https://bugs.kde.org/show_bug.cgi?id=488388
Bug ID: 488388
Summary: Discover shows an unrecoverable error when packages
are unsigned, even if the repo has `gpgcheck=0`
Classification: Applications
Product: Discover
Version: 6.1.0
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: PackageKit
Assignee: plasma-b...@kde.org
Reporter: ad...@happyassassin.net
CC: aleix...@kde.org
Target Milestone: ---
SUMMARY
If you configure a yum/dnf-style repo that contains unsigned packages with
`gpgcheck=0`, then try to install any packages from that repo using Discover,
it will show an unrecoverable error, "There was an issue installing this
update. Please try again later". It should either just allow the install, or
show a warning the user can click through.
STEPS TO REPRODUCE
1. Set up a repository containing unsigned packages
2. Write a yum/dnf config file for the repo, including the directive
`gpgcheck=0`
3. Attempt to install or update a package from the repo using Discover
OBSERVED RESULT
Unrecoverable error message
EXPECTED RESULT
No error, or a warning that can be accepted to proceed
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Fedora Rawhide
KDE Plasma Version: 6.0.90
ADDITIONAL INFORMATION
See GNOME Software tickets
https://gitlab.gnome.org/GNOME/gnome-software/-/issues/603 and
https://gitlab.gnome.org/GNOME/gnome-software/-/issues/2246 for some background
on how this was discussed and handled there. The behaviour of dnf in this case
is that if the repo config says `gpgcheck=0` it will not run any GPG
verification or post any warnings and will happily install unsigned or
unverifiable packages from the repo.
--
You are receiving this mail because:
You are watching all bug changes.
