Cannot rebase Fedora Silverblue to Rawhide beacuse of missing public key

Hi! I’ve installed Fedora 33 Silverblue for the first time and having trouble rebasing to Rawhide.
When I’m executing rpm-ostree rebase fedora:fedora/rawhide/x86_64/silverblue I get following error:

error: While pulling fedora/rawhide/x86_64/silverblue: Commit ec454363b716324467fad59f6a718364c70e63fbbf5420cd9c2651f7cc69e95a: Signature made Sun 14 Feb 2021 08:03:56 AM EET using RSA key ID DB4639719867C58F
Can't check signature: public key not found

In almost 2yr old video-tutorial author, before rebasing, imported gpg key with sudo ostree remote gpg-import fedora-atomic -k /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-30-primary, so I tried running same command but with fedora -k /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-34-primary arguments. It didn’t helped and error is still the same.

I also tried doing rpm-ostree upgrade as this article suggests, but it didn’t went well. Running rpm-ostree status after upgrade gives me following output with very scary SecAdvisories colored in red:

State: idle
Deployments:
  ostree://fedora:fedora/33/x86_64/silverblue
                   Version: 33.20210214.0 (2021-02-14T00:45:11Z)
                BaseCommit: b83271db867324481a36c113aeb037f12a672e8263286bf046e9f522a0d71d18
              GPGSignature: Valid signature by 963A2BEB02009608FE67EA4249FD77499570FF31
             SecAdvisories: 3 unknown severity, 6 low, 16 moderate, 5 important, 2 critical
                      Diff: 540 upgraded, 18 downgraded, 1 removed, 29 added
           LayeredPackages: fedora-workstation-repositories

● ostree://fedora:fedora/33/x86_64/silverblue
                   Version: 33.1.2 (2020-10-19T20:09:14Z)
                BaseCommit: 7e1aaaca7dae8d066c139ca2627e470c285e625c30c924774b8d98698fa6b8b7
              GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
           LayeredPackages: fedora-workstation-repositories

And I can’t boot into this new deployment — I just get a blank black screen. I tried removing rhgb quiet kernel parameters to see logs while booting, but screen is still empty. Journald also doesn’t have any logs of that boot.
After doing rpm-ostree rollback any SecAdvisories are gone from status output:

State: idle
Deployments:
● ostree://fedora:fedora/33/x86_64/silverblue
                   Version: 33.1.2 (2020-10-19T20:09:14Z)
                BaseCommit: 7e1aaaca7dae8d066c139ca2627e470c285e625c30c924774b8d98698fa6b8b7
              GPGSignature: Valid signature by 97A1AE57C3A2372CCA3A4ABA6C13026D12C944D0
           LayeredPackages: fedora-workstation-repositories

  ostree://fedora:fedora/33/x86_64/silverblue
                   Version: 33.20210214.0 (2021-02-14T00:45:11Z)
                BaseCommit: b83271db867324481a36c113aeb037f12a672e8263286bf046e9f522a0d71d18
              GPGSignature: Valid signature by 963A2BEB02009608FE67EA4249FD77499570FF31
           LayeredPackages: fedora-workstation-repositories

Thanks in advance!

Edit: If executing rebase from Fedora 29 Silverblue the error have slightly different message:

error: Commit ec454363b716324467fad59f6a718364c70e63fbbf5420cd9c2651f7cc69e95a: GPG signatures found, but none are in trusted keyring

Gotta love this time machine

1 Like

https://src.fedoraproject.org/rpms/fedora-repos/raw/rawhide/f/RPM-GPG-KEY-fedora-35-primary

2 Likes

Thanks! Works Fooly Cooly now!

Leaving few notes for people who might be interested in solution:

You should save the file from that link to /etc/pki/rpm-gpg and create a symlink to it named RPM-GPG-KEY-fedora-35-x86_64 (or/and other architectures).

If you don’t create needed symlink you might get following error:

error: Updating rpm-md repo 'updates': Failed to download gpg key for repo 'updates': Curl error (37): Couldn't read a file:// file for file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64 [Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-35-x86_64]
2 Likes