When adding a repository without specified gpgcheck=1 in the repo file, I noticed that it skipped the PGP check: Warning: skipped PGP checks for 1 package from repository. This behavior didn't happen on Fedora 40, so after some digging F40 shipped with different defaults as Fedora 41. I would expect to at least have some kind of same defaults, where possible. And it seems gpgcheck=True would be one. Reproducible: Always Steps to Reproduce: 1. Add repository without gpgcheck=1 2. Install package Actual Results: Warning: skipped PGP checks for 1 package from repository Expected Results: Importing PGP key 0x123456: Is this ok [y/N]: y user@fedora-40:~$ cat /etc/dnf/dnf.conf # see `man dnf.conf` for defaults and possible options [main] gpgcheck=True installonly_limit=3 clean_requirements_on_remove=True best=False skip_if_unavailable=True And the defaults on F41 user@fedora-41:~$ cat /usr/share/dnf5/libdnf.conf.d/20-fedora-defaults.conf [main] best=False skip_if_unavailable=True
Should be against dnf5
Indeed, it defaults the false. That's not good.
I checked both DNF4 and DNF5. They both as software without a configuration default to false. However, you are right that /etc/dnf/dnf.conf file as distributed with DNF4 Fedora package sets gpgcheck to true. That's a difference from DNF5 Fedora package. I will ask DNF5 upstream whether the want to change a default to true, or whether we will override the settings within a distribution-wide configuration. I guess the latter will happen in the name of compatibility.
Thank you very much for looking into this. Which ever option makes the most sense, I'm happy with it. Thanks again.
DNF5 upstream said that the change should be done on Fedora distribution level in /usr/share/dnf5/libdnf.conf.d/20-fedora-defaults.conf file maintained in fedora-release component where similar Fedora-specific tunes reside. Affected package is fedora-release-common-41-28.noarch.
I opened two pull requests in dist-git.
FEDORA-2024-6c3a93ab2c (fedora-release-41-29) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-6c3a93ab2c
FEDORA-2024-6c3a93ab2c has been pushed to the Fedora 41 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-6c3a93ab2c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-6c3a93ab2c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-6c3a93ab2c (fedora-release-41-29) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.