Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save luizrobertofreitas/f8d7f668fa730f3399ea99b976608331 to your computer and use it in GitHub Desktop.
Save luizrobertofreitas/f8d7f668fa730f3399ea99b976608331 to your computer and use it in GitHub Desktop.
Remove obsolete GPG key from DNF (Fedora)

The problem

Initial situation

Using Fedora 38, say you want to update the package albert from manuelschneid3r, hosted at

And with dnf update, you get the following output:

~ sudo dnf update
Dependencies resolved.
 Package     Architecture     Version           Repository                Size
 albert      x86_64           0.20.14-532.1     home_manuelschneid3r     2.3 M

Transaction Summary
Upgrade  1 Package

Total size: 2.3 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] albert-0.20.14-532.1.x86_64.rpm: Already downloaded
error: Verifying a signature using certificate A4B83CD05FDF5C5178482D4A1488EB46E192A257 (home:manuelschneid3r OBS Project <>):
  1. Certificiate 1488EB46E192A257 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-03-05T03:37:15Z
  2. Key 1488EB46E192A257 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-03-05T03:37:15Z
error: Verifying a signature using certificate A4B83CD05FDF5C5178482D4A1488EB46E192A257 (home:manuelschneid3r OBS Project <>):
  1. Certificiate 1488EB46E192A257 invalid: certificate is not alive
      because: The primary key is not live
      because: Expired on 2022-03-05T03:37:15Z
  2. Key 1488EB46E192A257 invalid: key is not alive
      because: The primary key is not live
      because: Expired on 2022-03-05T03:37:15Z
home:manuelschneid3r (Fedora_38)
GPG key at (0xE192A257) is already installed
The GPG keys listed for the "home:manuelschneid3r (Fedora_38)" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. Failing package is: albert-0.20.14-532.1.x86_64
 GPG Keys are configured as:
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED

But checking the live GPG key at, you see the following information: image


You have in your RPM cache, used by DNF, an obsolete key which is now expired, and which has the same key ID and fingerprint as the new key. Your system therefore assumes that it already has the requested key, even though its copy has expired.

The solution

Find the culprit

To find the currently stored key, run:

~ sudo rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
gpg-pubkey-eb10b464-6202d9c6	Fedora (38) <> public key
gpg-pubkey-e192a257-5e042aeb	home:manuelschneid3r OBS Project <> public key

Here, the one we search for is named gpg-pubkey-e192a257-5e042aeb.

Get rid of it

Delete the key:

~ sudo rpm -e gpg-pubkey-e192a257-5e042aeb

Update again

Let's run the packages update again:

~ sudo dnf update
Dependencies resolved.
 Package     Architecture     Version           Repository                Size
 albert      x86_64           0.20.14-532.1     home_manuelschneid3r     2.3 M

Transaction Summary
Upgrade  1 Package

Total size: 2.3 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] albert-0.20.14-532.1.x86_64.rpm: Already downloaded
home:manuelschneid3r (Fedora_38)
Importing GPG key 0xE192A257:
 Userid     : "home:manuelschneid3r OBS Project <>"
 Fingerprint: A4B8 3CD0 5FDF 5C51 7848 2D4A 1488 EB46 E192 A257
 From       :
Is this ok [y/N]: 

A new key is found, that's a good sign! Accept it and continue:

Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :
  Upgrading        : albert-0.20.14-532.1.x86_64
  Running scriptlet: albert-0.20.14-532.1.x86_64



Job is done!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment