Topic: GPG Signature Verification Error

Followed steps in configuration wizard for
Operating System: RHEL 8.8
Wanted PHP Version: 8.2.6
Type of Installation: Default/Single Version

Installation of epel-release and remi-release appear to succeed. However, I get a GPG signature verification error for repo remi-safe when running dnf update.

Any guidance appreciated.

Transcript follows. Note I had to remove the URLs in order to post.

[root@simplerisk01 john.rubinger]# subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
Repository 'codeready-builder-for-rhel-8-x86_64-rpms' is enabled for this system.
[root@simplerisk01 john.rubinger]# dnf install [EPEL URL]
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:38 ago on Wed 17 May 2023 12:03:05 PM ADT.
epel-release-latest-8.noarch.rpm                                                                                                                   84 kB/s |  25 kB     00:00
Dependencies resolved.
==================================================================================================================================================================================
 Package                                      Architecture                           Version                                   Repository                                    Size
==================================================================================================================================================================================
Installing:
 epel-release                                 noarch                                 8-19.el8                                  @commandline                                  25 k

Transaction Summary
==================================================================================================================================================================================
Install  1 Package

Total size: 25 k
Installed size: 35 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                          1/1
  Installing       : epel-release-8-19.el8.noarch                                                                                                                             1/1
  Running scriptlet: epel-release-8-19.el8.noarch                                                                                                                             1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.

  Verifying        : epel-release-8-19.el8.noarch                                                                                                                             1/1
Installed products updated.

Installed:
  epel-release-8-19.el8.noarch

Complete!
[root@simplerisk01 john.rubinger]# dnf install [remi-release-8.rpm RL]
Updating Subscription Management repositories.
Extra Packages for Enterprise Linux 8 - x86_64                                                                                                     13 MB/s |  14 MB     00:01
Last metadata expiration check: 0:00:03 ago on Wed 17 May 2023 12:03:56 PM ADT.
remi-release-8.rpm                                                                                                                                 73 kB/s |  31 kB     00:00
Dependencies resolved.
==================================================================================================================================================================================
 Package                                    Architecture                         Version                                         Repository                                  Size
==================================================================================================================================================================================
Installing:
 remi-release                               noarch                               8.7-2.el8.remi                                  @commandline                                31 k

Transaction Summary
==================================================================================================================================================================================
Install  1 Package

Total size: 31 k
Installed size: 27 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                          1/1
  Installing       : remi-release-8.7-2.el8.remi.noarch                                                                                                                       1/1
  Verifying        : remi-release-8.7-2.el8.remi.noarch                                                                                                                       1/1
Installed products updated.

Installed:
  remi-release-8.7-2.el8.remi.noarch

Complete!
[root@simplerisk01 john.rubinger]# dnf update
Updating Subscription Management repositories.
Remi's Modular repository for Enterprise Linux 8 - x86_64                                                                                         1.8 kB/s | 833  B     00:00
Remi's Modular repository for Enterprise Linux 8 - x86_64                                                                                         3.0 MB/s | 3.1 kB     00:00
Importing GPG key 0x5F11735A:
 Userid     : "Remi's RPM repository <remi@remirepo.net>"
 Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
Is this ok [y/N]: y
Remi's Modular repository for Enterprise Linux 8 - x86_64                                                                                         1.7 MB/s | 1.3 MB     00:00
Safe Remi's RPM repository for Enterprise Linux 8 - x86_64                                                                                        3.7 kB/s | 833  B     00:00
Safe Remi's RPM repository for Enterprise Linux 8 - x86_64                                                                                        3.0 MB/s | 3.1 kB     00:00
Importing GPG key 0x5F11735A:
 Userid     : "Remi's RPM repository <remi@remirepo.net>"
 Fingerprint: 6B38 FEA7 231F 87F5 2B9C A9D8 5550 9759 5F11 735A
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el8
Is this ok [y/N]: y
Safe Remi's RPM repository for Enterprise Linux 8 - x86_64                                                                                        7.5 kB/s | 833  B     00:00
Error: Failed to download metadata for repo 'remi-safe': repomd.xml GPG signature verification error: Bad GPG signature

Re: GPG Signature Verification Error

> Error: Failed to download metadata for repo 'remi-safe': repomd.xml GPG signature verification error: Bad GPG signature

$ gpg --verify  enterprise/8/safe/x86_64/repodata/repomd.xml.asc enterprise/8/safe/x86_64/repodata/repomd.xml
gpg: Signature made Wed May 17 16:01:42 2023 CEST
gpg:                using RSA key 6B38FEA7231F87F52B9CA9D8555097595F11735A
gpg: Good signature from "Remi's RPM repository <remi@remirepo.net>" [unknown]
Primary key fingerprint: 6B38 FEA7 231F 87F5 2B9C  A9D8 5550 9759 5F11 735A

This looks like a cache issue (different version of repomd.xml and repomd.xml.asc)
Check your proxy, force a refresh

Or disable GPG check for metadata (repo_gpgcheck=0 in repository configuration)

Else a simple retry later should auto-solve this.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi