Microsoft keys break Gnome Software!

Ask Fedora
, ,
1

Installing Microsoft’s keys on Fedora 44 cause Gnome Software to crash and not start properly.

To reproduce the issue, you could for example follow the instructions on how to install Azure CLI:

  1. sudo rpm --import https://packages.microsoft.com/keys/microsoft-2025.asc
  2. sudo dnf install -y https://packages.microsoft.com/config/rhel/10/packages-microsoft-prod.rpm
  3. [Optional] sudo dnf install azure-cli

Package az installs fine and performing dnf upgrade --refresh or flatpack update both work well with no errors.

But Gnome Software will no longer open (or opens and closes shortly after).
Checking the output by running gnome-software --verbose shows that it fails in checking the Microsoft keys, tries 8 times, then crashes:

13:28:16:635 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:16:635 GsDnf5 Creating new session
13:28:17:445 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:17:445 GsDnf5 Creating new session
13:28:17:829 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:17:829 GsDnf5 Creating new session
13:28:18:196 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:18:196 GsDnf5 Creating new session
13:28:18:549 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:18:549 GsDnf5 Creating new session
13:28:18:942 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:18:942 GsDnf5 Creating new session
13:28:19:325 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:19:325 GsDnf5 Creating new session
13:28:19:684 GsDnf5 gs_dnf5_repo_key_import_request_cb: key_id:'F748182B' user_ids:["Microsoft Corporation - General GPG Signer <gpgsign@microsoft.com>"] key_fingerprint:'AA86F75E427A19DD33346403EE4D7792F748182B' key_url:'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Microsoft' timestamp:1700038188
13:28:19:684 GsDnf5 Creating new session
13:28:19:685 GsDnf5 check-key-source: Failed to open new session: Failed to open session: Cannot open new session - maximal number of simultaneously opened sessions achieved.
13:28:19:685 GLib g_variant_is_object_path: assertion 'string != NULL' failed
13:28:19:685 GLib g_variant_new_object_path: assertion 'g_variant_is_object_path (object_path)' failed

Removing the Microsoft key and Repository immediately fixes the issue:
sudo rpmkeys --delete aa86f75e427a19dd33346403ee4d7792f748182b
(or replace with the key_fingerprint shown in the log above or in the output of “rpmkeys --list”)
sudo rm -f /etc/yum.repos.d/microsoft-prod.repo

I searched online and couldn’t find reports on this. If it’s a duplicate or if I’m doing something wrong, please do tell me! :slight_smile:

I’ve also tried reinstalling gnome-software and removing it’s data under .local and .cache directories, also done the pkcon refresh force, didn’t make any difference.

2

These are my guesses about what is happening.

You are adding a RHEL 10 repo to Fedora.
I don’t know if that that is compatible with Fedora.

You may need to run an RHEL 10 compatible OS as a VM to use the microsoft azure tools.

3

There isn’t any compatibility issues and the package installs and works flawlessly.
As far as I know this is the way to install az on Fedora also, and DNF works fine with it.

4

So just an issue with the keys?

5

Yeah, and just from Gnome Software’s point of view it seems!

6

Did you use dnf and it has no problem with the keys?

7

Yep, Dnf works fine with the Microsoft Repo:

# sudo dnf upgrade --refresh
Updating and loading repositories:
 vivaldi                                                                100% |   2.8 KiB/s |   3.0 KiB |  00m01s
 Fedora 44 - x86_64 - Updates                                           100% |   4.5 KiB/s |  18.1 KiB |  00m04s
 RPM Fusion for Fedora 44 - Nonfree - Steam                             100% |   2.4 KiB/s |   8.3 KiB |  00m03s
 RPM Fusion for Fedora 44 - Nonfree - NVIDIA Driver                     100% |   3.0 KiB/s |   8.6 KiB |  00m03s
 Microsoft Production                                                   100% |   2.2 KiB/s |   2.3 KiB |  00m01s
 Hashicorp Stable - x86_64                                              100% |   1.4 KiB/s |   1.5 KiB |  00m01s
 Google Cloud CLI                                                       100% |   1.5 KiB/s |   1.4 KiB |  00m01s
 google-chrome                                                          100% |   1.4 KiB/s |   1.3 KiB |  00m01s
 Fedora 44 openh264 (From Cisco) - x86_64                               100% | 447.0   B/s | 986.0   B |  00m02s
 Fedora 44 - x86_64                                                     100% |  10.9 KiB/s |  18.7 KiB |  00m02s
 Docker CE Stable - x86_64                                              100% |   2.5 KiB/s |   2.0 KiB |  00m01s
 Visual Studio Code                                                     100% |   3.9 KiB/s |   1.5 KiB |  00m00s
Repositories loaded.
Nothing to do.
8

Can you report the bug in gnome software on the Fedora bug tracker so that maintainers get to see the issue?

9

Aright, done! sorry for the typo in the header lol

10

Update: apparently it’s a duplicate of another report and it’s set to be fixed in the next update

And based on that, setting “repo_gpgcheck” to 0 is a temporary solution for now:

  1. sudo vim /etc/yum.repos.d/microsoft-prod.repo
  2. Change the value of repo_gpgcheck from 1 to 0
  3. Save the file.
  4. Running gnome-software --verbose now works flawlessly!
11

It does work fine, but in case you’re interested, azure-cli is also available in the official Fedora repositories. It’s rather difficult to ship updates for in the stable releases, so it’ll be older versions, but it should work as long as you don’t need features from the latest release.

12

Isnt this the bug that Gnome Software hangs when gpg_check is enabled for third party repos?