When attempting to update packages on AlmaLinux 8.8 (especially after migrating from CentOS 7/8), users frequently encounter GPG key verification failures that prevent package installation. The error manifests like this:
Public key for libstdc++-8.5.0-18.el8.alma.x86_64.rpm is not installed
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Error: GPG check FAILED
The system fails to verify package signatures because either:
- The RPM GPG keys weren't properly imported during migration
- The existing keys are outdated or corrupted
- Key configuration points to incorrect locations
Step 1: Reset and Reimport GPG Keys
First remove any existing keys and reimport fresh ones:
# Remove existing keys
sudo rpm -e gpg-pubkey --all
sudo rm -f /etc/pki/rpm-gpg/RPM-GPG-KEY-*
# Import AlmaLinux 8 GPG keys
sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-8
sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
Step 2: Verify Key Installation
Check that keys are properly installed:
rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
Should show entries like:
gpg-pubkey-51d6647e-5e8a6f4e gpg(AlmaLinux <packager@almalinux.org>)
gpg-pubkey-5a6340b3-6229229e gpg(AlmaLinux <packager@almalinux.org>)
Step 3> Configure DNF for Proper Key Verification
Edit the repository configuration to ensure proper key checking:
sudo vi /etc/yum.repos.d/almalinux.repo
Ensure these settings exist under [baseos] and [appstream]:
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Alternative: Temporarily Disable GPG Checks (Not Recommended)
For emergency situations only, you can bypass verification:
sudo dnf update --nogpgcheck
The dependency conflicts shown in the error suggest a mixed environment with both CentOS 7 and AlmaLinux 8 packages. To resolve:
# Remove conflicting CentOS 7 packages
sudo rpm -e systemd-python --nodeps
# Clean the DNF cache
sudo dnf clean all
sudo rm -rf /var/cache/dnf
# Then try installing leapp requirements
sudo dnf install -y python-requests systemd-container
After applying these fixes:
sudo dnf update --refresh
sudo dnf install leapp-upgrade-el8toel9
The system should now update packages without GPG errors and allow leapp installation for future migrations.
The error message clearly indicates a problem with GPG key verification when trying to update packages on AlmaLinux 8.8. This security feature ensures package integrity by checking cryptographic signatures against trusted keys.
Public key for libstdc++-8.5.0-18.el8.alma.x86_64.rpm is not installed
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
Error: GPG check FAILED
Here's a step-by-step method to resolve this issue:
1. Verify Existing GPG Keys
First, check if the AlmaLinux GPG key exists in your system:
rpm -qa gpg-pubkey*
rpm -qi gpg-pubkey-b0b1b0c1
2. Reimport AlmaLinux GPG Keys
Remove and reimport the keys to ensure freshness:
sudo rpm -e gpg-pubkey-b0b1b0c1
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
3. Clean and Update Repositories
Perform a thorough cleanup and refresh:
sudo dnf clean all
sudo dnf makecache
The leapp-upgrade error suggests deeper system conflicts from the CentOS 7 to 8 migration:
package systemd-container-239-74.el8_8.2.x86_64 obsoletes systemd < 229-5
package systemd-python-219-78.el7_9.7.x86_64 requires systemd = 219-78.el7_9.7
Resolution Strategy
For systems with mixed dependencies:
sudo dnf remove systemd-python
sudo dnf install python3-systemd
sudo dnf distro-sync --allowerasing
If issues persist, try these additional verification steps:
sudo rpm --checksig /var/cache/dnf/packages/*.rpm
sudo dnf update --nogpgcheck
Note: Use --nogpgcheck only temporarily for troubleshooting.
After resolving the GPG issue, verify your system integrity:
sudo dnf repolist
sudo dnf update
rpm -q libstdc++ ncurses