Description of problem: In /etc/dnf/dnf.conf, I set the localpkg_gpgcheck to True to prevent unwittingly installing unsigned packages. The --nogpgcheck command line option should allow me to explicitly override this behavior when desired, but it has no effect. DNF still checks the signature and prevents me from installing unsigned packages. Version-Release number of selected component (if applicable): Fedora 27 dnf 2.7.5 Steps to Reproduce: Check that the localpkg_gpgcheck configuration option is documented: $ man dnf.conf | grep -F localpkg_gpgcheck --after-context=4 localpkg_gpgcheck boolean Whether to perform a GPG signature check on local packages (packages in a file, not in a repositoy). The default is False. In /etc/dnf/dnf.conf, I set it to true to prevent unwittingly installing unsigned local packages $ grep -F localpkg_gpgcheck /etc/dnf/dnf.conf localpkg_gpgcheck=1 Check that the --nongpgcheck option is documented $ man dnf | grep -F nogpgcheck --after-context=2 --nogpgcheck skip checking GPG signatures on packages Now try it. I downloaded a firefox package from koji. (Such packages are unsigned.) $ sudo dnf install --nogpgcheck ./firefox-59.0-3.fc27.x86_64.rpm ... Package firefox-59.0-3.fc27.x86_64.rpm is not signed Error: GPG check FAILED Actual results: The signature was checked even though I specified --nogpgcheck. Expected results: I expected the --nogpgcheck option to skip the checking of GPG signatures on local packages.
I created a patch (https://github.com/rpm-software-management/dnf/pull/1097) that should solve the issue.
The issue is solved by dnf-3.0.1-1 that was released into rawhide.