Bug 34853 - Classic Installer ISOs can't update mageia 9 due untrusted gpg key
Summary: Classic Installer ISOs can't update mageia 9 due untrusted gpg key
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Installer (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker major
Target Milestone: ---
Assignee: Mageia tools maintainers
QA Contact:
URL:
Whiteboard:
Keywords: 10alpha1
: 34869 (view as bug list)
Depends on: 34920
Blocks:
  Show dependency treegraph
 
Reported: 2025-12-15 03:12 CET by katnatek
Modified: 2025-12-31 00:31 CET (History)
6 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Screenshot of error message (343.41 KB, image/jpeg)
2025-12-28 19:47 CET, Thomas Andrews 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description katnatek 2025-12-15 03:12:03 CET 
Like is documented in https://wiki.mageia.org/en/Cauldron#Upgrade_from_the_latest_stable_release_to_Cauldron_using_urpmi , the mageia 9 gpg key is not trusted by cauldron's urpmi

And need manual steos

Try a direct update mageia 9 -> Mageia 10 with the classic installer fail due the untrusted gpg key
katnatek 2025-12-15 03:12:13 CET

Keywords: (none) => 10alpha1

katnatek 2025-12-15 03:12:30 CET

Summary: Classic Installer 64 bit can't update mageia 9 due untrusted gpk key => Classic Installer 64 bit can't update mageia 9 due untrusted gpg key

katnatek 2025-12-15 03:12:43 CET

Hardware: All => x86_64

Comment 1 Morgan Leijström 2025-12-15 09:49:39 CET 
Smells like a tools issue; need to handle both keys?

CC: (none) => fri
Assignee: bugsquad => mageiatools

Comment 2 katnatek 2025-12-18 18:44:45 CET 
*** Bug 34869 has been marked as a duplicate of this bug. ***

CC: (none) => contact

Comment 3 katnatek 2025-12-21 18:19:37 CET 
Now that i686 ISO is usable, this also affect the i686 architecture

Summary: Classic Installer 64 bit can't update mageia 9 due untrusted gpg key => Classic Installer ISOs can't update mageia 9 due untrusted gpg key
Hardware: x86_64 => All

Morgan Leijström 2025-12-21 19:58:33 CET

Severity: normal => major
Priority: Normal => release_blocker

Comment 4 Martin Whitaker 2025-12-27 21:18:57 CET 
I believe this was discussed in the last packagers' meeting and that the solution is to issue a Mageia 9 update that adds the necessary keys. CC'ing Bruno, who is likely to know.

In passing, I don't know who is in the Mageia Tools maintainers group. I'm not.

P.S. Bruno, I've just seen there are two email addresses for you in Bugzilla. I hope I've picked one that still works.

CC: (none) => bruno, mageia

Comment 5 Thomas Andrews 2025-12-28 19:44:47 CET 
This may be related, maybe not. Please let me know...

I just tried an upgrade of a Plasma install with the 64-bit CI, and I ran into a rejected signature, as well. But mine is of an MGA10 package from the CI, so I wouldn't think a Mageia 9 update would fix it.

This was an upgrade of a real-world install that included packages that would not be on the CI, like 0ad and Flightgear. So, I tried to use the network to add supplemental media before proceeding with the upgrade. It failed, both with http and ftp media, failed before it even started with a message that basesystem-minimal, a MGA10 package, doesn't verify and isn't trusted. I'll attach a screenshot of the error message, taken with a digital camera.

Normally, I'd file this as a separate bug, but there are too many coincidences between this bug's error, the duplicate's error message, and what I'm seeing to be ignored.

CC: (none) => andrewsfarm

Comment 6 Thomas Andrews 2025-12-28 19:47:59 CET 
Created attachment 15259 [details]
Screenshot of error message
Comment 7 katnatek 2025-12-28 19:52:25 CET 
(In reply to Thomas Andrews from comment #5)
> This may be related, maybe not. Please let me know...
> 
> I just tried an upgrade of a Plasma install with the 64-bit CI, and I ran
> into a rejected signature, as well. But mine is of an MGA10 package from the
> CI, so I wouldn't think a Mageia 9 update would fix it.
> 
> This was an upgrade of a real-world install that included packages that
> would not be on the CI, like 0ad and Flightgear. So, I tried to use the
> network to add supplemental media before proceeding with the upgrade. It
> failed, both with http and ftp media, failed before it even started with a
> message that basesystem-minimal, a MGA10 package, doesn't verify and isn't
> trusted. I'll attach a screenshot of the error message, taken with a digital
> camera.
> 
> Normally, I'd file this as a separate bug, but there are too many
> coincidences between this bug's error, the duplicate's error message, and
> what I'm seeing to be ignored.

(In reply to Thomas Andrews from comment #6)
> Created attachment 15259 [details]
> Screenshot of error message

I think you get the cause I open bug#34909
katnatek 2025-12-30 19:33:05 CET

Depends on: (none) => 34920

Comment 8 Marja Van Waes 2025-12-30 22:46:10 CET 
(just testing a flag, in case we have a round 3)

CC: (none) => marja11
Flags: (none) => 10A1_round3?(j.alberto.vc), 10A1_round3?(fri)

Marja Van Waes 2025-12-30 22:51:38 CET

Flags: (none) => 10A1_round3?

Morgan Leijström 2025-12-30 23:30:43 CET

Flags: 10A1_round3?(fri) => 10A1_round3-

Morgan Leijström 2025-12-30 23:31:44 CET

Flags: 10A1_round3- => 10A1_round3?

Comment 9 katnatek 2025-12-31 00:31:31 CET 
In bug#34920 I perform a mageia 9 -> cauldron upgrade with the 64b Classic 
Installer 10alpha1 round 2, I first update the packages in bug#34920 and bug#34918 
in the mageia 9 system, reboot to make sure the new key is loaded 
reboot again and boot the 10alpha1 ISO and perform an good upgrade with exception 
I got bug#34909

So for this particular bug is not necessary round 3 or alpha2

Status: NEW => RESOLVED
Flags: 10A1_round3?(j.alberto.vc), 10A1_round3?, 10A1_round3? => (none)
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.