I’m using Fedora 38 Plasma. I’ve been dealing with this for awhile. I’ve reported it to Tailscale but they state it would be an upstream (KDE) issue to be resolved.
Every time I attempt an update within Discover whenever there is a Tailscale update included, I receive this error:
Bad GPG signature found:
/var/cache/PackageKit/38/metadata/tailscale-stable-38-x86_64/packages/tailscale_1.46.1_x86_64.rpm could not be verified.
/var/cache/PackageKit/38/metadata/tailscale-stable-38-x86_64/packages/tailscale_1.46.1_x86_64.rpm: digest: SIGNATURE: NOT OK
I can open a terminal and complete a dnf update with no issues and that has been my workaround for the past several months.
Anyone know how to fix this in Discover?
This is definitely not a KDE issue. It will be issue with the PackageKit library or its DNF plugin. These are third-party libraries not owned or controlled by KDE that are used by Discover to provide installation and updating functionality.
pkcon --allow-untrusted does not install unsigned package from GPG repo (dnf / RHEL 8) · Issue #422 · PackageKit/PackageKit · GitHub and zypp backend: rpm signature validation not propagated · Issue #402 · PackageKit/PackageKit · GitHub look related, but not exactly the same. I would recommend submitting a bug report at Issues · PackageKit/PackageKit · GitHub.
You could also report it to the Fedora folks at https://bugzilla.redhat.com/ if you’d prefer to deal with the distro as an intermediary, rather than going directly to the PackageKit project maintainers.
Sounds good. I’ll open a Bugzilla