I get a trusted keyring error trying to upgrade from f28 to f29:
$ rpm-ostree rebase fedora/29/x86_64/silverblue error: Commit fb3618dd8dd5f3e40ccca7d3c5464e05c12afdcb2636401a54a4a69552074606: GPG signatures found, but none are in trusted keyring
$ sudo ostree remote gpg-import fedora-workstation -k /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary Imported 0 GPG keys to remote "fedora-workstation"
miabbott suggested trying to remove and re-add...
$ sudo ostree remote delete fedora-workstation $ sudo ostree remote add fedora-workstation https://dl.fedoraproject.org/atomic/repo/ $ sudo ostree remote gpg-import fedora-workstation -k /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary Imported 1 GPG key to remote "fedora-workstation" $ rpm-ostree rebase fedora/29/x86_64/silverblue error: Commit fb3618dd8dd5f3e40ccca7d3c5464e05c12afdcb2636401a54a4a69552074606: GPG signatures found, but none are in trusted keyring $ sudo rpm-ostree rebase fedora/29/x86_64/silverblue error: Commit fb3618dd8dd5f3e40ccca7d3c5464e05c12afdcb2636401a54a4a69552074606: GPG signatures found, but none are in trusted keyring
f28 still updates. After the first time I tried, I moved the hard drive to a new laptop for unrelated reasons.
I wasn't able to reproduce this on a test VM, so I'm at a loss for what's happening here.
I even suggested @mdhill remove the GPG key + remote, then re-add everything. (i.e rm /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary and curl -L -o /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary https://getfedora.org/static/429476B4.txt) But that didn't help either.
rm /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary
curl -L -o /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-29-primary https://getfedora.org/static/429476B4.txt
Is it possible the trusted keyring as a whole is corrupt?
@mdhill can you run rpm-ostree status and paste the output here?
rpm-ostree status
and also the contents of the files in your /etc/ostree/remotes.d directory?
/etc/ostree/remotes.d
Somehow I sense something is missing.
$ rpm-ostree status State: idle AutomaticUpdates: disabled Deployments: ● ostree://atomic:fedora/28/x86_64/workstation Version: 28.20181027.0 (2018-10-27 16:02:21) BaseCommit: 1692d98fe75635c855f619ecb5a6915b31d58cdc98de056714e346a17d0dbd23 GPGSignature: Valid signature by 128CF232A9371991C8A65695E08E7E629DB62FB1 LayeredPackages: flatpak-builder freecad
ostree://atomic:fedora/28/x86_64/workstation Version: 28.20181023.0 (2018-10-23 20:51:48) BaseCommit: 18195ddcd86a34da2a0871ca2d5cb95daa5345fcc302d9cf1b3138effa488880 GPGSignature: Valid signature by 128CF232A9371991C8A65695E08E7E629DB62FB1 LayeredPackages: flatpak-builder freecad
atomic.conf: [remote "atomic"] url=https://kojipkgs.fedoraproject.org/atomic/repo gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-28-primary
fedora-workstation.conf: [remote "fedora-workstation"] url=https://dl.fedoraproject.org/atomic/repo/
fedora-ws-27.conf: [remote "fedora-ws-27"] url=https://dl.fedoraproject.org/ostree/27/ gpgkeypath=/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-27-primary
fedora-ws-rawhide.conf: [remote "fedora-ws-rawhide"] url=https://kojipkgs.fedoraproject.org/compose/ostree/rawhide/ gpg-verify=false
so if you edit the /etc/ostree/remotes.d/atomic.conf file and replace 28 with 29 in the gpgkeypath filename then rpm-ostree rebase fedora/29/x86_64/silverblue should work just fine.
/etc/ostree/remotes.d/atomic.conf
28
29
rpm-ostree rebase fedora/29/x86_64/silverblue
Thanks Dusty, Micah. It's working.
There were multiple remotes (atomic and fedora-workstation). This was mostly a case applying the gpg import to the wrong remote so it wasn't working properly.
atomic
fedora-workstation
Going to close this one out.
Metadata Update from @dustymabe: - Issue status updated to: Closed (was: Open)
There were multiple remotes (atomic and fedora-workstation). This was mostly a case applying the gpg import to the wrong remote so it wasn't working properly. Going to close this one out.
ohhhhh...I didn't even think to check that. You da man @dustymabe !
Login to comment on this ticket.