Red Hat Bugzilla – Bug 1431486
dnf wants to check gpg key on builddep from src.rpm
Last modified: 2017-04-01 13:22:57 EDT
Description of problem:
$ sudo dnf builddep molequeue-0.8.0-1.20161222giteb397e.fc27.src.rpm
Last metadata expiration check: 0:57:01 ago on Sun Mar 12 20:11:48 2017.
Error: public key not available, add '--nogpgcheck' option to ignore package sign
Nothing to do.
$ echo $?
Version-Release number of selected component (if applicable):
1. checking the gpg key on the src.rpm package makes no sense. I'm not trusting that package for anything except to provide a list of packages which I'll be installing from a trusted source. And I do not want to add --nogpgcheck as a work-around, because that'd also impact the installation phase, I expressly do not want to install unsigned packages.
AFAIK, dnf is NOT parsing the spec file, it's just looking at the list of requirements that the rpm itself declares.
2. the return code is wrong. I opened a bug for that somewhere, so just making a note.
dnf-plugins-core-1.1.0-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f56311f5dd
dnf-plugins-core-1.1.0-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f56311f5dd
dnf-plugins-core-1.1.0-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.