Tigervnc-icons-1.15.0-6.el9_7.1.noarch has invalid GPG signature

Goldeneye128 · April 29, 2026, 7:24am

The package tigervnc-icons-1.15.0-6.el9_7.1.noarch.rpm from the AppStream repository fails GPG verification on Rocky Linux 9.7. The key is present and trusted in the local keyring, all digests are OK, but the RSA signature itself is BAD.

$ rpm -Kv tigervnc-icons-1.15.0-6.el9_7.1.noarch.rpm
    Header V4 RSA/SHA256 Signature, key ID 350d275d: BAD
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    MD5 digest: OK

Key 350d275d is present in the keyring (Release: 6279464b). All other packages in the same transaction, including the other tigervnc-* subpackages, pass GPG verification without issue.

jdieter · April 29, 2026, 9:49am

Looking into this. We’ve been having some intermittent signing issues, and thought we’d sorted it out and added validation, but have obviously missed something.

jdieter · April 29, 2026, 2:11pm

The fixed package has been pushed out to dl.rockylinux.org and the mirrors should pick it up within the next few hours.

Topic		Replies	Views
Repo 'appstream': repomd.xml GPG signature verification error Rocky 9.5 Rocky Linux Help & Support rocky-linux-9	2	297	March 30, 2025
GPG Signature Verification Fails - Rocky Linux 9 BaseOS Rocky Linux Help & Support rocky-linux-9	4	312	March 30, 2026
'baseos': repomd.xml GPG signature verification error: Bad GPG signature after upgrade to 9.7 Rocky Linux Help & Support rocky-linux-9	5	324	March 16, 2026
Bad GPG signature on Rocky 8 BaseOS/AppStream repos Rocky Linux Help & Support	5	461	February 17, 2025
[guide] Verify checksum signatures! Rocky Linux Help & Support guide	1	335	April 2, 2025

Tigervnc-icons-1.15.0-6.el9_7.1.noarch has invalid GPG signature

Related topics