Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-111491

Red Hat packages cannot be installed with dnf multisig plugin

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • rhel-9.7
    • rhel-9.7
    • crypto-policies
    • None
    • crypto-policies-20250905-1.git377cc42.el9_7
    • No
    • Important
    • 1
    • rhel-security-crypto-spades
    • 30
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25September
    • Approved Exception
    • Hide

      (on the crypto-policies side) SHA-1 is enabled for rpm-sequoia backend in all the policies we ship
      (on the wider integration side) installing python3-dnf-plugin-multisig does not preclude customers from installing official RHEL content signed with the current RHEL-9 keys

      Show
      (on the crypto-policies side) SHA-1 is enabled for rpm-sequoia backend in all the policies we ship (on the wider integration side) installing python3-dnf-plugin-multisig does not preclude customers from installing official RHEL content signed with the current RHEL-9 keys
    • Pass
    • New Test Coverage
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      When I install the new dnf multisig plugin on RHEL-9.7.0-20250826.5, packages cannot be installed any more:

      [root@rhel-9-7-0-20250826-5 ~]# rpm -q rpm pqrpm dnf dnf-plugins-core
      rpm-4.16.1.3-39.el9.x86_64
      pqrpm-4.19.1.1-4.el9.x86_64
      dnf-4.14.0-31.el9.noarch
      dnf-plugins-core-4.3.0-22.el9.noarch
      
      [root@rhel-9-7-0-20250826-5 ~]# dnf install -y wget
      Last metadata expiration check: 0:34:36 ago on Wed Aug 27 12:40:04 2025.
      Dependencies resolved.
      ===============================================================================================================
       Package              Architecture           Version                           Repository                 Size
      ===============================================================================================================
      Installing:
       wget                 x86_64                 1.21.1-8.el9_4                    AppStream                 789 k
      
      Transaction Summary
      ===============================================================================================================
      Install  1 Package
      
      Total size: 789 k
      Installed size: 3.1 M
      Downloading Packages:
      [SKIPPED] wget-1.21.1-8.el9_4.x86_64.rpm: Already downloaded                                                  
      Running transaction check
      Transaction check succeeded.
      Running transaction test
      Transaction test succeeded.
      Public key for wget-1.21.1-8.el9_4.x86_64.rpm is not installed
      The downloaded packages were saved in cache until the next successful transaction.
      You can remove cached packages by executing 'dnf clean packages'.
      Error: GPG check FAILED
      

      Things start working again when I dnf remove -y python3-dnf-plugin-multisig

              asosedki@redhat.com Alexander Sosedkin
              szidek@redhat.com Stanislav Zidek
              Alexander Sosedkin Alexander Sosedkin
              Stanislav Zidek Stanislav Zidek
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated: