Skypeforlinux GPG key blocks other packages?

Rocky Linux General
1

Hello All,

I have Skye for Linux installed on the system and every time there’s a new package available and try to update the system I get the following error message:

The GPG keys listed for the “skype (stable)” repository are already installed but they are not correct for this package.
GPG Keys are configured as: <link below in the repo file, forum doesn’t allow me to post more than 2>

I downloaded the SKYPE-GPG-KEY installed it with gpg --import but it’s still the same error.

$ cat /etc/yum.repos.d/skype-stable.repo
[skype-stable]
name=skype (stable)
baseurl=Index of /rpm/stable
enabled=1
gpgcheck=1
gpgkey=https://repo.skype.com/data/SKYPE-GPG-KEY

I’d prefer to keep the gpgcheck enabled and solve the key issue.

Also if it skypforlinux update comes with other package updates than “dnf update” won’t install those packages because of the Skype GPG error?
e.g

dnf update


Transaction Summary

Install 2 Packages
Upgrade 31 Packages <----------------------------------

(31/33): skypeforlinux_8.89.0.403-1.x86_64.rpm 1.5 MB/s | 120 MB 01:18

The GPG keys listed for the “skype (stable)” repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository… Failing package is: skypeforlinux-8.89.0.403-1.x86_64
GPG Keys are configured as: <same as above, forum doesn’t allow me to put more than 2 in a post>
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing ‘dnf clean packages’.

dnf clean packages

33 files removed <------------------------------

Thank you.

2

An invalid GPG key will halt an entire dnf operation. If you don’t want it to, you have a few options:

  1. Disable gpg checking from the skype repo (not recommended)
  2. Disable gpg checking from the skype repo and also keep it disabled and temporarily enable it when you want to update (also not recommended, but it would stop dnf from halting regular updates)
  3. Use the flatpak version of skype

I would recommend that the invalid GPG key be reported to the Skype maintainers either way.

3

OK, but how did it get there, where did the GPG keys come from, is it 100% open source, did you install it as root?

4

Thank you guys. My biggest concern is why a package with invalid GPG key is blocking the installation of other legit updates until I figured what to do with that single one and than I have to re-run the full update again.

Is this behaviour is by design or can it be changed somewhow and leave only the package with the issue uninstalled?
After I disabled GPG check and re-run dnf update all 46 update package gets installed:

Total size: 228 M
Downloading Packages:
[SKIPPED] cockpit-packagekit-264.2-1.el9_0.noarch.rpm: Already downloaded                                                                                                                      
[SKIPPED] ostree-libs-2022.5-1.el9_0.x86_64.rpm: Already downloaded                                                                                                                            
[SKIPPED] ostree-2022.5-1.el9_0.x86_64.rpm: Already downloaded                                                                                                                                 
[SKIPPED] kernel-headers-5.14.0-70.30.1.el9_0.x86_64.rpm: Already downloaded                                                                                                                   
[SKIPPED] zlib-devel-1.2.11-32.el9_0.x86_64.rpm: Already downloaded                                                                                                                            
[SKIPPED] faad2-libs-2.10.1-1.el9.x86_64.rpm: Already downloaded                                                                                                                               
[SKIPPED] skypeforlinux_8.90.0.405-1.x86_64.rpm: Already downloaded                                                                                                                            
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                        1/1 
  Upgrading        : zlib-1.2.11-32.el9_0.x86_64                                                                                                                                          1/109 
  Upgrading        : openssl-libs-1:3.0.1-43.el9_0.x86_64                                                                                                                                 2/109 
  Upgrading        : lua-libs-5.4.2-4.el9_0.3.x86_64                                                                                                                                      3/109 
  Upgrading        : rpm-4.16.1.3-12.el9_0.1.x86_64                                                                                                                                       4/109 
  Upgrading        : rpm-libs-4.16.1.3-12.el9_0.1.x86_6

Thank you.

5

OK Announcement Time: I have stopped using Rocky Linux 8.7 – now Rocky Linux 8.8 – and decided to take the plunge into Rocky Linux 9.2. I am still in the process of setting up and configuring RL 9.2. I have downloaded most of programs I use including KDE, creating my Virtual Desktops, etc., etc., etc. I still have a long way to go before the new “Death Star” will be fully operational and as slick as what RL 8.7 was. Everything has – more-or-less – gone smoothly, until I ran into installing Skype (skypeforlinux). I crashed into a very hard wall!. For the most part I search for the "How do you install… step-by-step cut-and-paste methodology. For the most part it has worked about 99% of the time. I tried to install Skype via this methodology:

I followed the “steps” laid out in TecMint ( How to Install Skype on Rocky Linux / AlmaLinux). And everything went well until it installed the package, then got:

"The GPG keys listed for the “skype (stable)” repository are already installed but they are not correct for this package.
"Check that the correct key URLs are configured for this repository… Failing package is: skypeforlinux-8.89.0.403-1.x86_64
"GPG Keys are configured as…
"The downloaded packages were saved in cache until the next successful transaction.
“You can remove cached packages by executing ‘dnf clean packages’.”

Just for FUN – and because my back was against the wall I could do it – I decided to try and download the skypeforlinux-64.rpm file from M$ directly. I avoid downloading anything directly from M$ as I can not tell you how many times I have run into trouble with M$… including Skype.

The file skypeforlinux-64.rpm downloaded directly into /home/dcat/Downloads directory. Next I switched to the /home/dcat/Downloads directory, and checked to make sure of the file name by starting up mc just to be sure. Making sure I was in the /home/dcat/Downloads directory, I then ran:

dnf install skypeforlinux-64.rpm. Here is what I got:

Package Architecture Version Repository Size

Installing:
skypeforlinux x86_64 8.99.0.403-1 @commandline 121 M

Transaction Summary

Install 1 Package

Total size: 121 M
Installed size: 312 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : skypeforlinux-8.99.0.403-1.x86_64 1/1
Running scriptlet: skypeforlinux-8.99.0.403-1.x86_64 1/1
Redirecting to /bin/systemctl start atd.service

Verifying : skypeforlinux-8.99.0.403-1.x86_64 1/1

Installed:
skypeforlinux-8.99.0.403-1.x86_64

Complete!

I then went into Application Launcher => Internet and searched to see if Skype was listed in there. It was!!

I then started up mc once again went to /etc/yum.repos.d and there I found an entry that said:

skype-stable.repo.

So what happened? My GUESS is that TecMint (and other step-by-step copy and paste sites) download GPG Key that that is outdated (Why? I have no idea. ) But by downloading the Skype rpm file directly from M$ you now have the direct corresponding GPG Key that goes with the downloaded file. Now when you run dnf install skypeforlinux-64.rpm everything, including the GPG Key matches so it installs without errors.

Hope this helps.

Onward to tricking out the rest of the NEW RL 9.2 Death Star

D’Cat

6

Common with howto articles when they are not updated regularly. Especially since gpg keys will expire and replaced with new ones.