Certificate 498C45EBE94E7B37 invalid: certificate is not alive

[MelchiorIm3Tal]

Pre-submission Checks

• I checked for similar issues, but could not find any. I also checked the closed issues. I could not contribute additional information to any existing issue.
• I will take the time to fill in all the required fields. I know that the bug report may be dismissed otherwise due to lack of information.

Describe the bug

sudo dnf upadate
==>
Transaktion fehlgeschlagen: Verifizierung der Signatur fehlgeschlagen.
OpenPGP check for package "owncloud-client-5.3.2.15463-1.x86_64" (/var/cache/libdnf5/owncloud-4fc7381a1e3a8270/packages/owncloud-client_5.3.2.15463_x86_64.rpm) from repo "owncloud" has failed: Beim Öffnen des Pakets ist ein Fehler aufgetreten.

---

software > actualisations
==>
package owncloud-client-5.3.2.15463-1.x86_64 cannot be verified and repo owncloud is GPG enabled: /var/cache/PackageKit/41/metadata/owncloud-41-x86_64/packages/owncloud-client_5.3.2.15463_x86_64.rpm could not be verified.
/var/cache/PackageKit/41/metadata/owncloud-41-x86_64/packages/owncloud-client_5.3.2.15463_x86_64.rpm: Verifying a signature using certificate F05F7DD7953A07DF36579DAA498C45EBE94E7B37 (ownCloud Client Team (Signing Key) info@owncloud.com):

1. Certificate 498C45EBE94E7B37 invalid: certificate is not alive
   because: The primary key is not live
   because: Expired on 2024-11-09T17:12:00Z
2. Key 498C45EBE94E7B37 invalid: key is not alive
   because: The primary key is not live
   because: Expired on 2024-11-09T17:12:00Z: digest: SIGNATURE: NOT OK

---

ownCloud 5.3.1.14018 f15fd5
Qt Bibliotheken 6.4.3, OpenSSL 3.1.2 1 Aug 2023
Verwendete Erweiterung für virtuelle Dateien: suffix
OS: fedora-6.12.11-200.fc41.x86_64
QPA: xcb

Expected behavior

I expected an update

Steps to reproduce the issue

sudo dnf update

Screenshots

No response

Logs

No response

Client version number

ownCloud 5.3.1.14018 f15fd5
Qt Bibliotheken 6.4.3, OpenSSL 3.1.2 1 Aug 2023
Verwendete Erweiterung für virtuelle Dateien: suffix
OS: fedora-6.12.11-200.fc41.x86_64
QPA: xcb

Desktop environment (Linux only)

No response

Client package version and origin (Linux only)

do not remember

Installation path (Windows only)

No response

Server information

no server; client (!)

Additional context

No response

[jbierkens]

same issue (Fedora 41, trying to update owncloud-client to owncloud-client-5.3.2.15463-1.x86_64). Error message "Transaction failed: Signature verification failed.
OpenPGP check for package "owncloud-client-5.3.2.15463-1.x86_64" (/var/cache/libdnf5/owncloud-4fc7381a1e3a8270/packages/owncloud-client_5.3.2.15463_x86_64.rpm) from repo "owncloud" has failed: Problem occurred when opening the package.
"
breaks (i.e. stops) the rest of Fedora's updating (until I uncheck the owncloud respository from list of updates)

[DeepDiver1975]

Please reimport your key - see https://download.owncloud.com/desktop/ownCloud/stable/5.3.2.15463/linux/download/

sudo rpm --import https://download.owncloud.com/desktop/ownCloud/stable/5.3.2.15463/linux/Fedora_41/repodata/repomd.xml.key

this is the currently used key:

 gpg --show-keys repomd.xml.key 
pub   rsa4096 2015-03-02 [SC] [expires: 2026-01-21]
      F05F7DD7953A07DF36579DAA498C45EBE94E7B37
uid                      ownCloud Client Team (Signing Key) <info@owncloud.com>
sub   rsa4096 2015-03-02 [E] [expires: 2025-03-20]

[jbierkens]

@DeepDiver1975 Thanks for your response. I have imported the key as written above using sudo rpm --import etc (copy-pasted)
Then I try to install owncloud (I had first removed it), using sudo dnf install owncloud-client.
Result is still:

Transaction failed: Signature verification failed.
OpenPGP check for package "owncloud-client-5.3.2.15463-1.x86_64" (/var/cache/libdnf5/owncloud-4fc7381a1e3a8270/packages/owncloud-client_5.3.2.15463_x86_64.rpm) from repo "owncloud" has failed: Problem occurred when opening the package.

As a side note, gpg --show-keys repomd.xml.key gives a failure:

gpg: can't open 'repomd.xml.key': Bestand of map bestaat niet

[jbierkens]

Also when I follow the more extensive procedure outlined on the website you mention, I still get the complaint about signature verification.
https://download.owncloud.com/desktop/ownCloud/stable/5.3.2.15463/linux/download/

[DeepDiver1975]

maybe this helps: #12010 (comment)

[jbierkens]

Thank you, I thought I had already removed the older key using rpm -e, but anyway this time it worked. What I did differently now is just trying to install the package (with no keys present), then dnf asks to install the accompanying key.

So what worked was:

$ sudo rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

identifed owncloud key from this list, removed it and installed the client.

$ sudo rpm -e gpg-pubkey-e94e7b37-54f45dae
$ sudo dnf install owncloud-client
(...)
Importing OpenPGP key 0xE94E7B37:
 UserID     : "ownCloud Client Team (Signing Key) <info@owncloud.com>"
 Fingerprint: F05F7DD7953A07DF36579DAA498C45EBE94E7B37
 From       : https://download.owncloud.com/desktop/ownCloud/stable/5.3.2.15463/linux/Fedora_41/repodata/repomd.xml.key
Is this ok [y/N]: y