Overview
On some RHEL 10.1 installs users are running into this error, post-install, when attempting to install packages via dnf.
Unsure if the issue is isolated to users attempting to install RHEL via the full DVD ISO, from the minimal boot ISO, and users deploying RHEL 10.1 via kickstart.
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
The GPG keys listed for the "Red Hat Enterprise Linux 10 for x86_64 - AppStream (RPMs)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: gnupg2-smime-2.4.5-3.el10_1.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILEDMore Details
The issue is caused by GPG keys installed in /etc/pki/rpm-gpg, specifically RPM-GPG-KEY-redhat-release
This issue is being tracked via BUG RHEL-144980
Workaround
I am currently aware of two workaround, one manual, one much more simple. Details below
Workaround #1 (Simple)
Use dnf to install new GPG keys used via dnf
$ sudo dnf update redhat-release
After doing so you should run the following
$ sudo dnf clean all
You should now be able to update RHEL and install additional RPMs.
Workaround #2 (manual)
You can delete the current key in “/etc/pki/rpm-gpg”
Delete the following
- RPM-GPG-KEY-redhat-release
- RPM-GPG-KEY-redhat-beta (if applicable)
Then SCP known working copies of the keys that you just deleted from a RHEL 10.1 host that is not experiencing this issue. I would suspect an earlier build of RHEL 10.1 or possibly a later build or RHEL 10.1 once available will not experience this issue.
Once you replace the keys, clean up dnf cache
$ sudo dnf clean-all