Fedora Linux Support Community & Resources Center
  #1  
Old 8th January 2012, 05:48 PM
amturnip Offline
Registered User
 
Join Date: Jul 2007
Posts: 135
linuxfirefox
"Untrusted" packages in Fedora repository?

In Fedora 16, I tried to install the "sharutils" package. Up came an authentication box saying, "The software is not from a trusted source. Do not install..."

Strange! Well, I also have Fedora 15 handy, and for an experiment I tried to install sharutils there. The authentication box said, "Authentication is required to install a signed package".

Is something wrong with my Fedora 16 setup?

Code:
# yum list sharutils
Loaded plugins: langpacks, presto, refresh-packagekit
Available Packages
sharutils.x86_64                      4.11.1-1.fc16                       fedora

# grep http /etc/yum.repos.d/fedora.repo 
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/source/SRPMS/
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
Reply With Quote
  #2  
Old 8th January 2012, 08:43 PM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 437
macosmidori
Re: "Untrusted" packages in Fedora repository?

Can you attach the exact output from 'yum install sharutils' ?
Reply With Quote
  #3  
Old 8th January 2012, 08:59 PM
John the train Offline
Techno-Womble - Community Manager
 
Join Date: Aug 2006
Location: Gloucestershire, U.K.
Posts: 1,843
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

Don't know if this is totally relevant, but Bob answered a similar query recently, which may help explain/reasure.

http://forums.fedoraforum.org/showthread.php?t=274865
__________________
To get the right answer, one must first ask the right question!
Desktop F20 ( 64 bit )
Laptop F20 ( 32 bit )
Reply With Quote
  #4  
Old 8th January 2012, 09:02 PM
PabloTwo Online
"Registered User" T-Shirt Winner
 
Join Date: Mar 2007
Location: Seville, FL
Posts: 6,210
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

Package checks out OK here..
Code:
BASH:~/-> yumdownloader sharutils
Loaded plugins: langpacks, presto
sharutils-4.11.1-1.fc16.x86_64.rpm
BASH:~/-> rpm -K sharutils-4.11.1-1.fc16.x86_64.rpm 
sharutils-4.11.1-1.fc16.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
Maybe your gpg keys aren't installed correctly? Reinstall:
Code:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64
Reply With Quote
  #5  
Old 8th January 2012, 09:46 PM
Chilly Willy Offline
Registered User
 
Join Date: Jul 2008
Posts: 1,258
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

If I got what you posted, correct...
I've encountered that & when I do it is always associated with a GPG issue, usually a missing one. (unsigned ?) Since it is coming from a trusted repo, I just tell it to give it to me. But I'd NEVER do this on one that I wasn't sure about. That is where one is playing with fire!
__________________
Chilly Willy, Tux's little cousin...

By its very nature, Windows is a PANE!

Last edited by Chilly Willy; 8th January 2012 at 10:11 PM.
Reply With Quote
  #6  
Old 8th January 2012, 09:50 PM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 437
macosmidori
Re: "Untrusted" packages in Fedora repository?

You should never see an unsigned package from Fedora repos.

In this case I'm suspecting somehow the f16 key wasn't imported correctly or the like, but would love to see what yum says.
Reply With Quote
  #7  
Old 8th January 2012, 10:14 PM
Chilly Willy Offline
Registered User
 
Join Date: Jul 2008
Posts: 1,258
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

Quote:
Originally Posted by nirik View Post
You should never see an unsigned package from Fedora repos.

In this case I'm suspecting somehow the f16 key wasn't imported correctly or the like, but would love to see what yum says.
I'm not sure if it was unsigned per say, so I edited my post. but I DO recall it being an issue with it, just not to sure what, as I haven't gotten any for a while now.
__________________
Chilly Willy, Tux's little cousin...

By its very nature, Windows is a PANE!
Reply With Quote
  #8  
Old 8th January 2012, 10:36 PM
amturnip Offline
Registered User
 
Join Date: Jul 2007
Posts: 135
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

Hmm, the "untrusted source" warning comes from "pkcon install" but not from "yum install". By the way, I get the same "rsa sha1 (md5) pgp md5 OK" output from "rpm -K" as PabloTwo. But I'm not sure it's good news. The manual says that parentheses indicate a failure. On the other hand, the output certainly ends with the word "OK". On the third hand, it mentions md5 twice, once as a failure and once as success.

Code:
# pkcon install sharutils
Simulating install            [=========================]         
Starting                      [=========================]         
Running                       [=========================]         
Resolving dependencies        [=========================]         
Installing                    [=========================]         
Waiting for authentication    [=========================]         
Waiting in queue              [=========================]         
Starting                      [=========================]         
Resolving dependencies        [=========================]         
Downloading packages          [=========================]         
Testing changes               [=========================]         
Installing packages           [=========================]         
Scanning applications         [=========================]         
Message: untrusted-package: The package sharutils from repo fedora is untrusted
Reply With Quote
  #9  
Old 11th January 2012, 05:45 AM
jposey Offline
Registered User
 
Join Date: Jan 2009
Posts: 3
linuxfirefox
Question Re: "Untrusted" packages in Fedora repository?

Is there a way to list all the untrusted packages? I am wondering why have a warning message if everyone starts ignoring it, kinda like the boy who called wolf one time two many, and the big bad wolf bites the boy.
Reply With Quote
  #10  
Old 11th January 2012, 05:51 AM
nirik Offline
Community Manager
 
Join Date: Mar 2009
Location: Broomfield, CO
Posts: 437
macosmidori
Re: "Untrusted" packages in Fedora repository?

This might be related to this PackageKit bug:

https://bugzilla.redhat.com/show_bug.cgi?id=771746

I'd suggest folks that see this add info there, or file a new bug on PackageKit.

To see all packages and what key they were signed with:

yum install keychecker

keychecker

Reply With Quote
  #11  
Old 11th January 2012, 06:19 AM
jposey Offline
Registered User
 
Join Date: Jan 2009
Posts: 3
linuxfirefox
Smile Re: "Untrusted" packages in Fedora repository?

Thank you for your help, this is a good way to double check before something happens.
Reply With Quote
  #12  
Old 13th January 2012, 03:17 AM
amturnip Offline
Registered User
 
Join Date: Jul 2007
Posts: 135
linuxfirefox
Re: "Untrusted" packages in Fedora repository?

nirik, I think it is explained by the bug report you pointed out!
Reply With Quote
Reply

Tags
fedora, packages, repository, untrusted

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Never Before Firefox Problem: "Connection is Untrusted" Window billquinn Using Fedora 4 17th November 2010 07:01 PM
Yum gives error "Cannot retrieve repository metadata (repomd.xml) for repository: %s" tmick Using Fedora 31 26th April 2009 05:09 PM
Will current development packages "break" old versions of fedora? php1ic Using Fedora 5 22nd January 2009 02:43 PM
Error:visibility arg must be one of "default", "hidden", "protected" or "internal" wangfeng Using Fedora 0 23rd May 2005 04:59 AM
"Fedora Core 3" Disk 2 needed to install packages. I only have DVD. jesusphreak Using Fedora 1 14th April 2005 08:30 AM


Current GMT-time: 20:41 (Thursday, 25-12-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
...Quixaba Travel Photos - South Island New Zealand - Machala,el Oro Travel Photos on Instagram - Antalya Instagram Photos