Bad signature error on repo_gpgcheck with F39 (but works fine with F38)

When trying to install a package on F39 from an internal repository I’m getting the error Bad PGP signature on the metadata, however the same repository works fine in F38.

$ sudo dnf install -y appcast-test
appcast-test                                    148 kB/s | 227  B     00:00
appcast-test                                    616 kB/s | 631  B     00:00
Importing GPG key 0xFEECCB51:
 Userid     : "Test User <>"
 Fingerprint: CE51 A782 FD8E 13AB B1A6 719C 2646 BE28 FEEC CB51
 From       :
appcast-test                                    127 kB/s | 227  B     00:00
Error: Failed to download metadata for repo 'appcast-test': repomd.xml GPG signature verification error: Bad PGP signature

I verified the metadata with both GPG and Sequoia on the same machine and that works fine.

$ sq verify --signer-cert repomd.xml.key --detached repomd.xml.asc repomd.xml
Good signature from 2646BE28FEECCB51
1 good signature.

The repo file is pretty standard too:


Any ideas what could be causing this? Does F39 have some requirements on the key that F38 does not?


It appears its because I was signing the repomd.xml as cleartext. Once I changed that to sign it as binary everything worked. Not sure if thats a bug or by design…