Bug 1767007 - Can't pull from untrusted non-gpg verified remote when updating Flatpak Firefox 69 > 70
Summary: Can't pull from untrusted non-gpg verified remote when updating Flatpak Firef...
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: flatpak
Version: ---
Hardware: x86_64
OS: Linux
Target Milestone: rc
: 8.0
Assignee: Kalev Lember
QA Contact: Desktop QE
Depends On:
TreeView+ depends on / blocked
Reported: 2019-10-30 13:30 UTC by David
Modified: 2019-11-18 08:04 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-10-30 13:44:44 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

Description David 2019-10-30 13:30:20 UTC
Description of problem:

I am using Centos 8, but I assume that makes this valid for RHEL 8.

Firefox 69 flatpak from Fedora flatpak OCI worked, but when I try to update to 70 I get "Can't pull from untrusted non-gpg verified remote" 
Version-Release number of selected component (if applicable):

Flatpak 1.0.6

Please see my report, the package maintainer suggested I make a bug report here:


I originally added the repo with flatpak remote-add --if-not-exists fedora oci+https://registry.fedoraproject.org

This is the output from the terminal when I try to update:

flatpak update
Looking for updates...
Installing in system:
org.freedesktop.Platform.openh264/x86_64/19.08 flathub 563e6c1a7173
Updating in system:
org.mozilla.Firefox/x86_64/stable fedora 445138d3b3fb
Is this ok [y/n]: y
Updating: org.mozilla.Firefox/x86_64/stable from fedora
Error: Failed to update org.mozilla.Firefox/x86_64/stable: Can't pull from untrusted non-gpg verified remote
Installing: org.freedesktop.Platform.openh264/x86_64/19.08 from flathub
Warning: Failed to install org.freedesktop.Platform.openh264/x86_64/19.08: runtime/org.freedesktop.Platform.openh264/x86_64/19.08 needs a later flatpak version (1.4.2;1.2.5;1.0.9;)
error: There were one or more errors

Comment 1 David King 2019-10-30 13:44:44 UTC
The other error message clearly states that you need a more recent flatpak version.

Comment 2 David 2019-10-30 16:24:21 UTC
(In reply to David King from comment #1)
> The other error message clearly states that you need a more recent flatpak
> version.

That is unrelated. It said that when I installed FF69 and worked fine. This bug report relates to "Can't pull from untrusted non-gpg verified remote"

Comment 3 David 2019-10-31 10:46:07 UTC
Gnome Software just tried to update Firefox, it claimed it was successfully updated, and then gave the exact same "Can't pull from untrusted non-gpg verified remote" error. It was not updated and remains in the list of software that has updates.

Comment 4 Kalev Lember 2019-11-06 13:06:31 UTC
Owen, do you know if we are missing an OCI patch for rhel 8.1.0 flatpak builds? I feel like we've had this error in Fedora as well in the past and you fixed it.

Comment 5 Owen Taylor 2019-11-12 17:47:56 UTC
Looks like https://lists.fedoraproject.org/archives/list/desktop@lists.fedoraproject.org/message/XV76QSHKUEKWQBZYPAMHJEIUSU26IQ5C/ - we patched it in 1.2.4-X for Fedora, and it was fixed in 1.4 upstream - so, yes, it wouldn't be fixed in the 8.1.0 1.0.6 unless we added a patch. 

Installing from https://firefox-flatpak.mojefedora.cz/ would be one workaround - this problem only occurs for OCI remotes, like the Fedora Flatpak remote.

Note You need to log in before you can comment on or make changes to this bug.