Rejected third-party repository keys

Our Neighbors CentOS
1

I’m on CentOS Stream 10 – I’m experiencing the error described here where trying to add the repository for VSCode, for example, fails with:

error: Certificate EB3E94ADBE1229CF:
  Policy rejects EB3E94ADBE1229CF: No binding signature at time 2025-02-17T09:53:19Z
error: https://packages.microsoft.com/keys/microsoft.asc: key 1 import failed.

The linked post, if I’m reading correctly, says the issue should have been fixed with a system update back in Fedora 38.

Does anyone have any pointers on fixing this?

Thanks

2

Are you not on CentOS? If yes, deactivate the repository of that microsoft app, and do a full upgrade to see if you get the issue corrected. It should get you at least rust-rpm-sequoia-1.3.0-1 ( FEDORA-2023-bd9a4614ad — bugfix update for crypto-policies, rust-rpm-sequoia, & 1 more — Fedora Updates System )

Reading the issue says it is caused of weak security algorithm.

Cause

This is caused by certain third-party RPM packages using weak security algorithms (e.g. SHA-1, DSA etc). RPM in Fedora 38 honors cryptographic policies configured in Fedora and refuses to process such packages. Kevin Fenzi provided a short explanation here.

3

I’m on CentOS Stream 10! I haven’t added/enabled the repo yet since I can’t get past adding the key. My version of ‘rpm-sequoia’ is 1.6.0-6.

Should I just be taking this up with Microsoft? I don’t have this issue inside a podman container running Fedora

4

I see, then it looks like that it is not in CentOS alias EPEL yet. What Repository exactly are you trying to use, getting the error above? Ah ok VSCode

You might also have to check testing:

1 Like
5

Thanks I’ll look more into EPEL and the post you linked, I’m new to CentOS as of yesterday. Still excited though!

6

Try this way:

sudo update-crypto-policies --set LEGACY

Chapter 3. Using system-wide cryptographic policies | Red Hat Product Documentation

1 Like