Introduce gpgcheck_policy
to control gpgcheck
defaults and add support for pkg_gpgcheck
#727
Labels
bug
Originally reported in Jira or Bugzilla
Priority: LOW
Triaged
Someone on the DNF 5 team has read the issue and determined the next steps to take
Description of request
Currently, DNF supports two flags:
gpgcheck
andrepo_gpgcheck
. However, it is not clear whatgpgcheck
actually covers. In DNF,gpgcheck
only covers package signature checking, but in Zypper, it covers both package and repository metadata signature checking.Zypper has three options:
gpgcheck
, covering repo and packagespkg_gpgcheck
, covering packages only (equivalent to current gpgcheck in Yum/DNF)repo_gpgcheck
, covering repo only (DNF supports this the same way Zypper does)Each of these can be set globally or per-repository. By default, Zypper does both repository and package checks, and the other two options can be used to override bits of that behavior in Zypper.
To control the behavior of
gpgcheck
, we should have a global config option calledgpgcheck_policy
, with the following options: "legacy", "full", and "all".gpgcheck_policy=legacy
makes "gpgcheck=1" equivalent to settingpkg_gpgcheck=1
,repo_gpgcheck=0
, andlocalpkg_gpgcheck=0
.gpgcheck_policy=full
makesgpgcheck=1
equivalent to settingpkg_gpgcheck=1
,repo_gpgcheck=1
, andlocalpkg_gpgcheck=0
.gpgcheck_policy=all
makesgpgcheck=1
equivalent to settingpkg_gpgcheck=1
,repo_gpgcheck=1
, andlocalpkg_gpgcheck=1
.Regardless of modes, each configuration section (
[main]
or repo sections indnf.conf
or in repo files) can override the policy behavior by settingpkg_gpgcheck
andrepo_gpgcheck
accordingly. Obviouslylocalpkg_gpgcheck
has no bearing in repo sections, but could be switched on separately in the main section indnf.conf
.The upstream default in the code (that is, when the
gpgcheck_policy
option is unset) would be the equivalent of settinggpgcheck_policy=full
. However, for thednf.conf
that will ship in Fedora and RHEL, it would be set togpgcheck_policy=legacy
to conform with the existing behavior and not break anything.This aligns our options and behaviors with other RPM package managers using rpm-md and makes the GPG checking policy coherent.
Benefit to distributions
Different distributions have different expectations of what
gpgcheck
should cover. For example, the SUSE distribution family expectsgpgcheck
to operate withgpgcheck_policy=full
, whereas RHEL/Fedora expectsgpgcheck_policy=legacy
. CentOS can optionally operate withgpgcheck_policy=full
, which is useful for users that have requirements for it.I also hope having this would encourage distributions to introduce repository GPG checking as a new norm over time, as well.
The text was updated successfully, but these errors were encountered: