On Fri, Dec 18, 2015 at 12:34 PM, Rick Stevens <ricks@alldigital.com> wrote:
On 12/18/2015 12:06 PM, Greg Woods wrote:

On Fri, Dec 18, 2015 at 10:54 AM, Rick Stevens <ricks@alldigital.com
<mailto:ricks@alldigital.com>> wrote:

         file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-23-x86_64

    which is a symlink to:

             /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-23-primary


I have run into the situation where this symlink still points to the
wrong place, which would cause any of the RPMs to fail the check. Look
to see if the symlink is actually pointing where it should. I've also
seen it try to use /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64, so check
to see that this one points to the correct Fedora version's key.

There are clearly some bugs in dnf system-upgrade where setting up the
GPG keys isn't done correctly.

That's an issue, but what was scary to me was that the RPM was
referencing a file or symlink that did NOT have the Fedora version
in it--just "fedora-x86_64" rather than "fedora-23-x86_64". Something
like a kernel that doesn't specify the version is a BAD thing (IMHO).

In other words, I don't think this is a dnf issue, but rather an RPM
packaging error (at least in these two cases).

easy workaround was --nogpgcheck option of dnf