What's New at Zoom? Join our upcoming webinar to get a first-hand look into some of our exciting new product and feature releases.

Register Now
cancel
Showing results for 
Search instead for 
Did you mean: 

Fedora Client rpm package is unsigned

jknaus
Listener

I use the Fedora rpm package of the meetings desktop client
However, I only want to install software that is correctly cryptographically signed.
That was not a problem so far. However, the recent version 5.8.4 (210) is not signed at all (see rpm -qpi output below), and the gpg signature validation fails.

 

 

$ rpm -qpi zoom_x86_64.rpm 
Name        : zoom
Version     : 5.8.4.210
Release     : 1
Architecture: x86_64
Install Date: (not installed)
Group       : default
Size        : 226471546
License     : see https://www.zoom.us/
Signature   : (none)
Source RPM  : zoom-5.8.4.210-1.src.rpm
Build Date  : Fri 12 Nov 2021 07:27:39 AM CET
Build Host  : localhost
Relocations : / 
Packager    : Zoom Linux Team <linux-dev@zoom.us>
Vendor      : Zoom Video Communications, Inc.
URL         : https://www.zoom.us
Summary     : Zoom Cloud Meetings

 

 

 

2 REPLIES 2

RN
Zoom Moderator

Hey @jknaus, here is some insight I got on a similar case to yours; however, I'd advise to first update to the latest version 5.8.6 to see if this helps! If not, here is a suggestion that may help! 

 

On Download Center https://zoom.us/download if you select Linux Type: Fedora, under the Download button there is the following text: "Zoom's rpm packages are signed with a GPG key. Please run "rpm --import package-signing-key.pub" to import the key in case package management utility asks for a missing public key."

 

You can try running the command and see if the new version of the package is signed again. 

 

$ rpm -qpi ~/Downloads/zoom_x86_64.rpm | egrep '^Source|Signature'  
Signature   : RSA/SHA1, Mon 29 Nov 2021 07:38:12 AM CET, Key ID b903bf1861a7c71d
Source RPM  : zoom-5.8.6.739-1.src.rpm
$

 

 

Let me know if this helps! 

_______________________________________________________

Leverage cool features and how to's from the Community Center. If my reply helped, don't forget to click the accept as solution button! ⤵️

Cris70
Listener

Hi @RN , I have the same problem with the OpenSuse package.

When I installed version 5.10.4 (after importing the signing key) I got this:

zoom_openSUSE_x86_64.rpm: 
   Package header is not signed!

zoom-5.10.4.2845_openSUSE-1.x86_64 (Plain RPM files cache): Signature verification failed [6-File is unsigned]

I then ran the command you suggested, to verify the presence of a signature, and here's the result:

~ >  rpm -qpi ~/Downloads/zoom_openSUSE_x86_64.rpm | egrep '^Source|Signature' 
Signature   : (none)
Source RPM  : zoom-5.10.4.2845_openSUSE-1.src.rpm

Please could you correct the package to include the signature?

Thank you in advance.

Cris