Install the Tanzu CLI using a package manager on YUM or DNF (RHEL) fails with "Error: Failed to download metadata for repo 'tanzu-cli': repomd.xml GPG signature verification error: Bad GPG signature"
Article ID: 384305
Updated On:
Products
Issue/Introduction
When attempting to install the tanzu CLI on an YUM or DNF (RHEL) system, it fails.
The failure occurs upon running the command: sudo yum install tanzu-cli-1.3.0
The error reported is similar to below:
Error: Failed to download metadata for repo 'tanzu-cli': repomd.xml GPG signature verification error: Bad GPG signatureEnvironment
ANY environment that requires or makes use of the tanzu CLI.
Such as:
- Tanzu Kubernetes Grid
- Tanzu Mission Control
- vSphere IaaS control plane Documentation (formerly vSphere with Tanzu)
Cause
2024.12.16: Status Summary:
Ongoing issue. Investigation in progress:
2024.12.16: Status Details:
It is believed this is an issue when using RPM signing in conjunction with DigiCert® Software Trust Manager
As mentioned in the DigiCert article, Sign RPM files with GPG and RPM signing tool using Smartcard Daemon (SCD):
Certain versions of RHEL and CentOS, specifically versions 8 and 9, may encounter issues when attempting to use RPM signing in conjunction with Software Trust Manager when using a combination of a subkey and a master key. To address this issue, download a keyring with only a master key enabled for signing.
Resolution
Steps:
- Create the
tanzu-cli.repofile just as mentioned in the Install the Tanzu CLI -> Install using a package manager -> YUM or DNF (RHEL) documentation - Use the yum or dnf utlity but with the flag to disable GPG Checking
- Using
yum:
- Using
sudo yum install --nogpgcheck -y tanzu-cli-1.3.0
-
- Using
dnf:
- Using
sudo dnf install --nogpgcheck -y tanzu-cli-1.3.0
Additional Information
If you have further issues or questions, please open a Tanzu Support Request.
Feedback
