Let’s take an example from the /etc/yum.repos.d/rocky.repo
file:
[baseos]
name=Rocky Linux $releasever - BaseOS
mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever$rltype
#baseurl=http://dl.rockylinux.org/$contentdir/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=0
countme=1
metadata_expire=6h
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Rocky-9
as you can see here gpgcheck=1
. You could edit the file and set it to gpgcheck=0
, or you can use --nogpgcheck
on the command line to override it.
Also, as per: man dnf
--nogpgcheck
Skip checking GPG signatures on packages (if RPM policy allows).
The GPG check is there for a reason though, to ensure the packages are downloaded correctly and from a trusted source.