> Hi Mario, Could you share the command to verify?
$ jcat-tool info firmware.xml.gz.jcat --public-keys /etc/pki/fwupd-metadata/ --verbose
Compare the sha1/sha256 output from this to:
$ sha1sum firmware.xml.gz.jcat
$ sha256sum firmware.xml.gz.jcat
Then run this and make sure it passes:
$ jcat-tool verify firmware.xml.gz.jcat --public-keys /etc/pki/fwupd-metadata/ --kind pkcs7 --verbose
If that passes run this:
$ jcat-tool verify firmware.xml.gz.jcat --public-keys /etc/pki/fwupd-metadata/ --kind pkcs7 --verbose
> A quick cross-check, the file in ~/cache/fwupd/remotes.d/lvfs is the same if I compare the one downloaded by plasma-discover and "fwupdmgr refresh"
Good, so we don't have a downloader problem most likely.
>One thing I can see is: new code just use fwupd_client_get_remotes_async, while old code seems download file and call fwupd_client_update_metadata.
But in both cases it's using daemon and libjcat to do the verification. I think we need to fixate on the downloaded files to see what makes them complain from libjcat.
> Hi Mario, Could you share the command to verify? xml.gz. jcat --public-keys /etc/pki/ fwupd-metadata/ --verbose
$ jcat-tool info firmware.
Compare the sha1/sha256 output from this to: xml.gz. jcat xml.gz. jcat
$ sha1sum firmware.
$ sha256sum firmware.
Then run this and make sure it passes: xml.gz. jcat --public-keys /etc/pki/ fwupd-metadata/ --kind pkcs7 --verbose
$ jcat-tool verify firmware.
If that passes run this: xml.gz. jcat --public-keys /etc/pki/ fwupd-metadata/ --kind pkcs7 --verbose
$ jcat-tool verify firmware.
> A quick cross-check, the file in ~/cache/ fwupd/remotes. d/lvfs is the same if I compare the one downloaded by plasma-discover and "fwupdmgr refresh"
Good, so we don't have a downloader problem most likely.
>One thing I can see is: new code just use fwupd_client_ get_remotes_ async, while old code seems download file and call fwupd_client_ update_ metadata.
But in both cases it's using daemon and libjcat to do the verification. I think we need to fixate on the downloaded files to see what makes them complain from libjcat.