Re: DNF5: Checking signatures of packages installed out of a repository?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 14, 2023 at 9:24 AM Petr Pisar <ppisar@xxxxxxxxxx> wrote:
>
> V Tue, Nov 14, 2023 at 08:16:39AM -0500, Christopher napsal(a):
> > On Tue, Nov 14, 2023 at 8:03 AM Jaroslav Mracek <jmracek@xxxxxxxxxx> wrote:
> > >
> > > I believe that one of the strong complains was related to not signed packages. The use case is that when I build RPMs locally and then I install them (see bellow).
> > >
> > > dnf install *.rpm --setopt=localpkg_gpgcheck=true
> > > ...
> > > Package dnf-4.17.1-1.git.9598.552e61e.fc38.noarch.rpm is not signed
> > > Package dnf-automatic-4.17.1-1.git.9598.552e61e.fc38.noarch.rpm is not signed
> > > Package dnf-data-4.17.1-1.git.9598.552e61e.fc38.noarch.rpm is not signed
> > > Package python3-dnf-4.17.1-1.git.9598.552e61e.fc38.noarch.rpm is not signed
> > > Package yum-4.17.1-1.git.9598.552e61e.fc38.noarch.rpm is not signed
> > > Error: GPG check FAILED
> > >
> > > Jaroslav
> >
> > I think for the sake of security, it'd be better if this were on by
> > default, and you just had to specify the --nogpgcheck
>
> Technical note: --nogpgcheck does not imply localpkg_gpgcheck=false. Both of
> them operate independently. That's another painful property of the current
> code and documentation.
>
> -- Petr

Why wouldn't this apply? Both the documentation for 'dnf' and
'dnf.conf' use similar terminology "gpgcheck", and the man page says
"Skip checking GPG signatures on packages (if RPM policy allows)." If
it doesn't apply, it seems like it definitely *should*, for
intuitiveness-sake. At the very least, if it doesn't apply, then the
documentation is seriously deficient.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux