0

NextDNS Fedora Repo Update failing signature verification

When trying to update the NextDNS client from version 1.37.10-1 to 1.37.11-1 and I'm seeing the following errors:

/var/cache/PackageKit/36/metadata/nextdns-36-x86_64/packages/nextdns_1.37.11_x86_64.rpm could not be verified.
/var/cache/PackageKit/36/metadata/nextdns-36-x86_64/packages/nextdns_1.37.11_x86_64.rpm:  digest:  SIGNATURE:  NOT OK

I'm running Fedora Linux and using the NextDNS package from the following repo: 

[username@hostname ~]$ cat /etc/yum.repos.d/nextdns.repo
[nextdns]
name=nextdns
baseurl=https://repo.nextdns.io/rpm
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://repo.nextdns.io/nextdns-armored.gpg

2 replies

null
    • CorruptComputer
    • 1 yr ago
    • Reported - view

    Sorry should have also added, I've cleared my local dnf cache and tried re-downloading this package, made no difference and gave the same error.

    • CorruptComputer
    • 1 yr ago
    • Reported - view

    @nextdns Any update on this? The rpm package in your repo is failing signature verification still, which means it might have been tampered with. I'm afraid to update it due to the high number of supply chain attacks that have taken place in recent months.

Content aside

  • 1 yr agoLast active
  • 2Replies
  • 81Views
  • 1 Following