Description of problem: When attempting to access a repository with an https base url, dnf fails to be able to retrieve the metadata when trying to do install/upgrade actions. Version-Release number of selected component (if applicable): 2.4.1-1.mga6 (= 2.4.1-1.fc26) How reproducible: Always Steps to Reproduce: 1. Add the GitLab CE repository to /etc/yum.repos.d per instructions[1] 2. Try "dnf install gitlab-ce" [1]: https://packages.gitlab.com/gitlab/gitlab-ce/install#manual (on rpm tab) Actual results: [root@localhost ~]# dnf install gitlab-ce Failed to synchronize cache for repo 'gitlab_gitlab-ce', disabling. Failed to synchronize cache for repo 'gitlab_gitlab-ce-source', disabling. Last metadata expiration check: 0:09:21 ago on Thu May 18 16:38:41 2017 EDT. No package gitlab-ce available. Error: Unable to find a match Expected results: 'gitlab-ce' package installs correctly. Additional info: This can also be triggered by trying to use a specific baseurl for fedora repos, too, but this is a third party repo out in the wild that is broken with dnf now.
Confirmed that this is also broken in Fedora 25's dnf, so it's been broken for a long time...
[brain@ignatenko-w541 system]$ sudo dnf makecache Fedora - Rawhide - Developmental packages for the next Fedora release 3.1 MB/s | 55 MB 00:17 Importing GPG key 0xE15E78F4: Userid : "GitLab B.V. (package repository signing key) <packages>" Fingerprint: 1A4C 919D B987 D435 9396 38B9 1421 9A96 E15E 78F4 From : https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey Is this ok [y/N]: y Is this ok [y/N]: y gitlab_gitlab-ce 110 B/s | 296 B 00:02 Failed to synchronize cache for repo 'rcm-tools-fedora-rpms', disabling. Last metadata expiration check: 0:00:00 ago on Fri May 19 07:54:25 2017 CEST. Metadata cache created. it *does* work....
It will grab the signature, but it won't let you install the package. Try installing "gitlab-ce". Every operation except THAT works.
Okay, so it's weird. I can repoquery it, I can search it, I just can't install from it. That's... bizarre.
Created attachment 1280518 [details] dnf.librepo.log So according to the log, librepo rejected downloading the package because the package failed signature validation.
The core problem is related to how the gpgcheck and repo_gpgcheck config options are wired in DNF. It does repo_gpgcheck=1 and gpgcheck=0 to mean the equivalent in Zypper (repo_gpgcheck=1 and pkg_gpgcheck=0), but this doesn't work properly, as "repo_gpgcheck" appears to force gpgcheck on in DNF. That's related to bug 1433592. But the fact that librepo errors aren't being correctly reported in the DNF frontend is bad in its own right.
Please can you try to reproduce it with -v option? Just to see whole problem description.
[root@localhost ngompa]# dnf -v install gitlab-ce Loaded plugins: builddep, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, needs-restarting, playground, repoclosure, repograph, repomanage, reposync DNF version: 2.4.1 cachedir: /var/cache/dnf repo: using cache for: mageia-x86_64 not found deltainfo for: Mageia 6 - x86_64 not found updateinfo for: Mageia 6 - x86_64 mageia-x86_64: using metadata from Mon May 22 16:08:17 2017 EDT. repo: using cache for: cauldron-updates-x86_64 not found deltainfo for: Mageia Cauldron - x86_64 - Updates not found updateinfo for: Mageia Cauldron - x86_64 - Updates cauldron-updates-x86_64: using metadata from Wed Mar 22 18:54:29 2017 EDT. repo: using cache for: updates-x86_64 not found deltainfo for: Mageia 6 - x86_64 - Updates not found updateinfo for: Mageia 6 - x86_64 - Updates updates-x86_64: using metadata from Wed Mar 22 18:54:29 2017 EDT. repo: using cache for: cauldron-x86_64 not found deltainfo for: Mageia Cauldron - x86_64 not found updateinfo for: Mageia Cauldron - x86_64 cauldron-x86_64: using metadata from Mon Dec 05 08:24:36 2016 EST. Cannot download 'https://packages.gitlab.com/gitlab/gitlab-ce/el/7/x86_64': repomd.xml GPG signature verification error: Bad GPG signature. Cannot download 'https://packages.gitlab.com/gitlab/gitlab-ce/el/7/SRPMS': repomd.xml GPG signature verification error: Bad GPG signature. Failed to synchronize cache for repo 'gitlab_gitlab-ce', disabling. Failed to synchronize cache for repo 'gitlab_gitlab-ce-source', disabling. Last metadata expiration check: 0:00:34 ago on Mon May 22 21:05:52 2017 EDT. No package gitlab-ce available. Error: Unable to find a match
I see that the problem is described there - Bad gpg signature. Therefore it looks like not a bug. About handling of gpg key verification - please use options like they are used in Fedora, don't use them like they are used somewhere else. We really cannot change that behavior (this is not a case that we wont fix that, this is the case we really cannot and for really good reason - compatibility). Please can you once more specify what the problem and what you expect from us?
(In reply to Jaroslav Mracek from comment #9) > I see that the problem is described there - Bad gpg signature. > Therefore it looks like not a bug. About handling of gpg key verification - > please use options like they are used in Fedora, don't use them like they > are used somewhere else. We really cannot change that behavior (this is not > a case that we wont fix that, this is the case we really cannot and for > really good reason - compatibility). Please can you once more specify what > the problem and what you expect from us? The settings are exactly what are given by packagecloud.io. They assume Yum, so clearly this is supposed to work. https://packages.gitlab.com/gitlab/gitlab-ce/install#manual It works on CentOS 7, so if Yum compatibility is the reason here, it fails there too.
According to that we are unable to reproduce it, please can you test it on clean environment like with --installroot <new_path>? Thanks a lot for additional information.
I am really sorry but with additional data (reproducer) we cannot solve the problem.