URGENT Re: Package kit traceback with new keys

Warren Togami wtogami at redhat.com
Sat Sep 6 05:42:34 UTC 2008

Jesse Keating wrote:
> Hey, so we just tested our transition fedora-release package and trying
> to get new updates with a new key installed, and we're running into a
> traceback.
> PackageKit-0.2.4-6.fc9.x86_64 is the package version
> http://togami.com/~warren/fedora/fedora-release-9-3.transitiontest1.noarch.rpm is the fedora-release package to install to get info about the new repo and new keys
> http://fpaste.org/paste/5778 is the output of what happens when warren
> tries to install updates from the new location.
> Any ideas?

To give you an idea about the severity of this problem.

We cannot push any Fedora Updates until PK is fixed.  If we push this
fedora-release before PK is fixed, then GUI users will forever fail,
requiring command line intervention to recover.  We cannot subsequently
push a fixed PK, because their old PK will crash here when attempting to
update other packages in addition to the fixed PK.

Fedora 9 Updates

PK seems to be crashing here after it downloads packages, at the point
where yum would ask if you want to install a new GPG key.

Oh damn.  DrNick is reporting that his F9 PackageKit is asking him if he
wants to import a key, but it seems to be stuck in a loop asking
repeatedly for the same package.  His next attempt got past that point
to a PolicyKit dialog, then back into the fail loop.

PackageKit in F9 updates seems to be extremely broken. =(

Alternative Ugly Hack
We are already very late in pushing updates, and there exists
uncertainty about how long it would take to fix PK, and there are
inherent risks in upgrading PK so hastily.  So here is an alternative
horrible hack that would allow us to push updates immediately.

fedora-release (transition package only)
%post runs a script that forks itself into the background.  That script
waits for rpmdb to unlock, then imports the new key silently.  Then the
upgrade goes smoothly for all users no matter what version of PK they have.

fedora-release (new repo)
This package removes the %post hack.

Assuming we can make this import safely, then we can have the oldrepos
on the mirrors entirely empty, except for the transitional
fedora-release package.  This ugly hack has the benefit of being a lot
simpler and easier to understand.  The only trick is figuring out how
the script can know when it is safe to import.

Which path should we take?

Warren Togami
wtogami at redhat.com

More information about the rel-eng mailing list