Fedora 41 repo_gpgcheck=1 not working

Ask Fedora
, ,
1

Hi,

newbie here with dealing with repos,
noticed repo_gpgcheck=0 in the /etc/yum.d/repo files, changed it to 1, and am now getting the following,

user@fedora:~$ sudo dnf update
Updating and loading repositories:
NordVPN Repository 100% | 1.5 KiB/s | 2.5 KiB | 00m02s
RPM Fusion for Fedora 41 - Free 100% | 2.2 KiB/s | 12.8 KiB | 00m06s

Status code: 404 for http://ftp-stud.hs-esslingen.de/pub/Mirrors/rpmfusion.org/free/fedora/development/41/Everything/x86_64/os/repodata/repomd.xml.asc (IP: 129.143.116.10)
Librepo error: GPG verification is enabled, but GPG signature is not available. This may be an error or the repository does not support GPG verification: Status code: 404 for Index of /pub/Mirrors/rpmfusion.org
Fedora 41 openh264 (From Cisco) - x86_64 100% | 648.0 B/s | 4.3 KiB | 00m07s
Status code: 404 for https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml.asc (IP: 67.219.144.68) - https://codecs.fedoraproject.org/openh264/41/x86_64/os/repodata/repomd.xml.asc
Librepo error: GPG verification is enabled, but GPG signature is not available. This may be an error or the repository does not support GPG verification: Status code: 404 for https://codecs.fedoraproject.org/openh264/41/x86_64/os/rep
RPM Fusion for Fedora 41 - Nonfree - Steam 100% | 2.1 KiB/s | 11.2 KiB | 00m05s

[New fedora user and poster, was limited to 10 links, put the full output here, repo_gpgcheck=0->1 - Pastebin.com ]

Librepo error: GPG verification is enabled, but GPG signature is not available. This may be an error or the repository does not support GPG verification: Status code: 404 for http://mirrors.jlu.edu.cn/fedora/updates/41/Everything/x86_64/repodata/repomd.xml.asc (IP: 59.72.66.10)

Is repo_gpgcheck not available for these repos? If it is, how would I go about fixing it?
This is on a new install of fedora 41.

2

Added dnf, gpg

3

By default, repo_gpgcheck is set to 0 for all fedora and rpmfusion repositories. Also, the gpg data in repomd.xml.asc are not generated either as you can see from the error message. However, each package you install or upgrade will be checked and verified according to the setting of gpgcheck.

2 Likes
4

I also got the same errors. Thanks for anyone who can clarify why repo_gpgcheck is set to 0 by default for these repos.

5

In the default / safe configuration (using metalinks) signing repodata
provides no advantage, and presents user interface problems.

The only case signed repodata helps you with is if you are syncing an
entire repo from an untrusted source and using it locally.

We may well enable it at some point, but we need to make sure dnf is
ready and the ui / flow is ok.

In the mean time, they are not signed, so you shouldn’t try and enable
that option. :slight_smile:

6

A work-around is to find the repo in /etc/yum.repos.d and change “enabled=0” to “enabled=1”.
ONLY do this if you trust the repo. Ran into this trying to install Librewolf from their repo instead of the Flatpak.

7

Librewolf does set repo_gpgcheck=1 but as some people has found out, this doesn’t work at the moment. As long as this bug isn’t fixed, you need to set repo_gpgcheck=0. But please do check if the bug isn’t already fixed.

The repo file looks like this

[repository]
name=LibreWolf Software Repository
baseurl=https://repo.librewolf.net
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://repo.librewolf.net/pubkey.gpg

It would be better if the gpgkey would have been fetched from an independent source other than the repository itself.

8

I later checked, and the bug is fixed.

1 Like