GitLab Security Release: 16.9.2, 16.8.4, 16.7.7

New blog post on the GitLab blog by Greg Myers. Check it out here:

Just finished trying to update… here’s the result:

Error: Failed to download metadata for repo ‘gitlab_gitlab-ce’: repomd.xml GPG signature verification error: Bad GPG signature

Anybody else seeing this?

Thank you in advance

I did and here is how I resolved it

sudo dnf clean all
sudo rm -rf /var/cache/dnf/*gitlab*

Then try to update again, it will ask to import the new GPG keys


@Cris70 I had issues updating from the repo as well, I had to update the key with curl -s | sudo apt-key add -

I tried to do the 16.7.7 upgrade from 16.6.7, and I got a failure during the installation, I made a separate post about it at Upgrade from 16.6.6 to 16.6.7 ruby/glibc issue and am trying to figure out what exploded.

I had this same result on Ubuntu

That comment is uncalled for. GPG keys expire, this is all that has happened here. And it doesn’t just happen with Gitlab. Plenty of other repositories have to issue new keys - it’s normal.

For Debian/Ubuntu, very easy to fix:

can be dealt with very easy for RPM-based distros as well.


Thank you @arundaskd
It worked perfectly!