google-chrome-stable install on Mageia - "package has bad signature"

1.  
2. # Subject: google-chrome-stable install on Mageia - "package has bad signature"
3. # Date: Sun 18 Jun 16:58:50 BST 2023
4. # Summary: Installing google-chrome-stable in Mageia Linux the "normal" way results in a "package has bad signature".
5. # However, downloading the RPM, verifying the signature and installing from downloaded RPM works OK.
6. # Is this an issue with urpmi? Why does the "package has bad signature" error happen?
7.  
8.  
9. # Step 1: attempt "normal" install of google-chrome-stable
10.  
11. [user@localhost ~]$ /bin/sudo urpmi google-chrome-stable # Install Chrome
12.  
13.  
14. http://dl.google.com/linux/chrome/rpm/stable/x86_64/google-chrome-stable-114.0.5735.133-1.x86_64.rpm
15.  
16. The following package has bad signature:
17. /var/cache/urpmi/rpms/google-chrome-stable-114.0.5735.133-1.x86_64.rpm: Invalid Key ID (OK (RSA/SHA512, Tue 13 Jun 2023 01:42:59 BST, Key ID 4eb27db2a3b88b8b))
18. Do you want to continue installation ? (y/N)
19.  
20. # Abandoned this because of "bad signature" error.
21.  
22.  
23. #-------------------------------------------------------------------------------------------------------------------------
24. # searched and found: https://www.google.com/linuxrepositories/ and followed Google's documented steps:
25.  
26.  
27. # Step 2: use local directory for downloading from Google
28.  
29. [user@localhost ~]$ cd ~Downloads/google-chrome/
30.  
31.  
32. # Step 3: download Google's Linux signing key
33.  
34. [user@localhost google_chrome]$ wget https://dl-ssl.google.com/linux/linux_signing_key.pub
35. --2023-06-18 15:52:33-- https://dl-ssl.google.com/linux/linux_signing_key.pub
36. Resolving dl-ssl.google.com (dl-ssl.google.com)... 66.102.1.91, 66.102.1.93, 66.102.1.136, ...
37. Connecting to dl-ssl.google.com (dl-ssl.google.com)|66.102.1.91|:443... connected.
38. HTTP request sent, awaiting response... 200 OK
39. Length: 14605 (14K) [application/octet-stream]
40. Saving to: ‘linux_signing_key.pub’
41.  
42. linux_signing_key.pub 100%[================================================>] 14.26K --.-KB/s in 0.003s
43.  
44. 2023-06-18 15:52:33 (4.31 MB/s) - ‘linux_signing_key.pub’ saved [14605/14605]
45.  
46.  
47. # Step 4: import Google's Linux signing key
48.  
49. [user@localhost google_chrome]$ /bin/sudo rpm --import linux_signing_key.pub
50. [sudo] password for user:
51.  
52.  
53. # Step 5: verify Google's Linux signing key
54.  
55. [user@localhost google_chrome]$ rpm -qi gpg-pubkey-7fac5991-*
56. Name : gpg-pubkey
57. Version : 7fac5991
58. Release : 4615767f
59. Architecture: (none)
60. Install Date: Fri 09 Jul 2021 20:10:47 BST
61. Group : Public Keys
62. Size : 0
63. License : pubkey
64. Signature : (none)
65. Source RPM : (none)
66. Build Date : Thu 05 Apr 2007 23:21:51 BST
67. Build Host : localhost
68. Packager : Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
69. Summary : Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com> public key
70. Description :
71. -----BEGIN PGP PUBLIC KEY BLOCK-----
72. Version: rpm-4.16.1.3 (NSS-3)
73.  
74. mQGiBEXwb0YRBADQva2NLpYXxgjNkbuP0LnPoEXruGmvi3XMIxjEUFuGNCP4Rj/a
75. kv2E5VixBP1vcQFDRJ+p1puh8NU0XERlhpyZrVMzzS/RdWdyXf7E5S8oqNXsoD1z
76. fvmI+i9b2EhHAA19Kgw7ifV8vMa4tkwslEmcTiwiw8lyUl28Wh4Et8SxzwCggDcA
77. feGqtn3PP5YAdD0km4S4XeMEAJjlrqPoPv2Gf//tfznY2UyS9PUqFCPLHgFLe80u
78. QhI2U5jt6jUKN4fHauvR6z3seSAsh1YyzyZCKxJFEKXCCqnrFSoh4WSJsbFNc4PN
79. b0V0SqiTCkWADZyLT5wll8sWuQ5ylTf3z1ENoHf+G3um3/wk/+xmEHvj9HCTBEXP
80. 78X0A/0Tqlhc2RBnEf+AqxWvM8sk8LzJI/XGjwBvKfXe+l3rnSR2kEAvGzj5Sg0X
81. 4XmfTg4Jl8BNjWyvm2Wmjfet41LPmYJKsux3g0b8yzQxeOA4pQKKAU3Z4+rgzGmf
82. HdwCG5MNT2A5XxD/eDd+L4fRx0HbFkIQoAi1J3YWQSiTk15fw7RMR29vZ2xlLCBJ
83. bmMuIExpbnV4IFBhY2thZ2UgU2lnbmluZyBLZXkgPGxpbnV4LXBhY2thZ2VzLWtl
84. eW1hc3RlckBnb29nbGUuY29tPohjBBMRAgAjAhsDBgsJCAcDAgQVAggDBBYCAwEC
85. HgECF4AFAkYVdn8CGQEACgkQoECDD3+sWZHKSgCfdq3HtNYJLv+XZleb6HN4zOcF
86. AJEAniSFbuv8V5FSHxeRimHx25671az+uQINBEXwb0sQCACuA8HT2nr+FM5y/kzI
87. A51ZcC46KFtIDgjQJ31Q3OrkYP8LbxOpKMRIzvOZrsjOlFmDVqitiVc7qj3lYp6U
88. rgNVaFv6Qu4bo2/ctjNHDDBdv6nufmusJUWq/9TwieepM/cwnXd+HMxu1XBKRVk9
89. XyAZ9SvfcW4EtxVgysI+XlptKFa5JCqFM3qJllVohMmr7lMwO8+sxTWTXqxsptJo
90. pZeKz+UBEEqPyw7CUIVYGC9ENEtIMFvAvPqnhj1GS96REMpry+5s9WKuLEaclWpd
91. K3krttbDlY1NaeQUCRvBYZ8iAG9YSLHUHMTuI2oea07Rh4dtIAqPwAX8xn36JAYG
92. 2vgLAAMFB/wKqaycjWAZwIe98Yt0qHsdkpmIbarD9fGiA6kfkK/UxjL/k7tmS4Vm
93. CljrrDZkPSQ/19mpdRcGXtb0NI9+nyM5trweTvtPw+HPkDiJlTaiCcx+izg79Fj9
94. KcofuNb3lPdXZb9tzf5oDnmm/B+4vkeTuEZJ//IFty8cmvCpzvY+DAz1Vo9rA+Zn
95. cpWY1n6z6oSS9AsyT/IFlWWBZZ17SpMHu+h4Bxy62+AbPHKGSujEGQhWq8ZRoJAT
96. G0KSObnmZ7FwFWu1e9XFoUCt0bSjiJWTIyaObMrWu/LvJ3e9I87HseSJStfw6fki
97. 5og9qFEkMrIrBCp3QGuQWBq/rTdMuwNFiEkEGBECAAkFAkXwb0sCGwwACgkQoECD
98. D3+sWZF/WACfeNAu1/1hwZtUo1bR+MWiCjpvHtwAnA1R3IHqFLQ2X3xJ40XPuAyY
99. /FJG
100. =Quqp
101. -----END PGP PUBLIC KEY BLOCK-----
102.  
103.  
104. # Step 6: verify signature on previous google-chrome-stable image - version 114.0.5735.106-1
105.  
106. [user@localhost google_chrome]$ rpm --checksig -v google-chrome-stable-114.0.5735.106-1.x86_64.rpm
107. google-chrome-stable-114.0.5735.106-1.x86_64.rpm:
108. Header V4 RSA/SHA512 Signature, key ID a3b88b8b: OK
109. Header SHA256 digest: OK
110. Header SHA1 digest: OK
111. Payload SHA256 digest: OK
112. V4 RSA/SHA512 Signature, key ID a3b88b8b: OK
113. MD5 digest: OK
114.  
115.  
116. # Step 7: download current google-chrome-stable image - version 114.0.5735.133-1
117.  
118. [user@localhost google_chrome]$ wget http://dl.google.com/linux/chrome/rpm/stable/x86_64/google-chrome-stable-114.0.5735.133-1.x86_64.rpm
119. --2023-06-18 16:25:29-- http://dl.google.com/linux/chrome/rpm/stable/x86_64/google-chrome-stable-114.0.5735.133-1.x86_64.rpm
120. Resolving dl.google.com (dl.google.com)... 172.217.16.238, 2a00:1450:4009:821::200e
121. Connecting to dl.google.com (dl.google.com)|172.217.16.238|:80... connected.
122. HTTP request sent, awaiting response... 200 OK
123. Length: 99334072 (95M) [application/x-rpm]
124. Saving to: ‘google-chrome-stable-114.0.5735.133-1.x86_64.rpm’
125.  
126. google-chrome-stable-114.0.5735.133-1.x86_64.rpm 100%[=============================>] 94.73M 8.44MB/s in 11s
127.  
128. 2023-06-18 16:25:40 (8.57 MB/s) - ‘google-chrome-stable-114.0.5735.133-1.x86_64.rpm’ saved [99334072/99334072]
129.  
130.  
131. # Step 8: verify signature on current google-stable image - version 114.0.5735.133-1
132.  
133. [user@localhost google_chrome]$ rpm --checksig -v google-chrome-stable-114.0.5735.133-1.x86_64.rpm
134. google-chrome-stable-114.0.5735.133-1.x86_64.rpm:
135. Header V4 RSA/SHA512 Signature, key ID a3b88b8b: OK
136. Header SHA256 digest: OK
137. Header SHA1 digest: OK
138. Payload SHA256 digest: OK
139. V4 RSA/SHA512 Signature, key ID a3b88b8b: OK
140. MD5 digest: OK
141.  
142.  
143. # Step 9: install current latest google-chrome-stable ("normal" install)
144.  
145. [mpb@localhost google_chrome]$ /bin/sudo urpmi google-chrome-stable
146.  
147.  
148. http://dl.google.com/linux/chrome/rpm/stable/x86_64/google-chrome-stable-114.0.5735.133-1.x86_64.rpm
149.  
150. The following package has bad signature:
151. /var/cache/urpmi/rpms/google-chrome-stable-114.0.5735.133-1.x86_64.rpm: Invalid Key ID (OK (RSA/SHA512, Tue 13 Jun 2023 01:42:59 BST, Key ID 4eb27db2a3b88b8b))
152. Do you want to continue installation ? (y/N) N
153.  
154. # Abandoned because of "bad signature" error
155.  
156.  
157. # Step 10: install google-chrome-stable from downloaded copy
158.  
159. [mpb@z600-mageia8 google_chrome]$ /bin/sudo urpmi ./google-chrome-stable-114.0.5735.133-1.x86_64.rpm # downloaded and verified local copy
160. [sudo] password for user:
161.  
162.  
163. installing google-chrome-stable-114.0.5735.133-1.x86_64.rpm from .
164. Preparing... #####################################################################
165. 1/1: google-chrome-stable #####################################################################
166.  
167. # No error