touch-packages team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

I think the correct fix is as follows:

 * PackageKit has a transaction flag on the InstallFiles method for whether it's allowed to install unsigned files.  We should certainly honour that, and return one of the values accepted by pk_backend_job_error_code_is_need_untrusted, then I believe that pkcon will fall back to trying the transaction in allow-unsigned mode.
 * We need to figure out how to allow untrusted installations via pkcon from the command line but not from the scope.  I think it may be possible to do something with PolicyKit here.  Sadly the scope uses InstallFiles rather than InstallPackages, or else it would be relatively trivial.  I haven't had a chance to figure this out in detail, but note that click/pk-plugin/pk-plugin-click.c:pk_plugin_transaction_get_action accepts the "org.freedesktop.packagekit.package-install-untrusted" action.

If you really need to revert anything for now, then please don't revert
the whole thing.  Rather, just revert r499 from lp:click/devel (that is,
reinstate r497).  That way we'll keep the signing framework in general,
packages that are signed with an invalid signature will still be
rejected, and we'll have less work to put things back later.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to click in Ubuntu.
https://bugs.launchpad.net/bugs/1360582

Title:
  Can't manually install clicks "Signature verification error" since
  #205

Status in “click” package in Ubuntu:
  New
Status in “phablet-tools” package in Ubuntu:
  Confirmed

Bug description:
  See mailing list thread at https://lists.launchpad.net/ubuntu-
  phone/msg09607.html

  Since image #205 I can't install click packages using click-buddy &
  pkcon install-local. Changed click-buddy to use  "adb $ADBOPTS shell
  click install --user=$DEVICE_USER --allow-unauthenticated /tmp/$click"
  which worked for me, but dunno if that's the "right" thing to do.

  alan@deep-thought:~/phablet/code/coreapps⟫ adb push com.ubuntu.music_1.3.597_all.click /tmp
  2560 KB/s (401406 bytes in 0.153s)

  alan@deep-thought:~/phablet/code/coreapps⟫ phablet-shell
  start: Job is already running: ssh
  /home/alan/.ssh/known_hosts updated.
  Original contents retained as /home/alan/.ssh/known_hosts.old
  9 KB/s (399 bytes in 0.040s)
  Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
  Welcome to Ubuntu Utopic Unicorn (development branch) (GNU/Linux 3.4.0-5-mako armv7l)

   * Documentation:  https://help.ubuntu.com/
  Last login: Fri Aug 22 23:53:19 2014 from localhost.localdomain
  phablet@ubuntu-phablet:~$ pkcon install-local /tmp/com.ubuntu.music_1.3.597_all.click 
  Installing files              [=========================]         
  Finished                      [=========================]         
  Installing files              [=========================]         
  Waiting for authentication    [=========================]         
  Starting                      [=========================]         
  Finished                      [=========================]         
  Fatal error: /tmp/com.ubuntu.music_1.3.597_all.click failed to install.
  Cannot install /tmp/com.ubuntu.music_1.3.597_all.click: Signature verification error: debsig: Origin Signature check failed. This deb might not be signed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/click/+bug/1360582/+subscriptions