Sudo dnf can not install the down-loaded updates due to

This is the read out at the end of the down-load;

Transaction failed: Signature verification failed.
OpenPGP check for package “fedy-5.0.51-1.fc41.noarch” (/var/cache/libdnf5/copr:copr.fedorainfracloud.org:kwizart:fedy-8f2fd395ea3c7964/packages/fedy-5.0.51-1.fc41.noarch.rpm) from repo “copr:copr.fedorainfracloud.org:kwizart:fedy” has failed: Problem occurred when opening the package.
xxxxx@asus-fedora:~$

If I am seeing this correctly…
There are ca. 187 packages that are not updated due to this situation… or is it just this one package that is not being updated ? Because if I close the window and do a new dnf upgrade, all these packages are coming up again, as not installed.

fedy is not a Fedora package it seems its from copr.

Try your update disabling the copr repo. I think like this

sudo dnf update --disablerepo=*kwizart*

You might need to remove and re-add that copr repo to get an updated key, but I’d just guessing.

Hi Barry, the Konsole ran and installed all the other packages without the copr “kwizart” when I used your suggestion ( sudo dnf update --disablerepo=kwizart ).

Thanks for the tip. Question, is it necessary to install “kwizart” and if so, how can I get the necessary key as well, so that it functions as intended ?

Thanks

Find the page for the copr repo from here: https://copr.fedorainfracloud.org/coprs/fulltext/?fulltext=kwizart

Then follow the install instructions that appear on the right hand side.
But remove the exist repo first.

Edit: Suggest you make a note of how you fixed this for next time something lke this happens.

It is important for us all to remember that packages installed from 3rd party locations, whether copr or otherwise, may interfere with updates and that disabling those repos and/or removing the related packages when an update fails will often solve the issue.

Thank you for the Tip.

In other words, Fedora can and will function without it, or… how can it be cleanly and correctly installed, (please give exact instructions)? Thanks !

Regards

Sent fr will funom Proton Mail Android

I recall the copr keys getting out-of-date.

You could try running the clean-rpm-gpg-pubkey command that will remove keys that are out-of-date. Then when you do another update you should be offered the latest copr repo key.

Hi Barry,

I got a notice for new updates, when I tried to down load them, I got a message that something went wrong.
Here is the printout from the error:
package fedy-5.0.51-1.fc41.noarch cannot be verified and repo copr:copr.fedorainfracloud.org:kwizart:fedy is GPG enabled: /var/cache/PackageKit/41/metadata/copr:copr.fedorainfracloud.org:kwizart:fedy-41-x86_64/packages/fedy-5.0.51-1.fc41.noarch.rpm could not be verified.
/var/cache/PackageKit/41/metadata/copr:copr.fedorainfracloud.org:kwizart:fedy-41-x86_64/packages/fedy-5.0.51-1.fc41.noarch.rpm: Verifying a signature using certificate C4805F795A3024A71AD1D39CC27EFD7A2DA862E5 (kwizart_fedy (None) kwizart#fedy@copr.fedorahosted.org):

  1. Certificate C27EFD7A2DA862E5 invalid: certificate is not alive
    because: The primary key is not live
    because: Expired on 2024-09-01T15:42:50Z
  2. Key C27EFD7A2DA862E5 invalid: key is not alive
    because: The primary key is not live
    because: Expired on 2024-09-01T15:42:50Z: Verifying a signature using certificate C4805F795A3024A71AD1D39CC27EFD7A2DA862E5 (kwizart_fedy (None) kwizart#fedy@copr.fedorahosted.org):
  3. Certificate C27EFD7A2DA862E5 invalid: certificate is not alive
    because: The primary key is not live
    because: Expired on 2024-09-01T15:42:50Z
  4. Key C27EFD7A2DA862E5 invalid: key is not alive
    because: The primary key is not live
    because: Expired on 2024-09-01T15:42:50Z: digest: SIGNATURE: NOT OK

I also did as you suggested pertaining to removing the old keys…( clean-rpm-gpg-pubkey )
This was the result of that command:

$ sudo clean-rpm-gpg-pubkey
Removing Proton Technologies AG opensource@proton.me public key
Removing Brave Linux Pre Release (Brave Linux Pre Release) <brave-linux-pre-release@brave.co

public key
Total affected keys: 2

Then I ran;
sudo dnf update
Updating and loading repositories:
Fedora 41 - x86_64 - Updates 100% | 8.4 KiB/s | 9.0 KiB | 00m01s
Fedora 41 - x86_64 - Updates 100% | 219.1 KiB/s | 1.7 MiB | 00m08s
Repositories loaded.
Package Arch Version Repository Size
Upgrading:
composefs x86_64 1.0.8-1.fc41 updates 176.3 KiB
replacing composefs x86_64 1.0.6-1.fc41 202.9 KiB
composefs-libs x86_64 1.0.8-1.fc41 updates 140.1 KiB
replacing composefs-libs x86_64 1.0.6-1.fc41 166.3 KiB
fedy noarch 5.0.51-1.fc41 copr:copr.fedorainfracloud.org:kwizart:fedy 508.1 KiB
replacing fedy noarch 5.0.49-1.fc41 508.0 KiB
libedit i686 3.1-54.20250104cvs.fc41 updates 238.5 KiB
replacing libedit i686 3.1-53.20240808cvs.fc41 243.4 KiB
libedit x86_64 3.1-54.20250104cvs.fc41 updates 239.3 KiB
replacing libedit x86_64 3.1-53.20240808cvs.fc41 244.1 KiB
python3-boto3 noarch 1.35.92-1.fc41 updates 2.1 MiB
replacing python3-boto3 noarch 1.35.91-1.fc41 updates 2.1 MiB
python3-botocore noarch 1.35.92-1.fc41 updates 99.5 MiB
replacing python3-botocore noarch 1.35.91-1.fc41 updates 99.5 MiB

Transaction Summary:
Upgrading: 7 packages
Replacing: 7 package

Total size of inbound packages is 9 MiB. Need to download 9 MiB.
Is this ok [y/N]: y
[1/7] fedy-0:5.0.51-1.fc41.noarch 100% | 211.0 KiB/s | 322.2 KiB | 00m02s
[2/7] composefs-0:1.0.8-1.fc41.x86_64 100% | 25.7 KiB/s | 59.7 KiB | 00m02s
[3/7] libedit-0:3.1-54.20250104cvs.fc41.x86_64 100% | 81.2 KiB/s | 100.7 KiB | 00m01s
[4/7] composefs-libs-0:1.0.8-1.fc41.x86_64 100% | 17.8 KiB/s | 53.6 KiB | 00m03s
[5/7] libedit-0:3.1-54.20250104cvs.fc41.i686 100% | 123.4 KiB/s | 104.8 KiB | 00m01s
[6/7] python3-boto3-0:1.35.92-1.fc41.noarch 100% | 434.3 KiB/s | 412.2 KiB | 00m01s
[7/7] python3-botocore-0:1.35.92-1.fc41.noarch 100% | 3.0 MiB/s | 7.7 MiB | 00m03s

I’m not clear on your state.

Is it working now?

If not working now then what is the output of rpmkeys --list?

Hi Barry,
I think it is working okay, and I believe that " kwizart_fedy " is removed…
Although when I gave in the command; sudo rpmkeys --list I got the following printout:

d651ff2e-5dadbbc1: RPM Fusion free repository for Fedora (2020) <rpmfusion-buildsys@lists.rp
mfusion.org> public key
94843c65-5dadbc64: RPM Fusion nonfree repository for Fedora (2020) <rpmfusion-buildsys@lists
.rpmfusion.org> public key
2da862e5-5d6e89fa: kwizart_fedy (None) kwizart#fedy@copr.fedorahosted.org public key
0c1289c0-58c6ad7d: TeamViewer GmbH (TeamViewer Linux 2017) support@teamviewer.com public k
ey
7fac5991-45f06f46: Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.c

public key
d38b4796-570c8cd3: Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@
google.com> public key
e99d6ad1-64d2612c: Fedora (41) fedora-41-primary@fedoraproject.org public key

1 Like

I had the same issue, running the command below fixed it

sudo dnf copr remove kwizart/fedy

hi nocnoc,
thank you for your interest and reply.

my system is okay now…

best regards.

Removing COPR repository from OS does not solve the issue — you lose updates for apps installed through that repo.

The issue is probably this – Prolonged GPG keys are not updated on the system · Issue #2894 · fedora-copr/copr · GitHub

Please take a look at this comment for solution: Prolonged GPG keys are not updated on the system · Issue #2894 · fedora-copr/copr · GitHub

Here is another way to work around the problem: Refresh PGP keys, e.g. when prolonging an expiration time · Issue #1192 · rpm-software-management/dnf5 · GitHub

Hi Thomasz, Thank you for your reply, I looked at your suggestions as listed below. Honestly speaking, that is all a bit too complicated for my level of knowledge.

What I would need is simple but clear instructions as to how to deal with this problem.

First of all are you saying that “ALL” the keys need to be installed, regardless of repo ? Or are some not necessary for Fedora to operate normally?

If you say they are all necessary, then How can I check which ones are missing, and how do I install them “correctly” with out conflicts ?

I hope you can appreciate my situation and perhaps offer some SIMPLE but EXACT instructions.

Best Regards,

Magic

First of all, since you removed your COPR repo it may be good idea to enable it again if you want to continue using the software from it: sudo dnf copr enable kwizart/fedy.

Then, to actually solve your issue (some dnf command failed) choose one solution from these two.

Solution 1:

Add the --enableplugin=expired-pgp-keys parameter to the failed dnf command. So for example sudo dnf upgrade --enableplugin=expired-pgp-keys.

This works only for dnf4, no dnf5. You may need to replace dnf with dnf4, so sudo dnf4 upgrade --enableplugin=expired-pgp-keys.

Solution 2:

Remove “broken” GPG key.

First find name of “broken” key by using:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep YOUR_COPR_REPO_HERE

You need to replace “YOUR_COPR_REPO_HERE” with something like “fedy”.

You should read the output and find the key which looks like “gpg-pubkey-XXXXXX-XXXXXX”. Then you need you need to run:

sudo rpm -e gpg-pubkey-XXXXXX-XXXXXX

Then, try to use your dnf command again and it should work fine.

Hi Thmasz, I have copy / pasted the results of the “Konsole” following your instructions for Solution number 1 below.

$ sudo dnf upgrade --enableplugin=expired-pgp-keys
No matches were found for the following plugin name patterns while enabling libdnf plugin
s: expired-pgp-keys
Updating and loading repositories:
Repositories loaded.
Nothing to do.
frank@asus-fedora:~$ sudo dnf4 upgrade --enableplugin=expired-pgp-keys
Last metadata expiration check: 0:01:06 ago on Mo 13 Jan 2025 00:10:13.
Dependencies resolved.
Nothing to do.
Complete!
frank@asus-fedora:~$ sudo dnf copr enable kwizart/fedy
https://copr.fedorainfracloud.org/api_3/rpmrepo 100% | 509.0 B/s | 816.0 B | 00m02s
Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary.

The Fedora Project does not exercise any power over the contents of
this repository beyond the rules outlined in the Copr FAQ at
https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr,
and packages are not held to any quality or security level.

Please do not file bug reports about these packages in Fedora
Bugzilla. In case of problems, contact the owner of this repository.
Is this ok [y/N]: y
frank@asus-fedora:~$ sudo dnf4 upgrade --enableplugin=expired-pgp-keys
Copr repo for fedy owned by kwizart 610 B/s | 1.2 kB 00:01
Dependencies resolved.
Nothing to do.
Complete!
frank@asus-fedora:~$ sudo dnf upgrade
Updating and loading repositories:
Copr repo for fedy owned by kwizart 100% | 1.4 KiB/s | 1.5 KiB | 00m01s
Repositories loaded.
Nothing to do.

I hope this is the result that should have come from this transaction.

If you think any / something else needs to be done, please let me know.

Thank you for your replay and clear instructions on hopefully resolving this problem.

I like Fedora, even though I am not technically skilful in applying software applications / changes.

You patience and support is great-fully appreciated.

Best regards,

Magic

HI Thomasz, sorry I left out the “o” in your name on the last email reply.

Sorry,

Magic