Bug 821015

Summary: Software Update claims all packages are untrusted
Product: [Fedora] Fedora Reporter: Nils Philippsen <nphilipp>
Component: PackageKitAssignee: Nils Philippsen <nphilipp>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 17CC: alick9188, awilliam, belegdol, bugzilla.i.sekler, dallan, dan.doel, dean, fedorabugmail, gerard.fernandes, hughsient, jonathan, mike, nphilipp, paul.lipps, rankincj, redhat-bugzilla, robatino, rtc, rvitale, smparrish, tflink, twaugh, vpvainio
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: AcceptedBlocker
Fixed In Version: PackageKit-0.7.4-2.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 814945 Environment:
Last Closed: 2012-05-15 05:26:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 814945    
Bug Blocks: 752650    

Description Nils Philippsen 2012-05-11 14:59:59 UTC
Cloning this for Fedora 17, as this issue popped up here as well now (instead of the time of the Fedora 16 update).

+++ This bug was initially created as a clone of Bug #814945 +++

+++ This bug was initially created as a clone of Bug #771746 +++

Any attempt to use the Software Update or Add/Remove Software tools results in an 'Authenticate' dialog. The text is 

"The software is not from a trusted source. Do not update these packages unless you are sure it is safe to do so."

Clicking on details gives the following:

Action: org.freedesktop.packagekit.package-install-untrusted
Vendor: The PackageKit Project

Testing indicates this dialog occurs for *any* package, from all the default repositories. I do not know why Software Update wants a root password as no changes to the repository configuration have been changed.

This behavior started after updating to PackageKit 0.6.22.1.fc16.

--- Additional comment from twaugh on 2012-04-22 17:05:10 EDT ---

I see this too.

--- Additional comment from paul.lipps on 2012-04-23 13:16:09 EDT ---

This just occured again for me as well. I will provide a yum history of updates soon.

--- Additional comment from mike on 2012-04-23 13:38:57 EDT ---

According to the package log, Richard removed[1] Nils patch from bug 771746 with the latest release thinking it had been upstreamed. Unfortunately only part 1[2] of the patch was. I cannot find a matching commit for part 2 of his patch upstream.

[1] http://pkgs.fedoraproject.org/gitweb/?p=PackageKit.git;a=commit;h=e4abcc7719af43764dac4e90a6888fd8ab78cf09
[2] http://gitorious.org/packagekit/packagekit/commit/7dbee21a7adbc25856b53532d0fe55f272f580bb

--- Additional comment from mike on 2012-04-25 01:28:49 EDT ---

*** Bug 816025 has been marked as a duplicate of this bug. ***

--- Additional comment from nphilipp on 2012-04-25 05:15:28 EDT ---

I've looked into this yesterday a bit and found that using pkcon (the command line tool) from the 0.6.x branch reproduced this bug reliably. The same set of commits is in the master branch however and the behavior isn't faulty.

--- Additional comment from dallan on 2012-04-26 10:42:35 EDT ---

I'm seeing this as well; yum update reports no problems with the updated packages and successfully updates the system, however, this bug effectively makes the graphical tool useless since no one should be installing untrusted packages.

--- Additional comment from nphilipp on 2012-04-26 11:57:28 EDT ---

I've come up with a patch which fixes the behavior in every situation imaginable to me, installing or updating, signed or unsigned or signed with an unknown key present in /etc/pki/rpm-gpg. PackageKit-0.6.22-2.fc16 is building right now with this patch, please test thoroughly. Thanks!

--- Additional comment from updates on 2012-04-26 12:05:15 EDT ---

PackageKit-0.6.22-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/PackageKit-0.6.22-2.fc16

--- Additional comment from nphilipp on 2012-04-26 12:11:38 EDT ---

NB: I'll be on vacation and will return on May 10th.

--- Additional comment from updates on 2012-04-27 01:51:36 EDT ---

Package PackageKit-0.6.22-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing PackageKit-0.6.22-2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6721/PackageKit-0.6.22-2.fc16
then log in and leave karma (feedback).

--- Additional comment from updates on 2012-04-28 20:25:07 EDT ---

PackageKit-0.6.22-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from dallan on 2012-04-30 16:39:49 EDT ---

*** Bug 815541 has been marked as a duplicate of this bug. ***

--- Additional comment from ilja_sekler_ on 2012-05-10 05:35:25 EDT ---

This might have regressed again, I see this issue with PackageKit-0.7.4-1.fc17.x86_64 and gnome-packagekit-3.4.0-1.fc17.x86_64 each time I try to update or add packages. This happens even with all *-updates-testing repositories disabled. yum on the command line has nothing to complain about.

Comment 1 Nils Philippsen 2012-05-11 15:01:31 UTC
Proposed as F17 blocker because this issue might prevent people from being able to update their systems, e.g. for people who don't have the root password for their laptop.

Comment 2 Fedora Update System 2012-05-11 15:31:32 UTC
PackageKit-0.7.4-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/PackageKit-0.7.4-2.fc17

Comment 3 Fedora Update System 2012-05-11 21:53:57 UTC
Package PackageKit-0.7.4-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing PackageKit-0.7.4-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7740/PackageKit-0.7.4-2.fc17
then log in and leave karma (feedback).

Comment 4 Adam Williamson 2012-05-12 00:36:12 UTC
Discussed at 2012-05-11 blocker review meeting: http://meetbot.fedoraproject.org/fedora-bugzappers/2012-05-11/f17-final-blocker-review-meeting-5.2012-05-11-17.04.html . Accepted as a blocker per criterion "The installed system must be able to download and install updates with yum and the default graphical package manager in all release-blocking desktops", in the case of systems where the user does not have the root password (we intend non-root users to be able to install updates).



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 5 Tim Flink 2012-05-14 20:12:31 UTC
Tested on a F17 Final TC4 install - after updating PackageKit and its related dependencies, I am no longer prompted for an administrator password when attempting to update from repos that should be trusted.

Once this is in the next compose, will re-test before setting to VERIFIED.

Comment 6 Fedora Update System 2012-05-15 05:26:25 UTC
PackageKit-0.7.4-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.