Bug 630395

Summary: gnome-packagekit does not import GPG key of repository; unable to install packages from repositories without already imported key
Product: [Fedora] Fedora Reporter: Holger Arnold <harnold>
Component: gnome-packagekitAssignee: Richard Hughes <rhughes>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: rhughes
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-06 08:04:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Holger Arnold 2010-09-05 10:24:46 UTC
Description of problem:

When installing a package from a repository whose GPG key has not yet been imported into the RPM database (but with the key present in /etc/pki/rpm-gpg), gnome-packagekit asks the user whether he trusts the repository's signing key.  If the user klicks "Yes", gnome-packagekit asks for a password and then pretends to install the package.  In reality, however, nothing gets installed.  

The user gets no information why the package could not be installed and what he can do about it.  Using gnome-packagekit, it is impossible to install signed packages whose keys has not already been imported using "rpm --import".

Version-Release number of selected component (if applicable):

gnome-packagekit-2.30.3-1.fc13.i686

How reproducible:

Steps to Reproduce:
1. Add a new repository by installing the respective "add repository" package (examples: RPM Fusion repositories, Adobe repository).  This will install signing keys in /etc/pki/rpm-gpg.
2. Mark a package from this repository from installation and klick "Apply".
3. gnome-packagekit requires authorization to install a signed package.  Enter the root password.
4. gnome-packagekit asks the user whether he trusts the key of the repository.  Klick "Yes".
5. gnome-packagekit requires authorization for trusting a signing key.  Enter the root password.
  
Actual results:

The package is downloaded, but the signing key of the repository is not imported and the package is not installed.  

Expected results:

gnome-packagekit should import the signing key and install the package.  If, for some reason, the key cannot be imported, the user should be informed about the cause and a possible solution.

Comment 1 Richard Hughes 2010-09-06 08:04:18 UTC

*** This bug has been marked as a duplicate of bug 622179 ***