Description of problem:
Updating my system with KPackageKit and PackageKit-zif, I got the following warning:
The package cups-pk-helper-0.1.3-2.fc15.x86_64 (updates) is untrusted.
Why does it think an official update is untrusted? (And if it really thinks the package is untrusted, why can it be updated to without the root password?)
Version-Release number of selected component (if applicable):
(The KPackageKit build is the same as the official kpackagekit-0.6.3.3-2.fc15 except that I backported my Plasma services patch.)
I don't know.
Steps to Reproduce:
1. Update your system using KPackageKit.
Warning about untrusted package.
No warning about untrusted package (unless something's really wrong with the signature, in which case I expect an error or an authentication prompt).
This seems always reproducible, today's updates were also claimed to be untrusted.
Yup, there's a logic bug in pk-backend-zif.c -- basically the result from zif_package_get_trust_kind() is only valid after zif_transaction_prepare() has been called.
I'll have to work something out so we can have the same behavior as the yum backend, where we take the hack of repo trust to be an early return to the trusted, and a proper trusted check when the packages have actually been downloaded.
You need a new zif (from master) and a new PK (from master) unfortunately.
Author: Richard Hughes <email@example.com>
Date: Thu Sep 22 12:16:16 2011 +0100
zif: Do not always ask for untrusted authentication for trusted repos
Packages are only marked ZIF_PACKAGE_TRUST_KIND_PUBKEY after the transaction has
been prepared (and the packages downloaded), and until then the trust is
From Zif 0.2.4 (commit 48691cfee89e90b90d469d62f29ac335430970be) they will be
set to either ZIF_PACKAGE_TRUST_KIND_PUBKEY_UNVERIFIED when the repo has public
key support, or ZIF_PACKAGE_TRUST_KIND_NONE if the repo does not.
This allows us to skip the transaction straight to only_trusted=FALSE for
transactions involving untrusted packages after simulate which avoids the double
After the packages are downloaded we have either ZIF_PACKAGE_TRUST_KIND_PUBKEY
or ZIF_PACKAGE_TRUST_KIND_NONE and this allows us to fail the transaction in
the normal way prompting a warning dialog like the the yum backend does.
Looks like I need to somehow upgrade the PackageKit (or at least the zif backend) in my repo too, or backport the changes somehow. I'll see what I can do.