LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices



Reply
 
Search this Thread
Old 06-04-2011, 01:33 PM   #1
clausawits
Member
 
Registered: Jun 2001
Posts: 128

Rep: Reputation: 16
The software is not from a trusted source.


This appears to have been around since at least Fedora 12 (ref. "CLOSED WONTFIX" status on bug 569116 here-- https://bugzilla.redhat.com/show_bug.cgi?id=569116 ) and still exists at least on 14.

Any idea how to find out WHICH item(s) from the long list on my software update screen is not from a trusted source?! (And maybe _why_ it is not trusted?)

So what's better: updating "not from a trusted source", or not updating? Seems lose-lose to me.

How can I find out which repositories I'm using aren't signed?
 
Old 06-04-2011, 02:29 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 13,523

Rep: Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805Reputation: 1805
what random rpm from the net did you download and install ?

or
what repo did you turn on and NOT import the encryption key for
and example for ATrpm
rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms

or

what key that yum asked you to import did you type "n" instead of "y"

the full error will have the name of the rpm that is causing the error .
 
Old 06-05-2011, 10:48 PM   #3
clausawits
Member
 
Registered: Jun 2001
Posts: 128

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by John VV View Post
what random rpm from the net did you download and install ?

or
what repo did you turn on and NOT import the encryption key for
and example for ATrpm
rpm --import http://packages.atrpms.net/RPM-GPG-KEY.atrpms
or

what key that yum asked you to import did you type "n" instead of "y"
Q:"What's an easy way to figure out what I forgot to do?"
A:"Well, tell me what you forgot to do, and I can tell you."

Quote:
the full error will have the name of the rpm that is causing the error .
That would be brilliant! I just can't find the "Many packages" package in the list of packages to be updated. I'd uncheck it if I could... Maybe I'm missing a step on how to get the "full error", all I'm doing is clicking on the "Details" part of the dialog.

Oh! I know-- I'll go package by package and see what repo the updater is trying to use for which package. Then I'll just authorize packages one repo at a time and see which batch gives me the "not from a trusted source" error...

Shucks... there's no information (that I can find) in the Software Update window to tell me which repo the package is coming from, and no apparent way to filter on repo.


On a lark, I even ran the thing (gpk-update-viewer) from the command line to see if I could find useful info being spewed to Standard Output. There's a lot of spew there, but nothing that I can identify as a name of a problematic package or repository in the output.

I do see a line that says:
(gpk-update-viewer:2450): PackageKit-DEBUG: we got an untrusted message, so skipping only-trusted
with the next 80 lines or so reading:
(gpk-update-viewer:2450): PackageKit-DEBUG: removing <snip>
where <snip> in the 46 following lines represents what looks like each package in the actual window twice (I count 23 lines in the Software Update window, and 46 lines of package names all preceded with the line above).



Alright, in case someone else stumbles across this post, let me try to make something useful. I'm hoping that Yum repositories and the repos that Software Update uses are the same.

I can get the yum repositories I have configured by using this command:
Code:
yum repolist > repolist.txt
To find out which ones have keys, the best I can do is to go manually through every repo listed in /etc/yum.repos.d/ looking for a line that starts with gpgkey=
It's still messy, but the quickest way I could do it was to
Code:
grep gpgkey /etc/yum.repos.d/* | uniq > repokeys.txt
There should be at least one line in the repolist.txt that doesn't have an entry in repokeys.txt.

It looks like my problem is the fedora-firefox4 repository (the "spot" repository) lacks a gpgkey. I can't seem to find one via google. I'll start another thread for that, but I'm not terribly hopeful.

Of course none of this addresses what I perceive to be significant usability problems with the Software Update system. Yay! I've spent an hour and a half screwing around with this (so far) instead of doing what I want to do!
 
Old 06-06-2011, 10:14 AM   #4
RockDoctor
Senior Member
 
Registered: Nov 2003
Location: Minnesota, US
Distribution: Fedora, Ubuntu
Posts: 1,252

Rep: Reputation: 252Reputation: 252Reputation: 252
Here's the file that I found on the web to enable Spot's repo for FF4 on F14 - note the last line:
Code:
[fedora-firefox4]
name=Firefox 4 Web Browser
baseurl=http://repos.fedorapeople.org/repos/spot/firefox4/fedora-$releasever/$basearch/
enabled=1
gpgcheck=0
For more useful(?) error messages, you might try using yumex (if you want/need a GUI) or yum to do your updating rather than PackageKit
 
Old 06-06-2011, 10:02 PM   #5
clausawits
Member
 
Registered: Jun 2001
Posts: 128

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by RockDoctor View Post
For more useful(?) error messages, you might try using yumex (if you want/need a GUI) or yum to do your updating rather than PackageKit
Thanks! I'll check that out...

(I usually start by trying to use the default thing the distro provides... this helps me have a good gage for how much pain I would be inflicting if I were to recommend the distro to someone... but once I get past that "assessing the painfulness" stage, I definitely appreciate hearing about and moving on to what people have found to be more effective)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Distinguish between freeware, shareware, open source software and closed source ... turbomen Linux - Newbie 1 11-16-2010 03:49 AM
LXer: Red Hat to set up open-source software store: source LXer Syndicated Linux News 0 03-09-2007 03:16 PM
Sun will DROP Trusted Solaris Software...?? as400 Solaris / OpenSolaris 1 07-15-2006 10:42 PM
Linux trusted website software john_smith Linux - Software 3 04-30-2006 02:52 PM


All times are GMT -5. The time now is 01:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration