On Tue, Nov 3, 2020 at 12:16 AM Marek Marczykowski-Górecki <marma...@invisiblethingslab.com> wrote: > > On Mon, Nov 02, 2020 at 07:33:18PM -0500, Neal Gompa wrote: > > The major remaining issue for us to start enabling repository GPG > > checks is that DNF doesn't use the RPM GPG keyring for repository > > metadata GPG signature validation, which can cause issues with our > > compose pipeline. I believe this is something we'll fix with DNF > > version 5, as the whole GPG check code is being massively reworked for > > that. > > Ok, makes sense for the default setup. But I think those are in fact two > related but separate things: > - signing repository metadata (infrastructure part) > - checking that signature in DNF by default (Fedora configuration) > > Is it possible to enable the first one, but leave the second to the > user, until DNF is adjusted for better UX around the keys? That would > allow power users to enable metadata verification manually (and accept > that key import prompt). >
Yes, this should be possible. File a ticket here: https://pagure.io/fedora-infrastructure > Is there any dnf command similar to `rpm --import`, to preemptively > import the key, or the only option is to accept the prompt? I can't find > anything about it in dnf's man page... > Alas, no. That's part of the problem here. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
