Fedora repositories lack the .asc files to support repo_gpgcheck=1. This is apparently an architectural decision with reasonable justification, according to https://fedoramagazine.org/fedora-secures-package-delivery/ . However I wish it were more clearly documented because otherwise people will set repo_gpgcheck=1 and wonder why they are getting 404 errors. How reproducible: Always Steps to Reproduce: 1. in any of /etc/yum.repos.d/fedora*.repo set repo_gpgcheck=1 2. dnf clean all 3. dnf update -vvv Actual results: Cannot download 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f30&arch=x86_64': GPG verification is enabled, but GPG signature repomd.xml.asc is not available: Status code: 404 for https://MIRROR/fedora/linux/updates/30/Everything/x86_64/repodata/repomd.xml.asc. Expected results: A repomd.xml.asc file should exist for each repomd.xml file Additional info: You can manually browse the repositories and see repomd.xml but not repomd.xml.asc Conclusion: please put a note in the .repo files to avoid misleading users with the appearance that repo_gpgcheck=1 is an option. I propose a comment in the files /etc/yum.repos.d/fedora-*.repo #FEDORA: repo_gpgcheck=1 is not supported by Fedora repositories. #FEDORA: It can not protect against expired data or signatures.
I've adjusted the message to hopefully make it clearer and also display the full error even without -v. I think that should be sufficient to inform the user in case he does try to set repo_gpgcheck. PRs: https://github.com/rpm-software-management/librepo/pull/165 https://github.com/rpm-software-management/libdnf/pull/788 https://github.com/rpm-software-management/dnf/pull/1475 https://github.com/rpm-software-management/ci-dnf-stack/pull/620
Turns out this will mean not logging the error (in dnf.log) in case of usage through the API, I'll need to revisit this. (The problem is everything logged at the ERROR level is also printed to stderr and that means the error is printed twice when running dnf from the command line)
We've determined logging the error is responsibility of the API user.
FEDORA-2019-7cafbe66ba has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7cafbe66ba
FEDORA-2019-94393775ec has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-94393775ec
dnf-4.2.15-1.fc30, dnf-plugins-core-4.0.11-1.fc30, dnf-plugins-extras-4.0.8-1.fc30, libdnf-0.37.2-2.fc30, librepo-1.11.0-1.fc30, microdnf-3.0.2-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7cafbe66ba
dnf-4.2.15-1.fc31, dnf-plugins-core-4.0.11-1.fc31, dnf-plugins-extras-4.0.8-1.fc31, libdnf-0.37.2-2.fc31, librepo-1.11.0-1.fc31, microdnf-3.0.2-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-94393775ec
dnf-4.2.15-3.fc30, dnf-plugins-core-4.0.11-1.fc30, dnf-plugins-extras-4.0.8-1.fc30, libdnf-0.37.2-2.fc30, librepo-1.11.0-1.fc30, microdnf-3.0.2-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7cafbe66ba
dnf-4.2.15-2.fc31, dnf-plugins-core-4.0.11-1.fc31, dnf-plugins-extras-4.0.8-1.fc31, libdnf-0.37.2-2.fc31, librepo-1.11.0-1.fc31, microdnf-3.0.2-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-94393775ec
dnf-4.2.15-2.fc31, dnf-plugins-core-4.0.11-1.fc31, dnf-plugins-extras-4.0.8-1.fc31, libdnf-0.37.2-2.fc31, librepo-1.11.0-1.fc31, microdnf-3.0.2-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
dnf-4.2.15-3.fc30, dnf-plugins-core-4.0.11-1.fc30, dnf-plugins-extras-4.0.8-1.fc30, libdnf-0.37.2-2.fc30, librepo-1.11.0-1.fc30, microdnf-3.0.2-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle. Changing version to 32.