Updating puppet on Centos 8

If you are trying to update the puppet or maybe running dnf update / yum update to update other repositories, might be geeting the following erro

STDERR:
    warning: /var/cache/dnf/puppet6-61278a3d8cb73bd9/packages/puppet-agent-6.21.0-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 9e61ef26: NOKEY
    The GPG keys listed for the "Puppet 6 Repository el 8 - x86_64" repository are already installed but they are not correct for this package.
    Check that the correct key URLs are configured for this repository.. Failing package is: puppet-agent-6.21.0-1.el8.x86_64
     GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release
    Public key for puppet6-release-6.0.0-14.el8.noarch.rpm is not installed. Failing package is: puppet6-release-6.0.0-14.el8.noarch
     GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release
    Error: GPG check FAILED
Failed on c5.ds.cse.uom.lk:
  The command failed with exit code 1

This error means that, repository manager has updated the gpg key from the original site, but the original site is complaining about the new key.

Let’s see what has happened. Before move into further run the following command and see whats there.

ls /etc/pki/rpm-gpg/

For me output looks like this.

If you carefully look at the output you will see that there are two RPM-GPD-KEY-puppet6-release and RPM-GPD-KEY-2025–04–06-puppet6-release .

Now lets go and see the yum repository.

cat /etc/yum.repos.d/puppet6.repo

The out put for me looks like this.

Check the value of parameter gpgkey, you’ll see that it’s kind of pointed to the old file in the key folder. Yum installs the key to correct place as per the instructions from original site, but when its communicating to get new updates, it’s again sending the old key. Okay. Now we know what has gone wrong here.

What we have to do is to replace the gpg key file to the correct / new one so that yum knows how to find the correct one.

But to be on safe side, lets just keep both of the files, then yum will manage to find the correct one.

All you have to do is append the new file path to gpgkey parameter.

[puppet6]
name=Puppet 6 Repository el 8 - $basearch
baseurl=http://yum.puppetlabs.com/puppet6/el/8/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release
       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet6-release
enabled=1
gpgcheck=1

Make it look something like this.

Now go back and re run the update.

sudo dnf update

Probably it will ask couple of yes/ no questions and we are done.