I’m running Google Chrome on Fedora 21 on a handful of my systems. Occasionally, after an update, yum will throw errors about a problem with the Google Chrome RPM’s cryptographic signature.


The error in question is:

warning: /var/cache/yum/x86_64/21/google-chrome/packages/google-chrome-stable-42.0.2311.90-1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY

Public key for google-chrome-stable-42.0.2311.90-1.x86_64.rpm is not installed

I’ve seen this error a few times at work. I believe that this indicates that the RPM was constructed using an older version of rpmbuild (or using a legacy version of the signing algorithm).

The way that I’ve interpreted this the last time I looked into the details is that legacy versions of RPM put the signature in a different header or format than more modern versions. At some point backwards compatibility was dropped so package maintainers actually need to make sure they have the correct versions or modifications to their spec files.

Unfortunately I cannot remember the specific details for why this is a problem in RPM

HOWEVER, this article is not intended to fix RPM. To work around the RPM error that prevents yum from updating the other packages on the system re-run the following command to re-import or update the signature for the RPM:

sudo rpm --import https://dl-ssl.google.com/linux/linux_signing_key.pub

Yum should now be able to verify the signature for that RPM and will now allow you to update your system.

Go forth and Fedora.

" "