This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 821015 - Software Update claims all packages are untrusted
Software Update claims all packages are untrusted
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: PackageKit (Show other bugs)
17
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Nils Philippsen
Fedora Extras Quality Assurance
AcceptedBlocker
: Regression
Depends On: 814945
Blocks: F17Blocker/F17FinalBlocker
  Show dependency treegraph
 
Reported: 2012-05-11 10:59 EDT by Nils Philippsen
Modified: 2012-05-15 01:26 EDT (History)
23 users (show)

See Also:
Fixed In Version: PackageKit-0.7.4-2.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 814945
Environment:
Last Closed: 2012-05-15 01:26:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Nils Philippsen 2012-05-11 10:59:59 EDT
Cloning this for Fedora 17, as this issue popped up here as well now (instead of the time of the Fedora 16 update).

+++ This bug was initially created as a clone of Bug #814945 +++

+++ This bug was initially created as a clone of Bug #771746 +++

Any attempt to use the Software Update or Add/Remove Software tools results in an 'Authenticate' dialog. The text is 

"The software is not from a trusted source. Do not update these packages unless you are sure it is safe to do so."

Clicking on details gives the following:

Action: org.freedesktop.packagekit.package-install-untrusted
Vendor: The PackageKit Project

Testing indicates this dialog occurs for *any* package, from all the default repositories. I do not know why Software Update wants a root password as no changes to the repository configuration have been changed.

This behavior started after updating to PackageKit 0.6.22.1.fc16.

--- Additional comment from twaugh@redhat.com on 2012-04-22 17:05:10 EDT ---

I see this too.

--- Additional comment from paul.lipps@gmail.com on 2012-04-23 13:16:09 EDT ---

This just occured again for me as well. I will provide a yum history of updates soon.

--- Additional comment from mike@cchtml.com on 2012-04-23 13:38:57 EDT ---

According to the package log, Richard removed[1] Nils patch from bug 771746 with the latest release thinking it had been upstreamed. Unfortunately only part 1[2] of the patch was. I cannot find a matching commit for part 2 of his patch upstream.

[1] http://pkgs.fedoraproject.org/gitweb/?p=PackageKit.git;a=commit;h=e4abcc7719af43764dac4e90a6888fd8ab78cf09
[2] http://gitorious.org/packagekit/packagekit/commit/7dbee21a7adbc25856b53532d0fe55f272f580bb

--- Additional comment from mike@cchtml.com on 2012-04-25 01:28:49 EDT ---

*** Bug 816025 has been marked as a duplicate of this bug. ***

--- Additional comment from nphilipp@redhat.com on 2012-04-25 05:15:28 EDT ---

I've looked into this yesterday a bit and found that using pkcon (the command line tool) from the 0.6.x branch reproduced this bug reliably. The same set of commits is in the master branch however and the behavior isn't faulty.

--- Additional comment from dallan@redhat.com on 2012-04-26 10:42:35 EDT ---

I'm seeing this as well; yum update reports no problems with the updated packages and successfully updates the system, however, this bug effectively makes the graphical tool useless since no one should be installing untrusted packages.

--- Additional comment from nphilipp@redhat.com on 2012-04-26 11:57:28 EDT ---

I've come up with a patch which fixes the behavior in every situation imaginable to me, installing or updating, signed or unsigned or signed with an unknown key present in /etc/pki/rpm-gpg. PackageKit-0.6.22-2.fc16 is building right now with this patch, please test thoroughly. Thanks!

--- Additional comment from updates@fedoraproject.org on 2012-04-26 12:05:15 EDT ---

PackageKit-0.6.22-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/PackageKit-0.6.22-2.fc16

--- Additional comment from nphilipp@redhat.com on 2012-04-26 12:11:38 EDT ---

NB: I'll be on vacation and will return on May 10th.

--- Additional comment from updates@fedoraproject.org on 2012-04-27 01:51:36 EDT ---

Package PackageKit-0.6.22-2.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing PackageKit-0.6.22-2.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-6721/PackageKit-0.6.22-2.fc16
then log in and leave karma (feedback).

--- Additional comment from updates@fedoraproject.org on 2012-04-28 20:25:07 EDT ---

PackageKit-0.6.22-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

--- Additional comment from dallan@redhat.com on 2012-04-30 16:39:49 EDT ---

*** Bug 815541 has been marked as a duplicate of this bug. ***

--- Additional comment from ilja_sekler_@gmx.de on 2012-05-10 05:35:25 EDT ---

This might have regressed again, I see this issue with PackageKit-0.7.4-1.fc17.x86_64 and gnome-packagekit-3.4.0-1.fc17.x86_64 each time I try to update or add packages. This happens even with all *-updates-testing repositories disabled. yum on the command line has nothing to complain about.
Comment 1 Nils Philippsen 2012-05-11 11:01:31 EDT
Proposed as F17 blocker because this issue might prevent people from being able to update their systems, e.g. for people who don't have the root password for their laptop.
Comment 2 Fedora Update System 2012-05-11 11:31:32 EDT
PackageKit-0.7.4-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/PackageKit-0.7.4-2.fc17
Comment 3 Fedora Update System 2012-05-11 17:53:57 EDT
Package PackageKit-0.7.4-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing PackageKit-0.7.4-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7740/PackageKit-0.7.4-2.fc17
then log in and leave karma (feedback).
Comment 4 Adam Williamson 2012-05-11 20:36:12 EDT
Discussed at 2012-05-11 blocker review meeting: http://meetbot.fedoraproject.org/fedora-bugzappers/2012-05-11/f17-final-blocker-review-meeting-5.2012-05-11-17.04.html . Accepted as a blocker per criterion "The installed system must be able to download and install updates with yum and the default graphical package manager in all release-blocking desktops", in the case of systems where the user does not have the root password (we intend non-root users to be able to install updates).



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 5 Tim Flink 2012-05-14 16:12:31 EDT
Tested on a F17 Final TC4 install - after updating PackageKit and its related dependencies, I am no longer prompted for an administrator password when attempting to update from repos that should be trusted.

Once this is in the next compose, will re-test before setting to VERIFIED.
Comment 6 Fedora Update System 2012-05-15 01:26:25 EDT
PackageKit-0.7.4-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.