Gitlab-runner-16.0.1 upgrade fails with a GPG key error

Centos 7.9, trying to run “sudo yum upgrade”. Here are the current versions and new versions that I am trying to upgrade to:
—> Package git.x86_64 0: will be updated
—> Package git.x86_64 0: will be an update
—> Package gitlab-ce.x86_64 0:15.11.0-ce.0.el7 will be updated
—> Package gitlab-ce.x86_64 0:16.0.1-ce.0.el7 will be an update
—> Package gitlab-runner.x86_64 0:15.11.0-1 will be updated
—> Package gitlab-runner.x86_64 0:16.0.1-1 will be an update

After yum downloads the packages (along with other packages to be updated), it aborts with an error:

Retrieving key from
Retrieving key from
The GPG keys listed for the “runner_gitlab-runner” repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Failing package is: gitlab-runner-16.0.1-1.x86_64
GPG Keys are configured as:,

How to fix this, and what are the correct key URLs?

EDIT: Not sure if this warning during the same yum upgrade run is relevant too:

warning: /var/cache/yum/x86_64/7Server/runner_gitlab-runner/packages/gitlab-runner-16.0.1-1.x86_64.rpm: Header V4 RSA/SHA 512 Signature, key ID 6ba75a4e: NOKEY
Public key for gitlab-runner-16.0.1-1.x86_64.rpm is not installed
(7/8): gitlab-runner-16.0.1-1.x86_64.rpm | 440 MB 00:00:11

A workaround of course was to disable gpg key check in the gitlab-ce and runner repo files:


Now the upgrade proceeded, but of course it would be nice to be able to enable the GPG key check again, by fixing the key URLs in those repo files.

This key isn’t in use anymore, the current key is documented in Install GitLab Runner using the official GitLab repositories | GitLab

Can you share the yum repository configuration, maybe the GPG key URL is hardcoded in there and needs a replacement? The new key needs to be downloaded and imported in the keyring too.

Oh, right, I said this is CentOS 7.9, but actually this is Oracle Linux 7.9. Close enough…

Below is the relevant repo (I changed gpgcheck=0).
Is the correct gpgkey link now ?
Does the download and import use the commands in these instructions?

Here is the current runner repo:

cat /etc/yum.repos.d/runner_gitlab-runner.repo



Looks good to me. More recent versions of rpm allow to import via a URL, older versions required to download the GPG key file first.

@timppu hit this on RHEL 9 as well.
I deleted the YUM repository and run the install script from runner/gitlab-runner - Installation · again. I noticed new GPG key was imported on upgrade of gitlab-runner package. Did not investigate it deeper.

I solved the problem for now doing these steps:


sudo vi /etc/yum.repos.d/runner_gitlab-runner.repo

and changed the (second) gpg key line as follows:


Also enabled the GPG check as well (I had disabled it before as a workaround):


After that I also ran, just in case:

sudo yum clean all

Then normally:

sudo yum upgrade

And gitlab-runner got updated without issues, along with everything else.

I am unsure if I am missing some relevant steps (I am unsure what it means to “import the key in the keyring”, did I do it already with the above steps, or does it matter?), but at least it works now, without having to disable the GPG check.