F43 - Warning: skipped OpenPGP checks for 2 packages from repository: @commandline

Saw this error when trying to install the RPMFusion free/nonfree repos. Just did a fresh install of Fedora 43 1.6 Workstation .iso from 10.23.2025 and came across a few new errors I’ve not seen before, wondering what anyone knows or if there’s anything I need to do or change or just leave it? Never seen commandline repo I don’t think, in the past Fedora 42 would just install these with the required keys, but now it’s not signed, a new change in F43 or something maybe RPMFusion has to update? Appreciate any info!

scott@fedora:~$ sudo dnf install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
[sudo] password for scott: 
Updating and loading repositories:
Repositories loaded.
 https://mirrors.rpmfusion.org/free/fed 100% |  12.5 KiB/s |  11.3 KiB |  00m01s
 https://mirrors.rpmfusion.org/nonfree/ 100% |   7.6 KiB/s |  11.3 KiB |  00m01s
Package                    Arch   Version                 Repository        Size
Installing:
 rpmfusion-free-release    noarch 43-1                    @commandline   5.6 KiB
 rpmfusion-nonfree-release noarch 43-1                    @commandline   5.8 KiB

Transaction Summary:
 Installing:         2 packages

Total size of inbound packages is 23 KiB. Need to download 0 B.
After this operation, 11 KiB extra will be used (install 11 KiB, remove 0 B).
Is this ok [y/N]: y
Running transaction
[1/4] Verify package files              100% | 500.0   B/s |   2.0   B |  00m00s
[2/4] Prepare transaction               100% |  11.0   B/s |   2.0   B |  00m00s
[3/4] Installing rpmfusion-nonfree-rele 100% | 614.9 KiB/s |   7.4 KiB |  00m00s
[4/4] Installing rpmfusion-free-release 100% |  33.7 KiB/s |   7.2 KiB |  00m00s
Warning: skipped OpenPGP checks for 2 packages from repository: @commandline
Complete!

You can resolve the warning as follows:

# Enable signature verification
sudo dnf config-manager setopt localpkg_gpgcheck=1

# Import RPM Fusion keys
sudo rpmkeys --import \
https://download1.rpmfusion.org/free/fedora/RPM-GPG-KEY-rpmfusion-free-fedora-2020 \
https://download1.rpmfusion.org/nonfree/fedora/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020

See also:

• F43 Change Proposal RPM 6.0 (system-wide)
• F44 Change Proposal: Enforcing signature checking by default [SystemWide]

These warnings aren’t new. Signature checks for installing .rpm files from command line arguments (as compared to “from repositories”) have been disabled for a long long time - and will only be enabled if the F44 Change proposal in the last post is approved and implemented.

It would make sense if alternative repositories, including rpmfusion.org, modified their instructions to first import PGP keys, only then download repos packages.

The same happens if you install newer package directly from koji. It is expected and for repo packages, it is not simple to be avoided. It might go away once those release packages get increased version and are updated from the repository itself.

That didn´t help me installing onlyoffice

sudo dnf install ./onlyoffice-desktopeditors.x86_64.rpm

results:

Running transaction
Transaction failed: Signature verification failed.
OpenPGP check for package "onlyoffice-desktopeditors-9.1.0-173.el7.x86_64" (onlyoffice-desktopeditors.x86_64.rpm) from repo "@commandline" has failed: The package is not signed.

Even after doing

sudo dnf config-manager setopt localpkg_gpgcheck=1

That’s a different issue, see:
Sublime-Text not able to install in Fedora 43 - #12 by vgaetera