Bug 862221

Summary: repo.getPackage(po) fails with yum-3.4.3-44 but works using git master
Product: [Fedora] Fedora Reporter: Richard Hughes <rhughes>
Component: yumAssignee: Fedora Packaging Toolset Team <packaging-team>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: awilliam, ffesti, maxamillion, packaging-team, robatino, tim.lauridsen, zpavlas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: RejectedBlocker RejectedNTH
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 15:00:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard Hughes 2012-10-02 10:41:08 UTC 
Description of problem:

The PackageKit call to repo.getPackage(txmbr.po) fails when the repo is untrusted, e.g. f18-gnome. This breaks the offline update feature which is a required feature for F18.

Yum from git master has been fixed with quite a few commits in that area (e.g. ef033251187312535bfd1e5dcddfa444b1ac50d6), but yum-3.4.3-44 is broken in Fedora.

Downloading files from repos in F18 now fails with:

---
Cannot download file: Downloaded package gpgme-devel-1.3.2-1.fc18.x86_64, from f18-gnome, but it was invalid.
---

Version-Release number of selected component (if applicable):
yum-3.4.3-44

How reproducible:
Always

Steps to Reproduce:
1. Set up a repo file to an unsigned repo, e.g. f18-gnome
2. Do "pkcon update --only-download"
3. Observe message from yum about the download being invalid (the package is not signed, and is not meant to be signed)
  
Actual results:
A failed offline update.

Expected results:
A downloaded file.

Additional info:
This is most probably a F18 blocker. Either the commits from master can be backported into -44, or a new release could be uploaded.
Comment 1 Fedora Update System 2012-10-02 11:36:57 UTC 
yum-3.4.3-45.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/yum-3.4.3-45.fc18
Comment 2 Fedora Update System 2012-10-02 19:49:29 UTC 
Package yum-3.4.3-45.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing yum-3.4.3-45.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-15231/yum-3.4.3-45.fc18
then log in and leave karma (feedback).
Comment 3 Adam Williamson 2012-10-03 17:45:28 UTC 
Discussed at 2012-10-03 blocker review meeting: http://meetbot.fedoraproject.org/fedora-qa/2012-10-03/f18-beta-blocker-review-2.2012-10-03-16.00.log.txt . It's an established principle (written in the release criteria pages) that bugs are not blockers simply because they relate to features: the feature process and the blocker process are separate by design. Incomplete features are a FESCo / feature process issue, not a release validation / blocker process issue.

We also note that this bug does not appear to violate the update criteria as they currently stand. We further note that it appears to happen only if you are using an unofficial, unsigned repository anyway, which we wouldn't count as a release blocker in any case. So this fails from any angle. =) Rejected as a blocker and rejected as NTH, re-propose with better justification if needed. Note that freeze is not until 10-09, so this can be pushed quite happily any time before that.
Comment 4 Fedora Update System 2012-12-20 15:00:10 UTC 
yum-3.4.3-45.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.