docker.io/library/fedora:rawhide outdated vs registry.fp.org/fedora:rawhide

I have a docker recipe that does not much more than: FROM fedora:rawhide RUN dnf -y install ...blah... If I run this from a Fedora host it works fine, resolving fedora:rawhide to registry.fedoraproject.org image ID 23902052bc28 If I run this from a non-Fedora host, such as from GitLab CI, it resolves to docker.io/library image ID e6ff04a4b8bd. The latter image fails when installing RPMs due tpo missing gpg keys # dnf install numactl Fedora 33 openh264 (From Cisco) - x86_64 5.2 kB/s | 5.1 kB 00:00 Fedora - Modular Rawhide - Developmental packages for the next 1.9 MB/s | 961 kB 00:00 Fedora - Rawhide - Developmental packages for the next Fedora 12 MB/s | 73 MB 00:06 Dependencies resolved. =============================================================================================== Package Architecture Version Repository Size =============================================================================================== Installing: numactl x86_64 2.0.12-6.fc33 rawhide 69 k Installing dependencies: numactl-libs x86_64 2.0.12-6.fc33 rawhide 30 k Transaction Summary =============================================================================================== Install 2 Packages Total download size: 99 k Installed size: 238 k Is this ok [y/N]: y Downloading Packages: (1/2): numactl-2.0.12-6.fc33.x86_64.rpm 543 kB/s | 69 kB 00:00 (2/2): numactl-libs-2.0.12-6.fc33.x86_64.rpm 207 kB/s | 30 kB 00:00 ----------------------------------------------------------------------------------------------- Total 219 kB/s | 99 kB 00:00 warning: /var/cache/dnf/rawhide-2d95c80a1fa0a67d/packages/numactl-2.0.12-6.fc33.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 45719a39: NOKEY Fedora - Rawhide - Developmental packages for the next Fedora 1.6 MB/s | 1.6 kB 00:00 GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64 (0x9570FF31) is already installed The GPG keys listed for the "Fedora - Rawhide - Developmental packages for the next Fedora release" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.. Failing package is: numactl-2.0.12-6.fc33.x86_64 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64 Public key for numactl-libs-2.0.12-6.fc33.x86_64.rpm is not installed. Failing package is: numactl-libs-2.0.12-6.fc33.x86_64 GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-33-x86_64 The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Error: GPG check FAILED I can see the docker.io image has older packages # rpm -q fedora-release-container fedora-gpg-keys fedora-release-container-33-0.9.noarch fedora-gpg-keys-33-0.8.noarch than the registry.fedoraproject.org image # rpm -q fedora-release-container fedora-gpg-keys fedora-release-container-33-0.13.noarch fedora-gpg-keys-33-0.11.noarch Looking at https://hub.docker.com/_/fedora?tab=tags I see the rawhide image is over a month out of date. As a workaround I tried adding dnf update -y --nogpgcheck fedora-gpg-keys and this pulls in fedora-gpg-keys-34-0.1.noarch on docker.io images, and does nothing on registry.fedoraproject.org images. Even after the fedora-gpg-keys update, I still get gpg errors installing RPMs. Why is docker.io registry lagging so far behind registry.fedoraproject.org ? Why is the registry.fedoraproject.org image seemingly attached to F33 content, not pulling in F34 rawhide content ? While the older docker.io image trying to use F34 rawhide content. These inconsistency between the registries is making it really quite painful for using Fedora rawhide images across different host OS. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|