How to import key that signs a repository for dnf/yum

Your answer is on this page : http://adminotes.blogspot.fr/2011/12/centos-6-rpm-sign-problem-v4-signatures.html

In summary, v4 signature are used by default in Centos 6, but Centos 5 only supports v3.

Adding --force-v3-sigs flag in your %__gpg_sign_cmd will makes it work.

The program gpgv / gpgv2 is used for simple checking of signatures. The problem is that exported key files are not recognized as keyring. Thus you have to create a keyring in the first step:

cd /some/tmp/dir || exit 1
test -f pubring.gpg && { rm -f pubring.gpg || exit 1; }
gpg --no-options --no-default-keyring --keyring ./pubring.gpg \
  --secret-keyring ./secring.gpg --import /etc/ourapp/ourapps_trusted_pubkeys.asc

Now /some/tmp/dir/pubring.gpg is a keyring file gpgv can use:

gpgv --keyring /some/tmp/dir/pubring.gpg \
  /var/lib/ourapp/newcontent.tar.gz.asc /var/lib/ourapp/newcontent.tar.gz

If the data file path is the signature path without .asc (like in your example) then you can leave it out.