Bug 481081 - KPackageKit chokes on unsigned (or signed with an unknown key) RPMs
Summary: KPackageKit chokes on unsigned (or signed with an unknown key) RPMs
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kpackagekit
Version: 10
Hardware: i686
OS: Linux
low
high
Target Milestone: ---
Assignee: Steven M. Parrish
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-22 02:19 UTC by Daisy Jane
Modified: 2009-04-28 07:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-27 18:56:58 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Daisy Jane 2009-01-22 02:19:45 UTC
This problem occurred in Fedora 10 with the KDE Desktop in the latest release ordered from Linuxcentral.com.

I installed Fedora 10 with the KDE desktop, and immediately experienced problems with the package downloader program crashing (Kdownload?? something like that).  Every time I tried to use it, it crashed.  I was able to *check* for package updates successfully, but when I tried to download them, the download program crashed, while telling me "there is an error because this package is not signed".  I got this same crash and error while trying to download not only updates, but Opera, and other third party Linux accessories, basically I could not download anything without getting this crash/error, and the problem happened from the very beginning.  I since took that machine offline because I could not get it secure with the updates.  Also, I checked my settings for both the OS and Konqueror and did not find anything that would prevent unsigned elements from downloading or installing.


How reproducible: should be able to reproduce


Steps to Reproduce:
1.install Fedora 10 with KDE desktop
2. check for updates, try to download updates OR

3.try to download Opera
  
Actual results: Kdownload(?) program crash, window with red x, telling me "this package could not be downloaded because it is not signed"


Expected results: crash/error


Additional info: checked OS and Konqueror settings and could not find anything that would prevent unsigned elements from downloading or installing

Comment 1 Rex Dieter 2009-01-22 18:19:16 UTC
I'll guess kpackagekit here.

I'm pretty sure PackageKit default policy is indeed to disallow unsigned packages.  Not sure how/why official updates are being labeled as such.

Comment 2 Kevin Kofler 2009-02-01 15:19:25 UTC
I can confirm this: KPackageKit chokes on RPMs which are unsigned or signed with an unknown key.

What is supposed to happen (and what happens with gnome-packagekit) is that it warns about the unauthenticated package and prompts for the root password, then installs the package. What KPackageKit does is that it brings up one of those "Erro KPackageKit" windows.

Comment 3 Steven M. Parrish 2009-02-04 17:23:02 UTC
Thank you for the bug report.  This issue needs to be addressed by the upstream developers.  Please submit a report at http://bugs.kde.org. You are requested to add the bugzilla link here for tracking purposes. Please make sure the bug isn't already in the upstream bug tracker before filing it.

Comment 4 Thorsten Leemhuis 2009-02-23 18:56:13 UTC
(In reply to comment #3)
> Thank you for the bug report.  This issue needs to be addressed by the upstream
> developers.  Please submit a report at http://bugs.kde.org. You are requested
> to add the bugzilla link here for tracking purposes. Please make sure the bug
> isn't already in the upstream bug tracker before filing it.

ping -- did that happen? RPM Fusion has a interest to get this fixed, as this bug right now it complicated the "how to enable RPM Fusion" documentation :-((

Comment 5 Kevin Kofler 2009-02-23 22:54:19 UTC
Upstream changelogs claim it's fixed in 0.4.0, I didn't have a chance to test that yet. (Note that AFAIK KPackageKit 0.4.0 needs PackageKit 0.4, so it's only in Rawhide at the moment.)

Comment 6 Steven M. Parrish 2009-02-23 23:03:20 UTC
Ok I just finished testing this with 0.4.0 in Rawhide and it is indeed fixed.  However as Kevin said it currently is only in Rawhide as it does require Packagekit >= 0.4.  While this will more than likely make it into F10 I would doubt you will see it in F9.  I'm waiting on word from RHughes as to when/if he plans on upgrading F10 to the 0.4 release.

Comment 7 Steven M. Parrish 2009-04-27 18:56:58 UTC
Currently no plans to upgrade Packagekit on F10 so this is going to continue to be an issue.  This is fixed in F11+.

Comment 8 Kevin Kofler 2009-04-28 07:07:53 UTC
I think we should really work on getting the PackageKit 0.4 stack into F10, it's a huge improvement for KPackageKit.


Note You need to log in before you can comment on or make changes to this bug.