microdnf will ignore a repo's gpgkey URL if it is https:// when the repo's baseurl is file://.
Here's an example /etc/yum.repos.d/build.repo file that triggers this:
[build]
name = my builds
baseurl = file:///build
enabled = 1
gpgcheck = 1
gpgkey = https://www.example.com/MY-RPM-GPG-KEY
microdnf will say that the packages in this repo are unsigned and refuse to install them. It will not import the GPG key.
dnf will download GPG key over HTTPS, add it to the trust store, and properly verify the packages.
As a workaround, I must download the GPG key to local disk, and then use a file:// URL for gpgkey. Then microdnf will import the key as expected.
Tested with:
libdnf-0.69.0-8.el9microdnf-3.9.1-3.el9dnf-4.14.0-9.el9
microdnfwill ignore a repo'sgpgkeyURL if it ishttps://when the repo'sbaseurlisfile://.Here's an example
/etc/yum.repos.d/build.repofile that triggers this:microdnfwill say that the packages in this repo are unsigned and refuse to install them. It will not import the GPG key.dnfwill download GPG key over HTTPS, add it to the trust store, and properly verify the packages.As a workaround, I must download the GPG key to local disk, and then use a
file://URL forgpgkey. Thenmicrodnfwill import the key as expected.Tested with:
libdnf-0.69.0-8.el9microdnf-3.9.1-3.el9dnf-4.14.0-9.el9