Bug 814945 - Software Update claims all packages are untrusted
Software Update claims all packages are untrusted
Product: Fedora
Classification: Fedora
Component: PackageKit (Show other bugs)
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Richard Hughes
Fedora Extras Quality Assurance
: Regression
: 815541 816025 (view as bug list)
Depends On:
Blocks: 821015
  Show dependency treegraph
Reported: 2012-04-21 10:00 EDT by James
Modified: 2012-05-11 12:08 EDT (History)
19 users (show)

See Also:
Fixed In Version: PackageKit-0.6.22-2.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 771746
: 821015 (view as bug list)
Last Closed: 2012-04-28 20:25:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description James 2012-04-21 10:00:11 EDT
+++ This bug was initially created as a clone of Bug #771746 +++

Any attempt to use the Software Update or Add/Remove Software tools results in an 'Authenticate' dialog. The text is 

"The software is not from a trusted source. Do not update these packages unless you are sure it is safe to do so."

Clicking on details gives the following:

Action: org.freedesktop.packagekit.package-install-untrusted
Vendor: The PackageKit Project

Testing indicates this dialog occurs for *any* package, from all the default repositories. I do not know why Software Update wants a root password as no changes to the repository configuration have been changed.

This behavior started after updating to PackageKit
Comment 1 Tim Waugh 2012-04-22 17:05:10 EDT
I see this too.
Comment 2 Paul Lipps 2012-04-23 13:16:09 EDT
This just occured again for me as well. I will provide a yum history of updates soon.
Comment 3 Michael Cronenworth 2012-04-23 13:38:57 EDT
According to the package log, Richard removed[1] Nils patch from bug 771746 with the latest release thinking it had been upstreamed. Unfortunately only part 1[2] of the patch was. I cannot find a matching commit for part 2 of his patch upstream.

[1] http://pkgs.fedoraproject.org/gitweb/?p=PackageKit.git;a=commit;h=e4abcc7719af43764dac4e90a6888fd8ab78cf09
[2] http://gitorious.org/packagekit/packagekit/commit/7dbee21a7adbc25856b53532d0fe55f272f580bb
Comment 4 Michael Cronenworth 2012-04-25 01:28:49 EDT
*** Bug 816025 has been marked as a duplicate of this bug. ***
Comment 5 Nils Philippsen 2012-04-25 05:15:28 EDT
I've looked into this yesterday a bit and found that using pkcon (the command line tool) from the 0.6.x branch reproduced this bug reliably. The same set of commits is in the master branch however and the behavior isn't faulty.
Comment 6 Dave Allan 2012-04-26 10:42:35 EDT
I'm seeing this as well; yum update reports no problems with the updated packages and successfully updates the system, however, this bug effectively makes the graphical tool useless since no one should be installing untrusted packages.
Comment 7 Nils Philippsen 2012-04-26 11:57:28 EDT
I've come up with a patch which fixes the behavior in every situation imaginable to me, installing or updating, signed or unsigned or signed with an unknown key present in /etc/pki/rpm-gpg. PackageKit-0.6.22-2.fc16 is building right now with this patch, please test thoroughly. Thanks!
Comment 8 Fedora Update System 2012-04-26 12:05:15 EDT
PackageKit-0.6.22-2.fc16 has been submitted as an update for Fedora 16.
Comment 9 Nils Philippsen 2012-04-26 12:11:38 EDT
NB: I'll be on vacation and will return on May 10th.
Comment 10 Fedora Update System 2012-04-27 01:51:36 EDT
Package PackageKit-0.6.22-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing PackageKit-0.6.22-2.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2012-04-28 20:25:07 EDT
PackageKit-0.6.22-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Dave Allan 2012-04-30 16:39:49 EDT
*** Bug 815541 has been marked as a duplicate of this bug. ***
Comment 13 Ilja Sekler 2012-05-10 05:35:25 EDT
This might have regressed again, I see this issue with PackageKit-0.7.4-1.fc17.x86_64 and gnome-packagekit-3.4.0-1.fc17.x86_64 each time I try to update or add packages. This happens even with all *-updates-testing repositories disabled. yum on the command line has nothing to complain about.
Comment 14 Nils Philippsen 2012-05-11 12:08:07 EDT
Cloned for Fedora 17: bug #821015

Note You need to log in before you can comment on or make changes to this bug.