Description of problem: If you install from other mean than Live, you don't have the default Fedora GPG key imported (light years old bug). PackageKit fails on this: $ pkcon install htop Installing [=========================] Waiting in queue [=========================] Waiting for authentication [=========================] Waiting in queue [=========================] Starting [=========================] Running [=========================] Resolving dependencies [=========================] Installing packages [=========================] Installing [=========================] Waiting in queue [=========================] Waiting for authentication [=========================] Waiting in queue [=========================] Starting [=========================] Running [=========================] Resolving dependencies [=========================] Downloading packages [=========================] Checking signatures [ ] (0%) Software source signature required Package: htop-1.0.1-2.fc18.x86_64 Software source name: fedora Key URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64 Key user: Fedora (18) <fedora> Key ID: DE7F38BD Key fingerprint: 7efb8811dd11e380b679fcedff01125cde7f38bd Key Timestamp: Mon Aug 6 06:34:44 2012 Do you accept this signature? [N/y] y [=========================] Installing signature [=========================] Waiting in queue [=========================] Waiting for authentication [=========================] Waiting in queue [=========================] Starting [=========================] Getting information [=========================] Fatal error: The backend exited unexpectedly. This is a serious error as the spawned backend did not complete the pending transaction. The GUI fails too. Also update manager fails. Once it fails, further invocations fail immediately: $ pkcon install htop Command failed: This tool could not find any available package: Failed: failed The workaround is to do $ sudo rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-18-primary and then reboot the computer. Version-Release number of selected component (if applicable): PackageKit-gstreamer-plugin-0.8.3-2.fc18.x86_64 PackageKit-command-not-found-0.8.3-2.fc18.x86_64 PackageKit-yum-0.8.3-2.fc18.x86_64 PackageKit-gtk3-module-0.8.3-2.fc18.x86_64 PackageKit-0.8.3-2.fc18.x86_64 PackageKit-yum-plugin-0.8.3-2.fc18.x86_64 PackageKit-glib-0.8.3-2.fc18.x86_64 PackageKit-device-rebind-0.8.3-2.fc18.x86_64 How reproducible: always Steps to Reproduce: 1. install from DVD/netinst 2. try to use PackageKit 3. see it fails after question whether to import the key
Proposing as Alpha blocker: " The installed system must be able to download and install updates with yum and the default graphical package manager in all release-blocking desktops " https://fedoraproject.org/wiki/Fedora_18_Alpha_Release_Criteria
+1 blocker, per criterion.
I also hit this on a fresh install of F18 alpha RC2 from DVD in a VM. +1 blocker, per criterion.
Oh - does the behaviour vary depending on whether the user is an 'admin' or not, like some other bugs?
+1 blocker per criteria...
I have hit this also as user as part of admin group with Gnome in RC2-DVD x86_64 install to HD; root password set. Workaround: root terminal: yum upgrade asks if you want to import GPG key and works
Could this perhaps be related to https://bugzilla.redhat.com/show_bug.cgi?id=852403 ? Does it work in Permissive mode, or if selinux-policy is updated?
reply to self: no, doesn't seem related. I hit this with an 'admin' user, with selinux in Permissive.
12:59:43 PackageKit failed to parse: Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64: invalid command 'Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64' 12:59:43 PackageKit emitting changed 12:59:43 PackageKit emitting allow-cancel 1 12:59:43 PackageKit emitting changed 12:59:43 PackageKit emitting changed 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command 'Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64' 12:59:43 PackageKit failed to parse: error unknown cannot install signature: Key import failed (code 2): Error enum not recognised, and hence ignored: 'unknown' 12:59:43 PackageKit failed to parse: : invalid command '(null)' 12:59:43 PackageKit failed to parse: : invalid command '(null)' 12:59:43 PackageKit failed to parse: Failing package is: 1:tk-8.5.12-1.fc18.x86_64: invalid command ' Failing package is: 1:tk-8.5.12-1.fc18.x86_64' 12:59:43 PackageKit failed to parse: GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64: invalid command ' GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64' 12:59:43 PackageKit failed to parse: : invalid command '(null)' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: Error enum not recognised, and hence ignored: 'unknown' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command '(null)' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command '(null)' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command ' Failing package is: 1:tk-8.5.12-1.fc18.x86_64' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command ' GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64' 12:59:43 PackageKit ignoring message (turn on DeveloperMode): Failed to parse output: invalid command '(null)' 12:59:43 PackageKit backend was exited rather than finished
Discussed at 2012-09-12 blocker review meeting. We agreed that this bug is a violation of the criterion "The installed system must be able to download and install updates with yum and the default graphical package manager in all release-blocking desktops", but can be sufficiently worked around by performing just one yum operation - PK will work correctly after that. So it's rejected as a blocker, accepted as NTH. There was also some discussion of whether the criterion should really require graphical updating to work, as to some, on consideration, it seems like too strict a requirement for an Alpha release. But we will continue that discussion on the list.
What's clear is that the criterion does require graphical updating to work, so I don't see how this is not a blocker.
Created attachment 612908 [details] python script to reproduce the problem This will explode with the following backtrace: yum.Errors.YumBaseError: Key import failed (code 2) This is (I think) because: * getKeyForPackage calls pgpImportPubkey() in yum/__init__.py * which in turn calls rpmts_PgpImportPubkey() in rpm/python/rpmts.py * which calls rpmtsImportPubkey() in rpm/lib/rpmts.c * which calls rpmPubkeyNew() then rpmKeyringAddKey() in rpm/rpmio/rpmkeyring.c * which checks if the keyring is NULL, which it is, and returns -1 * which causes rpmtsImportPubkey() to return RPMRC_FAIL Now, the PackageKit key import code has not changed in over a year, so i can only assume that something loaded the default keyring (either yum or rpm) so that this code worked before and doesn't work now. I've tested this with yum-3.4.3-28.fc17 on F18, and it fails, so that leads me to think that something's changed in rpm, although yum is able to import the same key somehow. Panu, any ideas?
Hmm, yup... This is a combination of a change in rpm 4.10 to avoid loading the keyring on transactions where signature checking is disabled, and the fact that yum defaults to non-signature checking settings on transactions. The ability to import keys shouldn't be tied to signature checking enabled/disabled though, this is an unintended side-effect of the keyring loading change. Will fix.
Fixed upstream: http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=9209e6cd78a1e6814f3038734cdd300b97ddcf1b
(In reply to comment #14) > Fixed upstream: > http://rpm.org/gitweb?p=rpm.git;a=commitdiff; > h=9209e6cd78a1e6814f3038734cdd300b97ddcf1b Brilliant, thanks. Any ETA on a Fedora 18 package or is rpm-4.10.1 coming before the beta? I can build a package with the fix if you're super busy. Richard.
Discussed at 2012-09-26 blocker review meeting: http://meetbot.fedoraproject.org/fedora-qa/2012-09-26/f18-beta-blocker-review-1.2012-09-26-16.03.log.txt . Accepted as a blocker for Beta: the criterion is the same as for Alpha, "The installed system must be able to download and install updates with yum and the default graphical package manager in all release-blocking desktops". For Alpha we considered 'run yum once' to be an acceptable workaround, but for the higher standards expected of a Beta, we don't consider it good enough.
rpm-4.10.1-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/rpm-4.10.1-1.fc18
Package rpm-4.10.1-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpm-4.10.1-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-15295/rpm-4.10.1-1.fc18 then log in and leave karma (feedback).
With rpm-4.10.1-1.fc18 PackageKit was able to install the gpg key.
The update was pushed stable, closing.