PGDG16 repository error - repomd.xml.asc is empty

Hello,
I've found that PGDG16 repository access is failing (while last Thursday
it worked):

Example - pgdg 17 works, pgdg16 doesn't work:

$ yum repolist pgdg16 pgdg17
repo id repo name
status
pgdg16 PostgreSQL 16 for RHEL / Rocky / AlmaLinux 9 - x86_64
enabled
pgdg17 PostgreSQL 17 for RHEL / Rocky / AlmaLinux 9 - x86_64
enabled

$ yum -y --disablerepo=* --enablerepo=pgdg17 info postgresql17
Last metadata expiration check: 0:00:10 ago on Mon 04 Aug 2025 02:25:55 PM
UTC.
Available Packages
Name : postgresql17
Version : 17.5
Release : 3PGDG.rhel9
Architecture : x86_64
Size : 1.9 M
Source : postgresql17-17.5-3PGDG.rhel9.src.rpm
Repository : pgdg17
Summary : PostgreSQL client programs and libraries
URL : https://www.postgresql.org/
License : PostgreSQL
Description : PostgreSQL is an advanced Object-Relational database
management system (DBMS).
: The base postgresql package contains the client programs
that you'll need to
: access a PostgreSQL DBMS server. These client programs can
be located on the
: same machine as the PostgreSQL server, or on a remote
machine that accesses a
: PostgreSQL server over a network connection. The PostgreSQL
server can be found
: in the postgresql17-server sub-package.
:
: If you want to manipulate a PostgreSQL database on a local
or remote PostgreSQL
: server, you need this package. You also need to install
this package
: if you're installing the postgresql17-server package.

$ yum -y --disablerepo=* --enablerepo=pgdg16 info postgresql16
PostgreSQL 16 for RHEL / Rocky / AlmaLinux 9 - x86_64

0.0 B/s | 0
B 00:00
Error: Failed to download metadata for repo 'pgdg16': repomd.xml GPG
signature verification error: gpgme_op_verify() error: No data

The PGP signature for PGDG16 repo is empty:

$ curl -I
https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-9-x86_64/repodata/repomd.xml.asc
HTTP/2 200
server: nginx
content-type: application/octet-stream
last-modified: Sun, 03 Aug 2025 15:33:48 GMT
etag: "688f815c-0"
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Mon, 04 Aug 2025 14:17:10 GMT
via: 1.1 varnish
age: 14378
x-served-by: cache-fra-etou8220082-FRA
x-cache: HIT
x-cache-hits: 64
x-timer: S1754317030.249893,VS0,VE0
content-length: 0

The only workaround I've found is to set repo_gpgcheck = 0
in /etc/yum.repos.d/pgdg-redhat-all.repo for pgdg16.

Thanks for fixing or providing advice on how to securely handle this issue.

Kind regards Ales Zeleny

Probably duplicate for BUG #19009 / BUG #19010.

po 4. 8. 2025 v 17:01 odesílatel Aleš Zelený <zeleny.ales@gmail.com>
napsal:

Hello,
I've found that PGDG16 repository access is failing (while last Thursday
it worked):

Example - pgdg 17 works, pgdg16 doesn't work:

$ yum repolist pgdg16 pgdg17
repo id repo name
status
pgdg16 PostgreSQL 16 for RHEL / Rocky / AlmaLinux 9 - x86_64
enabled
pgdg17 PostgreSQL 17 for RHEL / Rocky / AlmaLinux 9 - x86_64
enabled

$ yum -y --disablerepo=* --enablerepo=pgdg17 info postgresql17
Last metadata expiration check: 0:00:10 ago on Mon 04 Aug 2025 02:25:55
PM UTC.
Available Packages
Name : postgresql17
Version : 17.5
Release : 3PGDG.rhel9
Architecture : x86_64
Size : 1.9 M
Source : postgresql17-17.5-3PGDG.rhel9.src.rpm
Repository : pgdg17
Summary : PostgreSQL client programs and libraries
URL : https://www.postgresql.org/
License : PostgreSQL
Description : PostgreSQL is an advanced Object-Relational database
management system (DBMS).
: The base postgresql package contains the client programs
that you'll need to
: access a PostgreSQL DBMS server. These client programs can
be located on the
: same machine as the PostgreSQL server, or on a remote
machine that accesses a
: PostgreSQL server over a network connection. The
PostgreSQL server can be found
: in the postgresql17-server sub-package.
:
: If you want to manipulate a PostgreSQL database on a local
or remote PostgreSQL
: server, you need this package. You also need to install
this package
: if you're installing the postgresql17-server package.

$ yum -y --disablerepo=* --enablerepo=pgdg16 info postgresql16
PostgreSQL 16 for RHEL / Rocky / AlmaLinux 9 - x86_64

0.0 B/s | 0
B 00:00
Error: Failed to download metadata for repo 'pgdg16': repomd.xml GPG
signature verification error: gpgme_op_verify() error: No data

The PGP signature for PGDG16 repo is empty:

$ curl -I
https://download.postgresql.org/pub/repos/yum/16/redhat/rhel-9-x86_64/repodata/repomd.xml.asc
HTTP/2 200
server: nginx
content-type: application/octet-stream
last-modified: Sun, 03 Aug 2025 15:33:48 GMT
etag: "688f815c-0"
strict-transport-security: max-age=31536000
accept-ranges: bytes
date: Mon, 04 Aug 2025 14:17:10 GMT
via: 1.1 varnish
age: 14378
x-served-by: cache-fra-etou8220082-FRA
x-cache: HIT
x-cache-hits: 64
x-timer: S1754317030.249893,VS0,VE0
content-length: 0

The only workaround I've found is to set repo_gpgcheck = 0
in /etc/yum.repos.d/pgdg-redhat-all.repo for pgdg16.

Thanks for fixing or providing advice on how to securely handle this
issue.

Kind regards Ales Zeleny

On 8/5/25 01:05, Aleš Zelený wrote:

The pgdg16-debuginfo repository suffers from another issue (yesterday it
worked):

You should be bringing this up here:

https://github.com/pgdg-packaging/pgdg-rpms/issues/

Failed to download metadata for repo 'pgdg16-debuginfo': repomd.xml GPG
signature verification error: Bad GPG signature

I am going to say it is related to:

https://github.com/pgdg-packaging/pgdg-rpms/issues/64

Kind regards Ales Zeleny

--
Adrian Klaver
adrian.klaver@aklaver.com