[MDEV-37405] GPG key is too weak for at least Centos 10, AlmaLinux10 and RockyLinux 10 - Jira

XML

Word

Printable

Bug Category:
Related to install and upgrade
Release Note Summary:
The PGP key for RHEL 10 clones/equivalents was considered insure. The old no-longer used weak PGP signing key out of the key bundle allowing correct validation of downloaded packages.

The GPG key use dsa1024 and it seems that it is not accepted by Centos10, AlmaLinux 10 and RockyLinux 10.

Here is how to reproduce it with podman:

for os in centos almalinux rockylinux; do

  podman run -it $os:10 bash -c "cat <<EOF > /etc/yum.repos.d/mariadb.repo

[mariadb]

name = MariaDB

baseurl = https://rpm.mariadb.org/11.4/rhel/10/x86_64/

gpgkey = https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck = 1

EOF

dnf install -y MariaDB-server MariaDB-client"

done

Error is:

Importing GPG key 0x1BB943DB:

 Userid     : ""

 Fingerprint: 1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB

 From       : https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

error: Certificate CBCB082A1BB943DB:

  Policy rejects CBCB082A1BB943DB: No binding signature at time 2025-08-07T14:01:56Z

Key import failed (code 2). Failing package is: MariaDB-client-11.4.8-1.el10.x86_64

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for MariaDB-client-compat-11.4.8-1.el10.noarch.rpm is not installed. Failing package is: MariaDB-client-compat-11.4.8-1.el10.noarch

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for MariaDB-common-11.4.8-1.el10.x86_64.rpm is not installed. Failing package is: MariaDB-common-11.4.8-1.el10.x86_64

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for MariaDB-server-11.4.8-1.el10.x86_64.rpm is not installed. Failing package is: MariaDB-server-11.4.8-1.el10.x86_64

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for MariaDB-server-compat-11.4.8-1.el10.noarch.rpm is not installed. Failing package is: MariaDB-server-compat-11.4.8-1.el10.noarch

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for MariaDB-shared-11.4.8-1.el10.x86_64.rpm is not installed. Failing package is: MariaDB-shared-11.4.8-1.el10.x86_64

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

Public key for galera-4-26.4.23-1.el10.x86_64.rpm is not installed. Failing package is: galera-4-26.4.23-1.el10.x86_64

 GPG Keys are configured as: https://rpm.mariadb.org/RPM-GPG-KEY-MariaDB

The downloaded packages were saved in cache until the next successful transaction.

You can remove cached packages by executing 'dnf clean packages'.

Error: GPG check FAILED

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.