GPG Signature Verification Fails - Rocky Linux 9 BaseOS

Rocky Linux Help & Support
1

Hello,

I’m running into an issue when attempting to update RL9 with dnf update or dnf updateinfo. The following error is output:

Importing GPG key 0x350D275D:
 Userid     : "Rocky Enterprise Software Foundation - Release key 2022 <releng@rockylinux.org>"
 Fingerprint: 21CB 256A E16F C54C 6E65 2949 702D 426D 350D 275D
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
Rocky Linux 9 - BaseOS                                                                                                                                                                                       2.7 kB/s | 833  B     00:00
Error: Failed to download metadata for repo 'baseos': repomd.xml GPG signature verification error: Bad GPG signature

I’ve confirmed the GPG key is valid and matches the expected value. Running the command with --nogpgcheck works, which narrows it down to the GPG key portion of the process.

From the /etc/yum.repos.d/rocky.repo on servers that fail GPG verification:

[baseos]
name=Rocky Linux $releasever - BaseOS
mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever$rltype
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9

The key I see in the mirror was updated 3/17/2026, which might explain why this was working last week, but updates this week have failed.

Rocky Linux Repository → RPM-GPG-KEY-Rocky-9

2

We also face a similar issue. We are running multiple servers with Rocky Linux 9, and since last week we cannot install any new packages or perform updates due to the repo update failing with

Error: Failed to download metadata for repo 'baseos': repomd.xml GPG signature verification error: Bad GPG signature

Running

dnf clean all
dnf update

does not fix the issue.

3

This looks like an issue with the repodata signing, not the actual package signing. If you set repo_gpgcheck=0and leave gpgcheck=1in /etc/yum.repos.d/rocky.repo,you should see updates working again. The infra team is looking into it.

2 Likes
4

@ksimmons4 and @QuantumDancer ,

Thank you for the report. This should be resolved now. Try doing a dnf clean all and then dnf update again. It should work now with repo gpg checking turned on.

2 Likes