I think the correct fix is as follows: * PackageKit has a transaction flag on the InstallFiles method for whether it's allowed to install unsigned files. We should certainly honour that, and return one of the values accepted by pk_backend_job_error_code_is_need_untrusted, then I believe that pkcon will fall back to trying the transaction in allow-unsigned mode. * We need to figure out how to allow untrusted installations via pkcon from the command line but not from the scope. I think it may be possible to do something with PolicyKit here. Sadly the scope uses InstallFiles rather than InstallPackages, or else it would be relatively trivial. I haven't had a chance to figure this out in detail, but note that click/pk-plugin/pk-plugin-click.c:pk_plugin_transaction_get_action accepts the "org.freedesktop.packagekit.package-install-untrusted" action.
If you really need to revert anything for now, then please don't revert the whole thing. Rather, just revert r499 from lp:click/devel (that is, reinstate r497). That way we'll keep the signing framework in general, packages that are signed with an invalid signature will still be rejected, and we'll have less work to put things back later. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to click in Ubuntu. https://bugs.launchpad.net/bugs/1360582 Title: Can't manually install clicks "Signature verification error" since #205 Status in “click” package in Ubuntu: New Status in “phablet-tools” package in Ubuntu: Confirmed Bug description: See mailing list thread at https://lists.launchpad.net/ubuntu- phone/msg09607.html Since image #205 I can't install click packages using click-buddy & pkcon install-local. Changed click-buddy to use "adb $ADBOPTS shell click install --user=$DEVICE_USER --allow-unauthenticated /tmp/$click" which worked for me, but dunno if that's the "right" thing to do. alan@deep-thought:~/phablet/code/coreapps⟫ adb push com.ubuntu.music_1.3.597_all.click /tmp 2560 KB/s (401406 bytes in 0.153s) alan@deep-thought:~/phablet/code/coreapps⟫ phablet-shell start: Job is already running: ssh /home/alan/.ssh/known_hosts updated. Original contents retained as /home/alan/.ssh/known_hosts.old 9 KB/s (399 bytes in 0.040s) Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts. Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.4.0-5-mako armv7l) * Documentation: https://help.ubuntu.com/ Last login: Fri Aug 22 23:53:19 2014 from localhost.localdomain phablet@ubuntu-phablet:~$ pkcon install-local /tmp/com.ubuntu.music_1.3.597_all.click Installing files [=========================] Finished [=========================] Installing files [=========================] Waiting for authentication [=========================] Starting [=========================] Finished [=========================] Fatal error: /tmp/com.ubuntu.music_1.3.597_all.click failed to install. Cannot install /tmp/com.ubuntu.music_1.3.597_all.click: Signature verification error: debsig: Origin Signature check failed. This deb might not be signed. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/click/+bug/1360582/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
