Fixing “GPG Key Retrieval Failed” Error in RedHat Yum Installation


30 views

When trying to install packages via yum on RedHat-based systems, you might encounter the frustrating "GPG key retrieval failed" error. This typically occurs when the system can't verify package signatures from repositories.

[user@host ~]$ sudo yum install etckeeper
...
GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

The error shows a file:// URI because yum first checks locally cached keys before attempting remote retrieval. This is actually a security feature - it prevents unnecessary network requests for keys that might already be available locally.

The fastest way to resolve this is to manually import the EPEL repository's GPG key:

sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

For EPEL 7 or 8, replace the "6" in the URL with the appropriate version number.

While not secure, you can temporarily disable GPG checks if you're in a trusted environment:

sudo yum install --nogpgcheck etckeeper

After importing the key, verify it's properly installed:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n' | grep EPEL

To avoid similar problems, ensure your system has all necessary repository configurations:

sudo yum install epel-release
sudo yum update

If issues persist, check these troubleshooting steps:

# Check repository configuration
ls -l /etc/yum.repos.d/

# Verify network connectivity to repositories
curl -I https://dl.fedoraproject.org/pub/epel/

# Check yum cache
sudo yum clean all
sudo yum makecache

When working with YUM package manager on RedHat-based systems (like CentOS or Fedora), you might encounter the frustrating "GPG key retrieval failed" error during package installation. This typically happens when YUM can't verify package signatures, which is a critical security feature.

[user@server ~]$ sudo yum install etckeeper
...
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
GPG key retrieval failed: [Errno 14] Could not open/read file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

The error shows YUM trying to access the GPG key from file:///etc/pki/rpm-gpg/ because:

  • YUM first checks local key storage before attempting remote retrieval
  • The repository configuration specifies this fallback location
  • The system expects certain keys to be pre-installed in this directory

Here are multiple ways to resolve this issue, ranked by effectiveness:

Method 1: Manually Import the EPEL Key

sudo rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6

Method 2: Disable GPG Checks (Not Recommended for Production)

sudo yum install etckeeper --nogpgcheck

Method 3: Reinstall EPEL Repository

# For CentOS/RHEL 6:
sudo rpm -e epel-release
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

If the above methods don't work, try these steps:

# Check repository configuration:
sudo yum repolist all

# Verify repository metadata:
sudo yum clean all
sudo yum makecache

# Check key files exist:
ls -la /etc/pki/rpm-gpg/

To avoid similar issues in the future:

  • Regularly update your GPG keys: sudo yum update gpg-pubkey*
  • Keep your EPEL repository updated
  • Consider setting up a local repository mirror