Bug 1767007

Summary: Can't pull from untrusted non-gpg verified remote when updating Flatpak Firefox 69 > 70
Product: Red Hat Enterprise Linux 8 Reporter: David <david>
Component: flatpakAssignee: Kalev Lember <klember>
Status: ASSIGNED --- QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: ---CC: jkoten, klember, mclasen, otaylor, tpelka
Target Milestone: rcKeywords: Reopened, ZStream
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1783954 (view as bug list) Environment:
Last Closed: 2019-10-30 13:44:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1783954    

Description David 2019-10-30 13:30:20 UTC
Description of problem:

I am using Centos 8, but I assume that makes this valid for RHEL 8.

Firefox 69 flatpak from Fedora flatpak OCI worked, but when I try to update to 70 I get "Can't pull from untrusted non-gpg verified remote" 
Version-Release number of selected component (if applicable):

Flatpak 1.0.6

Please see my report, the package maintainer suggested I make a bug report here:


I originally added the repo with flatpak remote-add --if-not-exists fedora oci+https://registry.fedoraproject.org

This is the output from the terminal when I try to update:

flatpak update
Looking for updates...
Installing in system:
org.freedesktop.Platform.openh264/x86_64/19.08 flathub 563e6c1a7173
Updating in system:
org.mozilla.Firefox/x86_64/stable fedora 445138d3b3fb
Is this ok [y/n]: y
Updating: org.mozilla.Firefox/x86_64/stable from fedora
Error: Failed to update org.mozilla.Firefox/x86_64/stable: Can't pull from untrusted non-gpg verified remote
Installing: org.freedesktop.Platform.openh264/x86_64/19.08 from flathub
Warning: Failed to install org.freedesktop.Platform.openh264/x86_64/19.08: runtime/org.freedesktop.Platform.openh264/x86_64/19.08 needs a later flatpak version (1.4.2;1.2.5;1.0.9;)
error: There were one or more errors

Comment 1 David King 2019-10-30 13:44:44 UTC
The other error message clearly states that you need a more recent flatpak version.

Comment 2 David 2019-10-30 16:24:21 UTC
(In reply to David King from comment #1)
> The other error message clearly states that you need a more recent flatpak
> version.

That is unrelated. It said that when I installed FF69 and worked fine. This bug report relates to "Can't pull from untrusted non-gpg verified remote"

Comment 3 David 2019-10-31 10:46:07 UTC
Gnome Software just tried to update Firefox, it claimed it was successfully updated, and then gave the exact same "Can't pull from untrusted non-gpg verified remote" error. It was not updated and remains in the list of software that has updates.

Comment 4 Kalev Lember 2019-11-06 13:06:31 UTC
Owen, do you know if we are missing an OCI patch for rhel 8.1.0 flatpak builds? I feel like we've had this error in Fedora as well in the past and you fixed it.

Comment 5 Owen Taylor 2019-11-12 17:47:56 UTC
Looks like https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/message/XV76QSHKUEKWQBZYPAMHJEIUSU26IQ5C/ - we patched it in 1.2.4-X for Fedora, and it was fixed in 1.4 upstream - so, yes, it wouldn't be fixed in the 8.1.0 1.0.6 unless we added a patch. 

Installing from https://firefox-flatpak.mojefedora.cz/ would be one workaround - this problem only occurs for OCI remotes, like the Fedora Flatpak remote.