π ~1 min read
Table of contents
Symptom & Impact
dnf update fails with GPG check FAILED and package signing trust errors.
Environment & Reproduction
The transaction is aborted even though repository access appears reachable.
Root Cause Analysis
Missing key import, rotated repository signing keys, incorrect system time, or tampered mirror metadata.
Quick Triage
Inspect repo files under /etc/yum.repos.d, verify gpgkey URL, and check system time with timedatectl.
Step-by-Step Diagnosis
Import the correct vendor key and ensure gpgcheck=1 remains enabled.
Solution – Primary Fix
Clean cache and refresh metadata with dnf clean all && dnf makecache –refresh.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Do not disable GPG checking except in temporary isolated testing scenarios.
Verification & Acceptance Criteria
If keys are fetched through proxy tooling, verify SELinux labels and confined service permissions.
Rollback Plan
Re-run the update command and confirm all packages pass signature verification.
Prevention & Hardening
Remove incorrectly imported test keys from the rpm keyring when no longer needed.
Related Errors & Cross-Refs
Track approved repository keys and rotate trust artifacts through change management.
Related tutorial: View the step-by-step tutorial for rhel-9.
View all rhel-9 tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
rpm -qa gpg-pubkey*; rpm –import ; dnf makecache –refresh
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
