Trying to install signal-desktop on Fedora 42, signature veritifcation is failing

Hi. I’m trying to install signal-desktop on Fedora 42 using the instructions from here:

It’s failing with this error:

$ sudo dnf install signal-desktop
...
[15/15] Total                                                                                                                                                         100% |   0.0   B/s |   0.0   B |  00m00s
Transaction failed: Signature verification failed.
Public key "https://download.opensuse.org/repositories/network:/im:/signal/Fedora_42/repodata/repomd.xml.key" is already present, not importing.
OpenPGP check for package "libsignal-0.72.1-1.1.x86_64" (/var/cache/libdnf5/network_im_signal-ee3cd49d659d2827/packages/libsignal-0.72.1-1.1.x86_64.rpm) from repo "network_im_signal" has failed: Public key is not installed.

How can I install the required public key so I can complete installation?

Many thanks.

This is not a Fedora package; you should report this as a bug to the package author.

That being said, I found that using the (unofficial) Flatpak is an easier way to install and use Signal on Fedora - Install Signal Desktop on Linux | Flathub

Thanks @ngitoh , I have reported the bug:

I also found that signal-desktop can still be install from the “OpenSUSE Build Service” using:

sudo dnf --nogpgcheck install signal-desktop

Just for completeness:

At the top of those Instructions is a link to the network:im:signal project,
where you can find a tab labelled “Signing Keys”, which includes a download link for
the public key that you can import to gpg, in order for verification to complete.

Thanks @lozenge . I installed the public key:

[scott:desktop] ~ $ gpg --list-keys
[keyboxd]
---------
pub   rsa4096 2025-06-17 [SC] [expires: 2027-08-26]
      426AA6B0285C2096B70D9FC2528423A469A77D9A
uid           [ unknown] network OBS Project <network@build.opensuse.org>

[scott:desktop] ~ $ sudo rpm -qi gpg-pubkey | grep -iA12 77d9a
Version     : 69a77d9a
Release     : 68512177
Architecture: (none)
Install Date: Fri 27 Jun 2025 10:15:10 BST
Group       : Public Keys
Size        : 0
License     : pubkey
Signature   : (none)
Source RPM  : (none)
Build Date  : Tue 17 Jun 2025 09:04:07 BST
Build Host  : localhost
Packager    : network OBS Project <network@build.opensuse.org>
Summary     : network OBS Project <network@build.opensuse.org> public key

But the same error occurs.

There are at least 2 packages signed with an expired GPG key:

> rpm -q --qf="%{RSAHEADER:pgpsig}\n" signal-sqlcipher libsignal
RSA/SHA256, Thu 29 May 2025 03:16:10 PM MSK, Key ID 62eb1a0917280ddf
RSA/SHA256, Thu 29 May 2025 03:41:30 PM MSK, Key ID 62eb1a0917280ddf

> gpg --recv-keys 62eb1a0917280ddf
gpg: key 62EB1A0917280DDF: "network OBS Project <network@build.opensuse.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

> gpg --list-keys 62eb1a0917280ddf
pub   rsa2048 2013-09-24 [SC] [expired: 2024-08-02]
      0080689BE757A876CB7DC26962EB1A0917280DDF
uid           [ expired] network OBS Project <network@build.opensuse.org>

Contact the owners of the repo to report the issue:
Show network:im:signal / signal-desktop - openSUSE Build Service

Thanks! I contacted the package maintainers and filed a bug report, they fixed it, it works now (and I learnt a little about verifying signed packages)