In RHEL and other DNF-based systems, you can import a GPG key using the rpm command or by defining it directly in the repository configuration.
1. Using the rpm command
The most direct way to import a key is using the --import flag. You can import it from a local file or directly from a URL:
From a URL (Common for third-party repos):
sudo rpm --import https://www.example.com/RPM-GPG-KEY-exampleFrom a local file:
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release2. Automatically via the .repo file
This is the recommended way for managing repositories. Instead of manually importing the key, you tell DNF where the key is located inside the repository configuration file (located in /etc/yum.repos.d/).
You would add these lines to the repo file:
gpgcheck=1
gpgkey=https://www.example.com/RPM-GPG-KEY-exampleWhen you run dnf install for the first time from that repository, DNF will:
- See that
gpgcheckis on. - Note that the key is missing from your system.
- Download the key from the
gpgkeyURL. - Ask you for permission to import it.
How to see which keys are already imported?
To see a list of all GPG keys currently "trusted" by your system, run:
rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'Summary
- Manual:
sudo rpm --import <link_to_key> - Automatic: Specify
gpgkey=in your/etc/yum.repos.d/xxx.repofile.
In a professional environment, always verify the source of the GPG key before importing it, as this key tells your system who to trust for software updates!
