Fedora Client rpm package is unsigned | Community
Skip to main content
J
Newcomer
jknaus
Newcomer
November 22, 2021
Question

Fedora Client rpm package is unsigned

  • November 22, 2021
  • 2 replies
  • 0 views

I use the Fedora rpm package of the meetings desktop client
However, I only want to install software that is correctly cryptographically signed.
That was not a problem so far. However, the recent version 5.8.4 (210) is not signed at all (see rpm -qpi output below), and the gpg signature validation fails.

 

 

$ rpm -qpi zoom_x86_64.rpm Name : zoom Version : 5.8.4.210 Release : 1 Architecture: x86_64 Install Date: (not installed) Group : default Size : 226471546 License : see https://www.zoom.us/ Signature : (none) Source RPM : zoom-5.8.4.210-1.src.rpm Build Date : Fri 12 Nov 2021 07:27:39 AM CET Build Host : localhost Relocations : / Packager : Zoom Linux Team <linux-dev@zoom.us> Vendor : Zoom Video Communications, Inc. URL : https://www.zoom.us Summary : Zoom Cloud Meetings

 

 

 

    2 replies

    R
    Community Manager
    rn-zm
    Community Manager
    December 1, 2021

    Hey @jknaus, here is some insight I got on a similar case to yours; however, I'd advise to first update to the latest version 5.8.6 to see if this helps! If not, here is a suggestion that may help! 

     

    On Download Center https://zoom.us/download if you select Linux Type: Fedora, under the Download button there is the following text: "Zoom's rpm packages are signed with a GPG key. Please run "rpm --import package-signing-key.pub" to import the key in case package management utility asks for a missing public key."

     

    You can try running the command and see if the new version of the package is signed again. 

     

    $ rpm -qpi ~/Downloads/zoom_x86_64.rpm | egrep '^Source|Signature'  
    Signature   : RSA/SHA1, Mon 29 Nov 2021 07:38:12 AM CET, Key ID b903bf1861a7c71d
    Source RPM  : zoom-5.8.6.739-1.src.rpm
    $

     

     

    Let me know if this helps! 

    C
    Newcomer
    Cris70
    Newcomer
    April 26, 2022

    Hi @RN52_2 , I have the same problem with the OpenSuse package.

    When I installed version 5.10.4 (after importing the signing key) I got this:

    zoom_openSUSE_x86_64.rpm: 
        Package header is not signed! 

    zoom-5.10.4.2845_openSUSE-1.x86_64 (Plain RPM files cache): Signature verification failed [6-File is unsigned]

    I then ran the command you suggested, to verify the presence of a signature, and here's the result:

    ~ >  rpm -qpi ~/Downloads/zoom_openSUSE_x86_64.rpm | egrep '^Source|Signature' 
    Signature   : (none) 
    Source RPM  : zoom-5.10.4.2845_openSUSE-1.src.rpm

    Please could you correct the package to include the signature?

    Thank you in advance.

    Cris

      Terms & ConditionsAccessibility statement
      Copyright © Zoom Communications, Inc. All rights reserved.