-
Notifications
You must be signed in to change notification settings - Fork 417
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check-update --cache-only does not work with repo_gpgcheck=1 #2079
Comments
I'm sorry, I cannot reproduce it with the latest code from git repository. What dnf, libdnf, librepo, rpm versions do you use? Is your librepo built with gpgme or rpm (cmake -DUSE_GPGME=OFF) as a cryptographic backend? "dnf makecache" does not import the key into RPM database. It copies it into dnf cache in /var/cache/dnf/REPO_ID-HASH/pubring directory and import it from there into RPM database later when an package with an unknown key is to be installed. If you librepo built with gpgme backend, then it's more complicated. It looks like your DNF run under your non-root user does not have an access to the cached key. |
Oracle Linux 8.9 and 9.3, so dnf 4.7.0 and 4.14.0, and librepo 1.14.2 to 1.14.5. As far as I can tell, they don't set any particular backend, and librepo links against gpgme on both.
Indeed, but I have no idea why: Some GPG keys import just fine (bareos e.g., using its default script), some just don't work at all (prometheus-rpm works neither with its default https://… entry nor a locally downloaded file://… entry, and Reproducing this with a fresh Rocky 9.3 VM:
So I'm not sure why some keys are accessibly, but some not. I'll see if I can update dnf to the repository version on a test VM and if that fixes it. |
I have encountered the same issue. For context, we are running a Nagios NRPE script that runs the command dnf --cacheonly --noplugins check-update This is run the When debugging i saw that the command asks for user input when it wants to import GitLabs GPG-key. I get a bit further by adding either Error: Cache-only enabled but no cache for 'gitlab_gitlab-ee' I have run Is the GPG-check really needed when running |
If I run
dnf makecache
to create an up to date system cache (no errors, no warnings, all GPG keys imported into the system cache), and then rundnf check-update --cacheonly
, it fails for various external repositories that have repo_gpgcheck enabled:It does not matter whether the key is a local key under /etc/pki or via https, the error is the same; in any case, the root user has these keys successfully imported already.
It should be obvious that simply disabling gpg checking is not a proper solution.
The text was updated successfully, but these errors were encountered: