northCoder
Posts About Search

MySQL on Linux - Incorrect GPG Keys Installed

13 Nov 2022

Problem

You get an error when trying to run sudo yum update for MySQL packages. It used to work OK but now you get an error message similar to this:

1
2
3

The GPG keys listed for the "MySQL x.y Community Server" repository are already installed but they are not correct for this package.

Check that the correct key URLs are configured for this repository.

Solution

One solution (not the only solution) is to use the following command:

1

sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Discussion

The --import option to the rpm command imports the public key from the given URL into the RPM key database on the server. This is needed for MySQL to verify the downloaded version of the MySQL installation software.

The above URL for the key RPM-GPG-KEY-mysql-2022 applies to MySQL 8.0.28 packages and higher. Prior versions of MySQL (e.g. the version you may have originally installed) use a different key.

To be sure you have the right key, you can visit this official MySQL documentation page, which shows the contents of the key.

You can also read about the RPM signature checking process here, which refers to the URL shown above.

Using the above rpm --import command causes the key to be stored in the RPM database in /var/lib/rpm/.

To see what is stored there, you can use the command:

1

rpm -qa gpg-pubkey*

To see details for the MySQL key you can use the following command:

1

rpm -qi gpg-pubkey-3a79bd29

where 3a79bd29 is the key ID (as shown here).

The output:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Name        : gpg-pubkey
Version     : 3a79bd29
Release     : 61b8bab7
Architecture: (none)
Install Date: Mon 17 Oct 2022 05:47:44 PM UTC
Group       : Public Keys
Size        : 0
License     : pubkey
Signature   : (none)
Source RPM  : (none)
Build Date  : Tue 14 Dec 2021 03:39:35 PM UTC
Build Host  : localhost
Relocations : (not relocatable)
Packager    : MySQL Release Engineering <mysql-build@oss.oracle.com>
Summary     : gpg(MySQL Release Engineering <mysql-build@oss.oracle.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.11.3 (NSS-3)

mQINBGG4urcBEACrbsRa7tSSyxSfFkB+KXSbNM9rxYqoB78u107skReefq4/+Y72
TpDvlDZLmdv/lK0IpLa3bnvsM9IE1trNLrfi+JES62kaQ6hePPgn2RqxyIirt2se
...
VAaHODXyY/zdDMGjskfEYbNXCAY2FRZSE58tgTvPKD++Kd2KGplMU2EIFT7JYfKh
HAB5DGMkx92HUMidsTSKHe+QnnnoFmu4gnmDU31i
=Xqbo
-----END PGP PUBLIC KEY BLOCK-----

Another approach is to go to the MIT PGP Public Key Server, and enter the search string:

1

mysql-build@oss.oracle.com

This will return the following (and maybe other newer/older hits):

1
2

Type  bits/keyID      Date        User ID
pub   4096R/3A79BD29  2021-12-14  MySQL Release Engineering <mysql-build@oss.oracle.com>

From there you can navigate to the specific key ID (3A79BD29) - and then to the text of the public key on the MIT public key server.

mysql linux ec2 gpg
◄ Custom Routes in Javalin
Upgrading Thymeleaf 3.0 to 3.1 ►