Forgejo repo file inconsistency between gpgcheck and gpgkey url #108
Labels
No labels
bug
documentation
duplicate
enhancement
help wanted
invalid
maintenance
obsolete
question
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
yestax/setup#108
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Forgejo served rpm repo file sets gpgcheck=1 that implies to sign packages at build time.
On the other hand it gives as gpgkey the url to the repo signing metadata wich check is managed by repo_gpgcheck.
At this time, an user publishing rpm packages can't follow the documentation of the RPM package registry https://forgejo.org/docs/v15.0/user/packages/rpm/ as it results in errors if the packages are not signed.
Since packages are tied to the user, could be great to add his public key url to gpgkey (2 urls separated by a whitespace).
Either add repo_gpgcheck=1 (default to false) and is natively supported.
Remove gpg_check since it defaults to false or specifically say in the documentation that packages must be signed or instruct to disable the gpgcheck.
https://dnf.readthedocs.io/en/latest/conf_ref.html
Tracked under https://codeberg.org/forgejo/forgejo/issues/7780
Might be possible to enable DEFAULT_RPM_SIGN_ENABLED in app.ini