How to remove expired GPG key installed by MySQL?

I have the following situation

• Is not possible install MySQL 8 on Fedora Workstation 39

Pls, see how was installed to understand this post. Anyway I am going in peace to wait until mysql itself resolves that bug.

Meanwhile when is executed sudo dnd update appears in somepoint

Total                                                                                                                       702 kB/s | 1.5 MB     00:02     
Delta RPMs reduced 237.9 MB of updates to 237.4 MB (0.2% saved)
MySQL 8.0 Community Server                                                                                                  349 kB/s | 3.1 kB     00:00    
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023 (0xA8D3785C) is already installed
MySQL 8.0 Community Server                                                                                                  3.0 MB/s | 3.1 kB     00:00    
Importing GPG key 0x3A79BD29:
 Userid     : "MySQL Release Engineering <mysql-build@oss.oracle.com>"
 Fingerprint: 859B E8D7 C586 F538 430B 19C2 467B 942D 3A79 BD29
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Is this ok [y/N]: 

With either y or N the process fails. For example with N appears:

Is this ok [y/N]: n
Didn't install any keys
Public key for mysql-community-client-plugins-8.0.35-10.fc39.x86_64.rpm is not installed. Failing package is: mysql-community-client-plugins-8.0.35-10.fc39.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023, file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Public key for mysql-community-common-8.0.35-10.fc39.x86_64.rpm is not installed. Failing package is: mysql-community-common-8.0.35-10.fc39.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023, file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Public key for mysql-community-icu-data-files-8.0.35-10.fc39.x86_64.rpm is not installed. Failing package is: mysql-community-icu-data-files-8.0.35-10.fc39.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023, file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Public key for mysql-community-libs-8.0.35-10.fc39.x86_64.rpm is not installed. Failing package is: mysql-community-libs-8.0.35-10.fc39.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023, file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
Public key for mysql-community-server-8.0.35-10.fc39.x86_64.rpm is not installed. Failing package is: mysql-community-server-8.0.35-10.fc39.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023, file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Just in case I tried with the sudo dnf remove mysql-server mysql-client command but appears

No match for argument: mysql-server
No match for argument: mysql-client
No packages marked for removal.
Dependencies resolved.
Nothing to do.
Complete!

Therefore I am assuming the unique way to update Fedora is by removing that expired key for MySQL

• How to remove expired GPG key installed by MySQL?

Your assumption is wrong, it requires to import the expired key:

sudo dnf install https://repo.mysql.com/mysql80-community-release-fc$(rpm -E %{fedora}).rpm
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
sudo touch /tmp/date
sudo date -s 20220101
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
sudo date -s "$(date -r /tmp/date)"

Thanks for the commands, but why import an expired key if it does not work?

My main goal is remove by complete everything about MySQL, in this case about the GPG key, to wait in peace the respective patch and right now let me do the OS update in peace

The MySQL packages are signed with that expired key.
You need to import the key to verify the signature.
It works when imported correctly.

Just being curious, what would happen if is deleted manually the file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023 and file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022 files?

Removing the key file changes the error message, but does not solve the problem.
The only alternative is to disable GPG check entirely, which is not recommended.

Thanks for the answer

Once executed the following commands for importation purposes:

sudo dnf install https://repo.mysql.com/mysql80-community-release-fc$(rpm -E %{fedora}).rpm
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
sudo systemctl stop systemd-timesyncd.service
sudo date -s 20220101
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
sudo systemctl start systemd-timesyncd.service

How to remove later the 2 imported GPG keys?

rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n" gpg-pubkey | sort -k 2
sudo rpm -e gpg-pubkey-xxxxxxxx-xxxxxxxx

Huge thanks

The process worked. I want to share the commands with their outputs for the audience:

sudo dnf install https://repo.mysql.com/mysql80-community-release-fc$(rpm -E %{fedora}).rpm
Last metadata expiration check: 0:04:16 ago on Sat 06 Jan 2024 08:48:49 AM -05.
mysql80-community-release-fc39.rpm                                                                                          7.8 kB/s |  13 kB     00:01    
Package mysql80-community-release-fc39-1.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!

sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2023
# no output

sudo systemctl stop systemd-timesyncd.service
# no output

sudo date -s 20220101
Sat Jan  1 12:00:00 AM -05 2022

sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
# no output

sudo systemctl start systemd-timesyncd.service
# no output

Therefore finally sudo dnf update completes in peace

Just an observation, a simple comparison about the order of execution (with and without entries as new lines)

manueljordan@fedora:~$ sudo date -s 20220101
Sat Jan  1 12:00:00 AM -05 2022
manueljordan@fedora:~$ 
manueljordan@fedora:~$ 
manueljordan@fedora:~$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
error: Certificate 467B942D3A79BD29:
  The certificate is expired: The primary key is not live
error: /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022: key 1 import failed.
manueljordan@fedora:~$ 
manueljordan@fedora:~$ 


manueljordan@fedora:~$ 
manueljordan@fedora:~$ sudo date -s 20220101
Sat Jan  1 12:00:00 AM -05 2022
manueljordan@fedora:~$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-mysql-2022
manueljordan@fedora:~$ 

Therefore the two latest commands must be executed together (without entries)

Is mandatory execute these commands? If I want reinstall later MySQL when the bug is fixed would exist a kind of problem?

You can list the installed keys and remove the ones no longer needed using the quoted commands when the devs actually rebuild and sign the packages with the up-to-date key.

You can list the installed keys and remove the ones no longer needed using the quoted commands when the devs actually rebuild and sign the packages with the up-to-date key.

Because I am not an expert about this in Fedora… all is based with the rpm command? Or I need other command? Let me know. It to start to do a research. Thanks for your understanding

Looks like the issue has been fixed and the expired key can be safely removed:

sudo rpm -e gpg-pubkey-3a79bd29-61b8bab7

Thank You.

From the beginning of this post - with what values I should replace your 3a79bd29-61b8bab7 part? If my memory does not fail MySQL has 2 expired keys.