So I myself is also a CentOS user and was really interested as what caused it so I tried to reproduce it on CentOS 9 Steam (like you I used CentOS 8 and there it works fine).
Here are my steps to reproduce and also the solution to resolve it.
Here are my installation logs with comments;
1- Preparing the repo
[root@localhost ~]# vi /etc/yum.repos.d/grafana.repo
[root@localhost ~]# dnf update
grafana 2.1 kB/s | 454 B 00:00
grafana 20 kB/s | 1.7 kB 00:00
Importing GPG key 0x24098CB6:
Userid : "Grafana <info@grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
grafana 5.1 MB/s | 13 MB 00:02
Last metadata expiration check: 0:00:04 ago on Wed 28 Sep 2022 11:24:50 PM CEST.
Dependencies resolved.
Nothing to do.
Complete!
[root@localhost ~]# dnf makecache
CentOS Stream 9 - BaseOS 23 kB/s | 11 kB 00:00
CentOS Stream 9 - AppStream 102 kB/s | 12 kB 00:00
CentOS Stream 9 - Extras packages 79 kB/s | 12 kB 00:00
Extra Packages for Enterprise Linux 9 - x86_64 33 kB/s | 23 kB 00:00
Extra Packages for Enterprise Linux 9 - Next - 41 kB/s | 23 kB 00:00
grafana 2.1 kB/s | 454 B 00:00
Metadata cache created.
2- Installing Grafana via dnf package manager
[root@localhost ~]# dnf install grafana
[...]
[...]
grafana 17 kB/s | 1.7 kB 00:00
Importing GPG key 0x24098CB6:
Userid : "Grafana <info@grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
warning: Signature not supported. Hash algorithm SHA1 not available.
Key import failed (code 2). Failing package is: grafana-9.1.6-1.x86_64
GPG Keys are configured as: https://packages.grafana.com/gpg.key
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED
Now, I finally got the error which you described. Then after some research found out that in the latest version of CentOS, RHEL and Rocky Linux (ver 9 series in most cases), there are some changes made on the core cryptographic subsystems protocols.
So to view it you need to make sure that this package crypto-policies-scripts
is installed on the machine.
Once there, run this command;
[root@localhost ~]# update-crypto-policies --show
DEFAULT
Now, DEFAULT here means that the system allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if they are at least 2048 bits long.
I found this info from RedHat official docs after some digging and found that DEFAULT does not have SHA1:
3- Solution
Change the policy to SHA1 via command
[root@localhost ~]# update-crypto-policies --set DEFAULT:SHA1
Setting system policy to DEFAULT:SHA1
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
# Do a reboot on the machine
[root@localhost ~]# reboot
4- Run Installer again
[root@localhost ~]# dnf clean packages
20 files removed
[root@localhost ~]# dnf install grafana
Last metadata expiration check: 0:10:39 ago on Wed 28 Sep 2022 11:25:05 PM CEST.
Dependencies resolved.
[...]
[...]
[...]
(20/20): grafana-9.1.6-1.x86_64.rpm 6.1 MB/s | 77 MB 00:12
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 5.6 MB/s | 85 MB 00:15
grafana 16 kB/s | 1.7 kB 00:00
Importing GPG key 0x24098CB6:
Userid : "Grafana <info@grafana.com>"
Fingerprint: 4E40 DDF6 D76E 284A 4A67 80E4 8C8C 34C5 2409 8CB6
From : https://packages.grafana.com/gpg.key
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : urw-base35-fonts-common-20200910-6.el9.noarch
[...]
[...]
[...]
Installed:
chkconfig-1.20-2.el9.x86_64 fontconfig-2.14.0-1.el9.x86_64 freetype-2.10.4-9.el9.x86_64 grafana-9.1.6-1.x86_64
graphite2-1.3.14-9.el9.x86_64 harfbuzz-2.7.4-8.el9.x86_64 libpng-2:1.6.37-12.el9.x86_64 urw-base35-bookman-fonts-20200910-6.el9.noarch
urw-base35-c059-fonts-20200910-6.el9.noarch urw-base35-d050000l-fonts-20200910-6.el9.noarch urw-base35-fonts-20200910-6.el9.noarch urw-base35-fonts-common-20200910-6.el9.noarch
urw-base35-gothic-fonts-20200910-6.el9.noarch urw-base35-nimbus-mono-ps-fonts-20200910-6.el9.noarch urw-base35-nimbus-roman-fonts-20200910-6.el9.noarch urw-base35-nimbus-sans-fonts-20200910-6.el9.noarch
urw-base35-p052-fonts-20200910-6.el9.noarch urw-base35-standard-symbols-ps-fonts-20200910-6.el9.noarch urw-base35-z003-fonts-20200910-6.el9.noarch xml-common-0.6.3-58.el9.noarch
Complete!
5- Revert back the crypto-policy
[root@localhost ~]# update-crypto-policies --set DEFAULT
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
I hope this helps.