Upgrade blocked: signature and key expiry

I have been trying to upgrade fedora on a Lenovo ThinkPad L380
from Fedora Linux 39 (Workstation Edition) to the latest (Fedora Linux 41).

I am a newbie and only have a basic knowledge of linux, and would like to progress the upgrade. Please excuse my ignorance on how to fix this.

Multiple upgrade block problems reported below to do with keys and signatures expiring. Any advice as to a work-around would be gratefully received.

package fedy-5.0.56-1.fc41.noarch cannot be verified and repo copr:copr.fedorainfracloud.org:kwizart:fedy is GPG enabled: /var/cache/PackageKit/41/metadata/copr:copr.fedorainfracloud.org:kwizart:fedy-41-x86_64/packages/fedy-5.0.56-1.fc41.noarch.rpm could not be verified.
/var/cache/PackageKit/41/metadata/copr:copr.fedorainfracloud.org:kwizart:fedy-41-x86_64/packages/fedy-5.0.56-1.fc41.noarch.rpm: Verifying a signature using certificate C4805F795A3024A71AD1D39CC27EFD7A2DA862E5 (kwizart_fedy (None) kwizart#fedy@copr.fedorahosted.org):

1. Certificate C27EFD7A2DA862E5 invalid: certificate is not alive
   because: The primary key is not live
   because: Expired on 2024-09-01T15:42:50Z
2. Key C27EFD7A2DA862E5 invalid: key is not alive
   because: The primary key is not live
   because: Expired on 2024-09-01T15:42:50Z: Verifying a signature using certificate C4805F795A3024A71AD1D39CC27EFD7A2DA862E5 (kwizart_fedy (None) kwizart#fedy@copr.fedorahosted.org):
3. Certificate C27EFD7A2DA862E5 invalid: certificate is not alive
   because: The primary key is not live
   because: Expired on 2024-09-01T15:42:50Z
4. Key C27EFD7A2DA862E5 invalid: key is not alive
   because: The primary key is not live
   because: Expired on 2024-09-01T15:42:50Z: digest: SIGNATURE: NOT OK

You will need to remove the expired keys so that you can them get the latest key and do the upgrade.

To list the keys use:

rpmkeys --list

Then to delete an expired key use a command like:

sudo rpmkeys --delete <KEY-HASH>

The KEY-HASH is the shown at the start of the rpmkeys --list output.
You only need to delete the key for the copr repo.

As an aside I notice that the certificates expired last September.
That appears to mean you have not updated your system for may months.
It general a good idea to update periodically so you pick up bug fixes and security fixes. I update once a week, but less often works as well.

Thank you Barry. Unfortunately I get the following whey trying rpmkeys --list:
[christiantaylor@device-51 ~]$ rpmkeys --list
rpmkeys: --list: unknown option

Oh right that is a newer addition to rpmkeys…

Here is my notes for older Fedora:

# List installed keys
rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n" gpg-pubkey | sort -k 2

# Remove installed key
sudo rpm -e gpg-pubkey-XXXXXXXX-XXXXXXXX

That worked - I managed to delete the kwizart_fedy key - thank you.

Hi Barry, thank you for your help earlier. It enabled me to get around the keys issue and complete the upgrade. However - new problem has emerged. The computer will not boot due to issues around failures with security check and cups. See image posted below. Any advice?

IMG_0472480×640 110 KB

You should start a new topic for a new problem. When posting text you should avoid using images as the text won’t be found by web searches. Do you need CUPS? Many printers support AirPrint, which (until Apple chages AirPrint) means they work with Linux IPP driverless printing.

Hi George, thanks for that - yes I have a canon printer that I think works through cups. My computer is a Lenovo think pad

I have a Canon MG7500 printer. It works with Gnome Print. Canon says it supports AirPrint.

OK - that sounds good. Is there a way to get around the FAILED to start messages?

I have started a new topic of the new problem. Thanks for the advice. Much appreciated.