Unable to update GPG signatures found, but none are in trusted keyring

I’m on Silverblue Rawhide

I get the following error when updating

$ rpm-ostree upgrade
error: Commit 4e93e32036a9d072de666a09554eefbcdf5fcbe2f7bb417840db1d28368cd8e5: GPG signatures found, but none are in trusted keyring

Here is the contents of /etc/ostree/remotes.d/fedora.conf

[remote “fedora”]
url=https://ostree.fedoraproject.org
gpg-verify=true
gpgkeypath=/etc/pki/rpm-gpg/
contenturl=mirrorlist=https://ostree.fedoraproject.org/mirrorlist

I’m having this problem too.

It looks like your install doesn’t have the new rawhide gpg key yet but the rawhide commits are signed with it. You can try downloading the Fedora 32 key into /etc/pki/rpm-gpg/ and then upgrading again.

$ sudo su -
# cd /etc/pki/rpm-gpg/
# curl -L -O https://src.fedoraproject.org/rpms/fedora-repos/raw/master/f/RPM-GPG-KEY-fedora-32-primary
# ls -l RPM-GPG-KEY-fedora-32-primary 
-rw-r--r--. 1 root root 1639 Aug 21 14:44 RPM-GPG-KEY-fedora-32-primary
# md5sum RPM-GPG-KEY-fedora-32-primary 
be0bd57ef52480266dc7c78f54bbe6c3  RPM-GPG-KEY-fedora-32-primary

Thank you for the reply and I have downloaded the Fedora 32 key but I now get the error

error: Failed to download gpg key for repo ‘rawhide’: Curl error (37): Couldn’t read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-32-x86_64 [Couldn’t open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-32-x86_64]

I decided to rebase to fedora silverblue 31. All ok now

Ahh. This new error is from the package layering step. If you notice the files in /etc/pki/rpm-gpg/ you’ll see a few real files and a bunch of symlinks. If you symlink RPM-GPG-KEY-fedora-32-x86_64 to RPM-GPG-KEY-fedora-32-primary then that would most likely fix that problem too.

Yeah, I noticed that the file RPM-GPG-KEY-fedora-32-x86_64 was missing from /etc/pki/rpm-gpg/

Anyway, happy to be on f31 for the moment

Thanks again for you help

For others with this problem, to rebase to Fedora Silverblue 31 just do this command at terminal:

$ sudo rpm-ostree rebase fedora-workstation:fedora/31/x86_64/silverblue

Good that rebase to F31 worked for you, for me I lost wireless connection. Now no way to even get any updates on this system.

Good that rebase to F31 worked for you, for me I lost wireless connection. Now no way to even get any updates on this system.

I got F31 without wireless connection too. To get back, I did
rpm-ostree rollback
This gets you back to working F30 system. Still researching if there is already bug for it.

1 Like

I managed to get LAN cable at my home and able to get network connection but there are no updates pushed later on to F31 tree.

Yes rollback can help here. I saw some update mentioning some wireless issue but I think that update is already available in initial F31 ostree installed on our systems. I use Lenovo T480s laptop. Can be 5.3.0 kernel issue.

I’ve tried F31 in Silverblue here too, and the wireless is still broken on an X230 (Intel Centrino Advanced-N 6205 rev 04), T460s (Intel 8260 rev 3a), and even a wifi USB stick (Edimax EW-7811Un / Realtek RTL8188CUS).

As the iwd package is installed on F31 alpha but not F30, I guess the issue is with Fedora switching to iwd from wpa_supplicant.

(The problem doesn’t seem to be with https://bugzilla.redhat.com/show_bug.cgi?id=1733369 as the linux-firmware mismatch with the kernel breaking Intel wireless, as the linux-firmware package is up to date with the fix in the issue and F31 has problems with the Realtek USB stick too. I did completely power down and power back up as well, BTW.)

The only bug I see on rhbz related to iwd (besides one about updating versions) is https://bugzilla.redhat.com/show_bug.cgi?id=1743585

Meanwhile, in addition to wireless problems, seems to be toolbox completely broken on F31. It cannot download containers. (I have an ethernet cable plugged in to get network access… so it’s not that.)

Update: Doing an rpm-ostree install wpa_supplicant on Rawhide fixed wireless. It will probably work on F31 as well.

Toolbox still isn’t working here. With a -v for verbose, I see there’s a TLS error. It’s on another machine, so I can’t paste it here.

It’s time for dinner here, so I hope someone can pick up where I’ve left off. I guess we need to file a bug about this if iwd is indeed intended to be used instead of wpa_supplicant (I’m not sure). Otherwise the bug I linked in the previous comment should be marked as a showstopper for a F31 release.

This is https://bugzilla.redhat.com/show_bug.cgi?id=1737471. You can work around by setting GODEBUG=tls13=0. After you’ve pulled the image you may then hit https://bugzilla.redhat.com/show_bug.cgi?id=1746364