Leapp's dry-run fails with "Error: GPG check FAILED"

Solution Verified - Updated 17 Jun 2025

Environment

Red Hat Enterprise Linux 7, 8, 9
Leapp

Issue

Leapp reports the below inhibitor:

    1. Actor: dnf_package_download
       Message: DNF execution failed with non zero exit code.
            Package leapp-deps-el9-5.0.9-100.202401121819Z.0e51aebb.master.el9.noarch.rpm is not signed
            Package leapp-repository-deps-el9-5.0.9-100.202401121819Z.0e51aebb.master.el9.noarch.rpm is not signed
            Error: GPG check FAILED

Resolution

Remove this DNF directive from /etc/dnf/dnf.conf and /etc/yum.conf:

localpkg_gpgcheck = 1

You can restore it when the in-place upgrade has been performed (post-reboot on the next RHEL).

Root Cause

Both packages mentioned are shipped by the Leapp repository and are not signed:

# rpm -qi /usr/share/leapp-repository/repositories/system_upgrade/el8toel9/files/bundled-rpms/*.rpm | grep -Ei "name|signature"
Name        : leapp-deps-el9
Signature   : (none)
Name        : leapp-repository-deps-el9
Signature   : (none)

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.