🟡 Medium   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: CentOS Stream 10

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Package installs are aborted with NOKEY or signature errors on CentOS Stream 10.

Environment & Reproduction

Hosts that recently rotated CentOS keys or were re-imaged without rpm trust DB.

cat /etc/os-release
uname -r
rpm -qa | grep

Root Cause Analysis

Missing or revoked GPG public key in /etc/pki/rpm-gpg/.

Quick Triage

Confirm package, network, SELinux and firewall state.

rpm -qa gpg-pubkey
dnf repolist
ls /etc/pki/rpm-gpg/

Step-by-Step Diagnosis

Drill into package/dnf-gpg state and recent journal entries to isolate the failure.

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
dnf -v install  2>&1 | tail
Illustrative mockup for centos-stream-10 — cs10-b02-p027-diag
Diagnosis console for DNF GPG key verification failure on CentOS Stream 10 — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Apply the standard remediation for package/dnf-gpg on CentOS Stream 10.

Still having issues? Our Managed IT Services team can diagnose and resolve this for you. Get in touch for a free consultation.

sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
sudo dnf clean all
sudo dnf install
Illustrative mockup for centos-stream-10 — cs10-b02-p027-fix
Remediation output for DNF GPG key verification failure on CentOS Stream 10 — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Temporarily set gpgcheck=0 only for trusted internal mirrors.

Verification & Acceptance Criteria

Validate the fix with positive functional checks before closing.

rpm -qa gpg-pubkey --qf '%{NAME}-%{VERSION}n'

Rollback Plan

Revert to the previous known-good configuration if the fix regresses.

rpm -e gpg-pubkey-
rpm --import /old/key

Prevention & Hardening

Codify the fix in configuration management and add monitoring.

Automate patch management and compliance across your fleet with our DevOps services.

ansible -m rpm_key with key URL pinned.

Subscription content access and CRB repo signature issues.

Related tutorial: View the step-by-step tutorial for centos-stream-10.

View all centos-stream-10 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

CentOS GPG key guide.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.