[Rpm-maint] [rpm-software-management/rpm] invalid OpenPGP signature with Sequoia for existing RPM (Issue #2351)

[Arkadiusz Miśkiewicz]

arekm left a comment (rpm-software-management/rpm#2351)

> but does not help users with these formerly acceptable packages **already installed**. 

I have packages, built and signed by (earlier) rpm software, installed and these packages no longer exist as *.rpm files. New rpm complains about pgp signatures and ignores these installed packages.

Saying "it's not a bug in rpm" doesn't help as it was a bug in earlier rpm (right?) and new rpm+sequoia doesn't accept what old rpm produced.  In kernel terms that would be similar to "breaking userspace".

rpm -e uninstalls things, so that's not a option.

Is there a way to remove signatures from local rpm db for such packages, so rpm will treat these as unsigned? (and hopefully won't complain, just these packages won't be verifiable - not sure if that would work this way though).

Or re-sign packages in local rpm db with own key?

Some better solution should exist than "try to find packages and reinstall, we wish you luck".

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2351#issuecomment-2668855608
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2351/2668855608 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20250219/d9307245/attachment.htm>