[SOLVED] darktable 4.6.0 will not install from Fedora repo

Dave_G · December 23, 2023, 11:15pm

I’m running Fedora 39 and just installed the graphics:darktable RPM repo from the install page. Here’s the graphics:darktable.repo file:

[graphics_darktable]
name=Darktable (Fedora_39)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key
enabled=1

When I try to install it using dnf upgrade darktable, it fails with the following error about an expired key:

error: Verifying a signature using certificate 3247B7519EDBEAB422E900A3040524A84C70D8B5 (graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>):
  1. Certificiate 040524A84C70D8B5 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
  2. Key 040524A84C70D8B5 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
error: Verifying a signature using certificate 3247B7519EDBEAB422E900A3040524A84C70D8B5 (graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>):
  1. Certificiate 040524A84C70D8B5 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
  2. Key 040524A84C70D8B5 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
Darktable (Fedora_39)                                                       2.5 kB/s | 1.1 kB     00:00    
GPG key at https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key (0x4C70D8B5) is already installed
The GPG keys listed for the "Darktable (Fedora_39)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: darktable-4.6.0-72.1.x86_64
 GPG Keys are configured as: https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key

As a workaround, I tried using the flatpak version, which installed, but was apparently not compiled to use my GPU, because it was painfully slow generating thumbnails.

Suggestions?

darix · December 24, 2023, 12:02am

could it be you have an old version of the key cached. this works here in a container.

cat t.repo 
[graphics_darktable]
name=Darktable (Fedora_39)
type=rpm-md
baseurl=https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/
gpgcheck=1
gpgkey=https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key
enabled=1
[root@bd54b39802d3 yum.repos.d]# dnf update
Fedora 39 - x86_64                                                                                                               11 MB/s |  89 MB     00:08    
Fedora 39 openh264 (From Cisco) - x86_64                                                                                        2.1 kB/s | 2.5 kB     00:01    
Fedora 39 - x86_64 - Updates                                                                                                     28 MB/s |  26 MB     00:00    
Darktable (Fedora_39)                                                                                                           468 kB/s |  76 kB     00:00

dnf install darktable
Last metadata expiration check: 0:10:11 ago on Sat Dec 23 23:50:57 2023.
Dependencies resolved.
================================================================================================================================================================
 Package                                               Architecture         Version                                      Repository                        Size
================================================================================================================================================================
Installing:
 darktable                                             x86_64               4.6.0-72.1                                   graphics_darktable               6.2 M

Dave_G · December 24, 2023, 12:16am

Thanks, that makes sense, but how would I clear out an old version of the key? dnf clean all didn’t do it. I still get the same result, and I have the same graphics:darktable.repo file. Here’s the complete output:

# dnf install darktable
Last metadata expiration check: 0:01:49 ago on Sat 23 Dec 2023 07:12:13 PM EST.
Dependencies resolved.
============================================================================================================
 Package                Architecture        Version                   Repository                       Size
============================================================================================================
Installing:
 darktable              x86_64              4.6.0-72.1                graphics_darktable              6.2 M

Transaction Summary
============================================================================================================
Install  1 Package

Total size: 6.2 M
Installed size: 29 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] darktable-4.6.0-72.1.x86_64.rpm: Already downloaded                                              
error: Verifying a signature using certificate 3247B7519EDBEAB422E900A3040524A84C70D8B5 (graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>):
  1. Certificiate 040524A84C70D8B5 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
  2. Key 040524A84C70D8B5 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
error: Verifying a signature using certificate 3247B7519EDBEAB422E900A3040524A84C70D8B5 (graphics:darktable OBS Project <graphics:darktable@build.opensuse.org>):
  1. Certificiate 040524A84C70D8B5 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
  2. Key 040524A84C70D8B5 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-05-16T15:21:19Z
Darktable (Fedora_39)                                                       3.1 kB/s | 1.1 kB     00:00    
GPG key at https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key (0x4C70D8B5) is already installed
The GPG keys listed for the "Darktable (Fedora_39)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: darktable-4.6.0-72.1.x86_64
 GPG Keys are configured as: https://download.opensuse.org/repositories/graphics:/darktable/Fedora_39/repodata/repomd.xml.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

darix · December 24, 2023, 12:18am

you can try to download the key file again and import it again. maybe that overwrites it.

Dave_G · December 24, 2023, 12:33am

Thanks, that did it. I had no idea where the old expired keys were located, but with a quick search I was able to identify and remove them with:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
rpm -e gpg-pubkey-4c70d8b5-5e63bbef
rpm -e gpg-pubkey-d59097ab-52d46e88

Posting the details here in case others are faced with the same issue.

darix · December 24, 2023, 1:22am

JFYI: --qf "%{nvr}\t%{summary}\n"

is a shortcut