There does not appear to be a mechanism in PackageKit to import RPM-GPG-KEYs for new repositories. Thus it is not possible to install packages from newly linked repositories.
Steps to reproduce:
1. Add a new valid yum repository (software source).
2. Open PackageKit.
3. Select a package from the newly added repository.
4. Click the install button.
5. The installation hangs with "Checking Signatures" displayed in the statusbar.
Installation hangs with "Checking Signatures" displayed in the statusbar.
User is prompted to import the new repository's RPM-GPG-KEY and the package installs successfully.
Fedora 9 (rawhide) i686
1. Add a new valid yum repository.
2. Open a terminal.
3. su root
4. yum install package-name-from-new-repository
5. You are then prompted to import the new RPM-GPG-KEY for the new repository.
6. When the package finishes installing you should be able to install packages from the new repository via PackageKit.
I think I've fixed this in KOJI, please could you verify: http://koji.fedoraproject.org/koji/buildinfo?buildID=47270 - thanks.
Richard, there has been much discussion on this subject at the Fedora bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=443445 I tested the KOJI build and received the following error message:
A security trust relationship is not present
GPG key xxxxxxxxx is required
Was this the intended result?
Should be fixed now?
Works for me.