Description of request
Currently, DNF supports two flags: gpgcheck and repo_gpgcheck. However, it is not clear what gpgcheck actually covers. In DNF, gpgcheck only covers package signature checking, but in Zypper, it covers both package and repository metadata signature checking.
Zypper has three options:
gpgcheck, covering repo and packagespkg_gpgcheck, covering packages only (equivalent to current gpgcheck in Yum/DNF)repo_gpgcheck, covering repo only (DNF supports this the same way Zypper does)
Each of these can be set globally or per-repository. By default, Zypper does both repository and package checks, and the other two options can be used to override bits of that behavior in Zypper.
To control the behavior of gpgcheck, we should have a global config option called gpgcheck_policy, with the following options: "legacy", "full", and "all".
-
gpgcheck_policy=legacy makes "gpgcheck=1" equivalent to setting pkg_gpgcheck=1, repo_gpgcheck=0, and localpkg_gpgcheck=0.
-
gpgcheck_policy=full makes gpgcheck=1 equivalent to setting pkg_gpgcheck=1, repo_gpgcheck=1, and localpkg_gpgcheck=0.
-
gpgcheck_policy=all makes gpgcheck=1 equivalent to setting pkg_gpgcheck=1, repo_gpgcheck=1, and localpkg_gpgcheck=1.
Regardless of modes, each configuration section ([main] or repo sections in dnf.conf or in repo files) can override the policy behavior by setting pkg_gpgcheck and repo_gpgcheck accordingly. Obviously localpkg_gpgcheck has no bearing in repo sections, but could be switched on separately in the main section in dnf.conf.
The upstream default in the code (that is, when the gpgcheck_policy option is unset) would be the equivalent of setting gpgcheck_policy=full. However, for the dnf.conf that will ship in Fedora and RHEL, it would be set to gpgcheck_policy=legacy to conform with the existing behavior and not break anything.
This aligns our options and behaviors with other RPM package managers using rpm-md and makes the GPG checking policy coherent.
Benefit to distributions
Different distributions have different expectations of what gpgcheck should cover. For example, the SUSE distribution family expects gpgcheck to operate with gpgcheck_policy=full, whereas RHEL/Fedora expects gpgcheck_policy=legacy. CentOS can optionally operate with gpgcheck_policy=full, which is useful for users that have requirements for it.
I also hope having this would encourage distributions to introduce repository GPG checking as a new norm over time, as well.
Description of request
Currently, DNF supports two flags:
gpgcheckandrepo_gpgcheck. However, it is not clear whatgpgcheckactually covers. In DNF,gpgcheckonly covers package signature checking, but in Zypper, it covers both package and repository metadata signature checking.Zypper has three options:
gpgcheck, covering repo and packagespkg_gpgcheck, covering packages only (equivalent to current gpgcheck in Yum/DNF)repo_gpgcheck, covering repo only (DNF supports this the same way Zypper does)Each of these can be set globally or per-repository. By default, Zypper does both repository and package checks, and the other two options can be used to override bits of that behavior in Zypper.
To control the behavior of
gpgcheck, we should have a global config option calledgpgcheck_policy, with the following options: "legacy", "full", and "all".gpgcheck_policy=legacymakes "gpgcheck=1" equivalent to settingpkg_gpgcheck=1,repo_gpgcheck=0, andlocalpkg_gpgcheck=0.gpgcheck_policy=fullmakesgpgcheck=1equivalent to settingpkg_gpgcheck=1,repo_gpgcheck=1, andlocalpkg_gpgcheck=0.gpgcheck_policy=allmakesgpgcheck=1equivalent to settingpkg_gpgcheck=1,repo_gpgcheck=1, andlocalpkg_gpgcheck=1.Regardless of modes, each configuration section (
[main]or repo sections indnf.confor in repo files) can override the policy behavior by settingpkg_gpgcheckandrepo_gpgcheckaccordingly. Obviouslylocalpkg_gpgcheckhas no bearing in repo sections, but could be switched on separately in the main section indnf.conf.The upstream default in the code (that is, when the
gpgcheck_policyoption is unset) would be the equivalent of settinggpgcheck_policy=full. However, for thednf.confthat will ship in Fedora and RHEL, it would be set togpgcheck_policy=legacyto conform with the existing behavior and not break anything.This aligns our options and behaviors with other RPM package managers using rpm-md and makes the GPG checking policy coherent.
Benefit to distributions
Different distributions have different expectations of what
gpgcheckshould cover. For example, the SUSE distribution family expectsgpgcheckto operate withgpgcheck_policy=full, whereas RHEL/Fedora expectsgpgcheck_policy=legacy. CentOS can optionally operate withgpgcheck_policy=full, which is useful for users that have requirements for it.I also hope having this would encourage distributions to introduce repository GPG checking as a new norm over time, as well.