’t want to throw this thread into something off-topic, but I think people should be aware.
Just and update.
Tested with Silverblue-RH-20230715 & Workstation-RH-20230715. Fresh install both inside virt-manager.
Workstation RH can install google-chrome-stable without issue.
Silverblue RH still have the SIGNATURE: NOT OK error.