Can't manually install clicks "Signature verification error" since #205

Status changed to 'Confirmed' because the bug affects multiple users.

On sábado 23 de agosto de 2014 07h'33:59 ART, Alan Pope ㋛ wrote:
> Public bug reported:
>
> See mailing list thread at https://lists.launchpad.net/ubuntu-
> phone/msg09607.html
>
> Since image #205 I can't install click packages using click-buddy &
> pkcon install-local. Changed click-buddy to use "adb $ADBOPTS shell
> click install --user=$DEVICE_USER --allow-unauthenticated /tmp/$click"
> which worked for me, but dunno if that's the "right" thing to do.

Now that packages are signed by the store and click landed, this may be the
only way to side load.

> alan@deep-thought:~/phablet/code/coreapps⟫ adb push
> com.ubuntu.music_1.3.597_all.click /tmp
> 2560 KB/s (401406 bytes in 0.153s)
>
> alan@deep-thought:~/phablet/code/coreapps⟫ phablet-shell
> start: Job is already running: ssh
> /home/alan/.ssh/known_hosts updated.
> Original contents retained as /home/alan/.ssh/known_hosts.old
> 9 KB/s (399 bytes in 0.040s)
> Warning: Permanently added '[localhost]:2222' (RSA) to the list
> of known hosts.
> Welcome to Ubuntu Utopic Unicorn (development branch)
> (GNU/Linux 3.4.0-5-mako armv7l)
>
> * Documentation: https://help.ubuntu.com/
> Last login: Fri Aug 22 23:53:19 2014 from localhost.localdomain
> phablet@ubuntu-phablet:~$ pkcon install-local
> /tmp/com.ubuntu.music_1.3.597_all.click
> Installing files [=========================]
> Finished [=========================]
> Installing files [=========================]
> Waiting for authentication [=========================]
> Starting [=========================]
> Finished [=========================]
> Fatal error: /tmp/com.ubuntu.music_1.3.597_all.click failed to install.
> Cannot install /tmp/com.ubuntu.music_1.3.597_all.click:
> Signature verification error: debsig: Origin Signature check
> failed. This deb might not be signed.
>
> ** Affects: phablet-tools (Ubuntu)
> Importance: Undecided
> Status: New
>

This bug also breaks the SDK (running application on the phone from QtCreator),
since we use pkcon-local to install click packages. Our app launcher script needs to run as phablet user,
so we have no way of running "click install --allow-unauthenticated".

I tested on our rtm image r6; seems I can still install apps from store, which means we could backout the click change that introduced the signature checking.

I think the correct fix is as follows:

 * PackageKit has a transaction flag on the InstallFiles method for whether it's allowed to install unsigned files. We should certainly honour that, and return one of the values accepted by pk_backend_job_error_code_is_need_untrusted, then I believe that pkcon will fall back to trying the transaction in allow-unsigned mode.
 * We need to figure out how to allow untrusted installations via pkcon from the command line but not from the scope. I think it may be possible to do something with PolicyKit here. Sadly the scope uses InstallFiles rather than InstallPackages, or else it would be relatively trivial. I haven't had a chance to figure this out in detail, but note that click/pk-plugin/pk-plugin-click.c:pk_plugin_transaction_get_action accepts the "org.freedesktop.packagekit.package-install-untrusted" action.

If you really need to revert anything for now, then please don't revert the whole thing. Rather, just revert r499 from lp:click/devel (that is, reinstate r497). That way we'll keep the signing framework in general, packages that are signed with an invalid signature will still be rejected, and we'll have less work to put things back later.

Status changed to 'Confirmed' because the bug affects multiple users.

Thanks Colin for your input on this.

I looked into this and attached is a patch to the click plugin that implements setting the PK_ERROR_ENUM_MISSING_GPG_SIGNATURE, and honoring PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED. However this will not work for us as it requires the user to answer a interactive question which seems to be inelegant.

The alternative approach would be to add code to pkcon to honor either a environment variable or a commandline swtich and pass that directly in the task to avoid the interactive prompt. I will work on this next and attach code for that.

will SDK work without further changes with the patch by mvo or do we need to coordinate some landing?

Hi,

this is doing it in a different way than my previous patch that does not require a interactive answer during install. It does require however that the patch goes to the packagekit upstream people.

This needs the lp:~mvo/click/lp1360582-honor-enum-only-trusted/ branch too.

@alexander: we definitely need to coordinate the landing. For a hotfix I created lp:~mvo/click/lp1360582-hotfix that implements Colins suggestion in #5.

The packagekit patch has landed upstream and I pushed it into utopic now. Next step is that the SDK need to run "pkcon --allow-untrusted" when it installs the locally build click. Plus it needs to add a versionized dependency to packagekit-tools (>= 0.8.17-4ubuntu2) to ensure the commandline option is available. Then we can land the click change in lp:~mvo/click/lp1360582-honor-enum-only-trusted which will enable the authentication checks again.

This bug was fixed in the package qtcreator-plugin-ubuntu - 3.1.1+14.10.20140908-0ubuntu1

---------------
qtcreator-plugin-ubuntu (3.1.1+14.10.20140908-0ubuntu1) utopic; urgency=low

  [ Michael Vogt ]
  * Run pkcon with --allow-untrusted (LP: #1360582). (LP: #1360582)
 -- Ubuntu daily release <email address hidden> Mon, 08 Sep 2014 09:47:27 +0000

This bug was fixed in the package click - 0.4.32.1

---------------
click (0.4.32.1) utopic; urgency=low

  [ Michael Vogt ]
  * fix autopkgtest failure found in 0.4.32
 -- Ubuntu daily release <email address hidden> Tue, 09 Sep 2014 10:02:00 +0000

The last piece of this was fixed a couple of days ago:

phablet-tools (1.1+14.10.20140909-0ubuntu1) utopic; urgency=low

  [ Michael Vogt ]
  * click-buddy: adding --allow-untrusted to the pkcon install-local
    call.

 -- Ubuntu daily release <email address hidden> Tue, 09 Sep 2014 20:43:43 +0000

This issue is still occuring in my system with:
Ubuntu 14.04 LTS (upgraded from 12.04 LTS)
qtcreator-plugin-ubuntu 3.1.1+14.10.20141029-0ubuntu1~0trusty3
click 0.4.33.1
Ubuntu image version 296

Same problem for me:

phablet@ubuntu-phablet:~/Downloads$ pkcon install-local provissima.username_0.1_all.click
Installing files [=========================]
Finished [=========================]
Installing files [=========================]
Waiting for authentication [=========================]
Starting [=========================]
Finished [=========================]
Fatal error: /home/phablet/Downloads/provissima.username_0.1_all.click failed to install.
Cannot install /home/phablet/Downloads/provissima.username_0.1_all.click: Signature verification error: debsig: Origin Signature check failed. This deb might not be signed.

There's a fix for this bug?

Thank you

I solved adding option "--allow-untrusted":

pkcon --allow-untrusted install-local provissima.username_0.1_all.click