Error: GPG check FAILED

문제

Red Hat Enterprise Linux 10 for x86_64 - AppStream (RPMs)                                                                                                                                                                                                                                 3.6 MB/s | 3.7 kB     00:00    
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release (0xFD431D51) is already installed
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release (0x5A6340B3) is already installed
Red Hat Enterprise Linux 10 for x86_64 - BaseOS (RPMs)                                                                                                                                                                                                                                    3.6 MB/s | 3.7 kB     00:00    
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release (0xFD431D51) is already installed
GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release (0x5A6340B3) is already installed
The GPG keys listed for the "Red Hat Enterprise Linux 10 for x86_64 - AppStream (RPMs)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: kernel-devel-6.12.0-124.40.1.el10_1.x86_64
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
The GPG keys listed for the "Red Hat Enterprise Linux 10 for x86_64 - BaseOS (RPMs)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: kernel-6.12.0-124.40.1.el10_1.x86_64
... 중략 ...
 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
[root@dr ~]#

위와같은 오류가 발생하는 이유는

DNF이전 버전(10.1-16 이하)의 redhat-release패키지가 실행 중인 시스템에서는 패키지 서명을 확인할 수 없습니다. 이는 Post-Quantum Cryptography (PQC) 서명 확인에 필요한 공개 키가 시스템에 없기 때문입니다 . 즉, 로컬 GPG 키링에 /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release 에 V4 RSA 키만 포함되어 있는 경우입니다.

저장소의 패키지(예 gnupg2-smime, gnupg2, glib2) 는 새로운 Post-Quantum Cryptography (PQC) key (Release Key 4) 서명으로 서명되었습니다.

해결방법

RHEL 10.1

redhat-release 패키지 업그레이드

# dnf update redhat-release

새로운 키가 등록됐는지 확인

# rpm -qa | grep pubkey
gpg-pubkey-fd431d51-4ae0493b
gpg-pubkey-5a6340b3-6229229e
gpg-pubkey-05707a62-68e6a1f3        <<< 
#  rpmkeys --list
fd431d51-4ae0493b: Red Hat, Inc. (release key 2) <security@redhat.com> public key
5a6340b3-6229229e: Red Hat, Inc. (auxiliary key 3) <security@redhat.com> public key
05707a62-68e6a1f3: Red Hat, Inc. (release key 4) <security@redhat.com> public key        <<<

RHEL 9.7+ with python3-dnf-plugin-multisig installed

키를 수동으로 import

# /usr/lib/pqrpm/bin/rpmkeys -i /etc/pki/rpm-gpg/RPM-GPG-KEY-PQC-redhat-release

또는 다중 서명 플러그인 비활성화

# yum update --disableplugin=multisig

참조링크

https://access.redhat.com/solutions/3449341

목차

Error: GPG check FAILED

문제

해결방법

RHEL 10.1

RHEL 9.7+ with python3-dnf-plugin-multisig installed

참조링크