Unable to update with dnf because of a GPG check FAILED

Question

Since last week I can´t update anything. If I try sudo dnf update, the process starts normally but then I get the following error:

error: Verifying a signature using certificate D8BAD4DE7EE17AF52A834B2D0BB75829C2D4E821 (Brave Software <support@brave.com>):
  Key A8580BDC82D3DC6C invalid: key is not alive
      because: The subkey is not live
      because: Expired on 2023-05-06T16:53:34Z

This is repeated several times and I get the following final error:

Check that the correct key URLs are configured for this repository.. Failing package is: brave-browser-1.51.118-1.x86_64
 GPG Keys are configured as: 
Public key for brave-keyring-1.11-1.noarch.rpm is not trusted. Failing package is: brave-keyring-1.11-1.noarch
 GPG Keys are configured as: 
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED

Nothing else is updated. I even tried to remove the cached files as suggested, but nothing gets removed.

Any ideas what might be causing this and how to fix it?

I'm running Fedora 38.

Destroy666 · Answer 1 · 2023-05-22T11:47:26.937

It's a recent issue of Brave Browser and its expired key.

You can try completely uninstalling the package and removing the old key file:

find key ID with rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
remove with sudo rpm -e gpg-pubkey-[keyId].

Then reinstall with the new key:

sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc

sudo dnf install brave-browser

score 0 · Answer 2 · answered Jul 31 '23 at 03:40

0

You can re-import fedora gpg key:

curl https://fedoraproject.org/fedora.gpg | sudo gpg --import

answered Jul 31 '23 at 03:40

btpka3

101

Unable to update with dnf because of a GPG check FAILED

2 Answers2