RPMfusion installation in RHEL8

Latest response

I was going through installation article on rpmfusion official site. It is asking to use --nogpgcheck option. Is it good idea to do that? If I am not using that option, RHEL8 is throughing exception

warning: /var/cache/dnf/commandline-a76fe31ae310b0c7/packages/rpmfusion-free-release-8.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID 158b3811: NOKEY
warning: /var/cache/dnf/commandline-a76fe31ae310b0c7/packages/rpmfusion-nonfree-release-8.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID bdda8475: NOKEY
Public key for rpmfusion-free-release-8.noarch.rpm is not installed
Public key for rpmfusion-nonfree-release-8.noarch.rpm is not installed
Error: GPG check FAILED

How can I solve that problem?

sudo yum localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm

Responses

Hi Sayed,

You can get rpm-fusion's signing keys at this link https://rpmfusion.org/RPM%20Fusion which is their FAQ page. Their link at that page for the keys is https://rpmfusion.org/keys scroll down at that link for RHEL 8. They have "free" and "non-free" keys. Here is yet another link to get their keys, fish in there for the proper keys, click on get for the right one.

Download the keys to a reasonable place on your system, then type rpm -vv -import /etc/directoryyoucreatedasroot/the-name-of-the-key-you-gave-it

Regards

RJ

Thank you for helping me out. I am figuring out how to add those keys. I am inside /etc folder...Can you please help me with directory name to which I have to copy that?

I personally put them into /etc/pki/rpm-gpg/ directory. However, that's actually the official location Red Hat puts in their own keys.

Perhaps try this...

  • Copy the files to a new directory such as:
[root@yoursystem ~] # mkdir /etc/pki/rpmfusionkeys/
[root@yoursystem ~] # echo "copy the files over to that directory, make them owned by root"
[root@yoursystem ~] # rpm -vv --import /etc/pki/rpmfusionkeys/*

Regards,

RJ

Thank you I got it now. I thought that simple copy will do the work; I assumed that when we are downloading a package, RHEL is referring public key installed in /etc/pki/rpm-gpg/ but actually it is not. We are copying those keys there { in /etc folder} so that it is accessible for all sudo user [it we keep that in a home folder and I am the only user then it will work (I guess)] and then we are importing those keys in key-ring using

rpm --import {key_file_name}
echo "-vv option is to show whats going on under the hood"

thanks a lot. I was doing that in VM. If that is successful then I will port that solution to my OS. I have to learn a lot :)

Sayed,

Make sure to be in the root account when you do this.

Regards

RJ

Yes I switched user using su as I needed to execute multiple command. I copied those and imported using rpm --import but that import was not successful. I noticed one more behavior, those copied files was not accessible by me [in GUI: as I loged in as normal user not root in GUI] but other key file was accessable by me [read-only: I could opened that in gedit]. Here security context concept comes in? Can you guide me to learn those. Thank you for being so kind to me.

One more question: I opened command and [changed user with su ]copied those two keys to that folder. Security context is showing unconfined_u:object_r:cert_t:s0 but there is already present keys but for those security context is system_u:object_r:cert_t:s0 ..... Can you please help me understanding those? What those means actually. Thank you for helping me out.

Make sure to do a restorecon against the files you copied there.

Alternatively, you can copy the filed into /etc/pki/rpm-gpg/ and that directory will have the proper selinux context.

Then after copying them, run runrestorecon /etc/pki/rpm-gpg/NAMEOFNEWFILES and then afterwards rpm -vv --import /etc/pki/rpm-gpg/* to set the proper context.

Regards

RJ

Thank you. Your suggestion helped a lot. Perfect solution :) I got it now.

Hi Sayed,

If you execute these commands instead of how you have added the repositories, everything works right out-of-the-box. :)

sudo rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo rpm -ivh https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm sudo rpm -ivh https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm

The GPG keys are getting imported and installed automatically and so, further troubleshooting workarounds are obsolete.

Regards,
Christian

Thank you Christian

You're welcome, Sayed ! :)

Anyone landing here, the rpms Christian mentioned are the easiest method. Sometimes I take the longer route.

RJ, do you know why I mostly choose the easiest and shorter way ?
Simply because it is easier to remember "how to do things" later. :)

Regards,
Christian