1

I ran pkcon update force. I noticed PackageKit is logging about only_trusted:0. That is, an operation where the only_trusted option is disabled. Even though I did not pass --allow-untrusted to pkcon.

PackageKit[19819]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)

So PackageKit is writing a log message about allowing untrusted packages. I did not want it to do that. I did not ask it do that. Why is it logging this message? Is there a problem in PackageKit?

$ sudo systemctl status packagekit.service
● packagekit.service - PackageKit Daemon
   Loaded: loaded (/usr/lib/systemd/system/packagekit.service; static; vendor preset: disabled)
   Active: active (running) since Mon 2019-04-08 12:34:58 BST; 1min 29s ago
 Main PID: 19819 (packagekitd)
    Tasks: 3 (limit: 4915)
   Memory: 192.7M
   CGroup: /system.slice/packagekit.service
           └─19819 /usr/libexec/packagekitd

Apr 08 12:34:58 alan-laptop PackageKit[19819]: daemon start
Apr 08 12:34:58 alan-laptop systemd[1]: Starting PackageKit Daemon...
Apr 08 12:34:58 alan-laptop systemd[1]: Started PackageKit Daemon.
Apr 08 12:34:58 alan-laptop PackageKit[19819]: uid 1000 is trying to obtain org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
Apr 08 12:34:58 alan-laptop PackageKit[19819]: uid 1000 obtained auth for org.freedesktop.packagekit.system-sources-refresh
Apr 08 12:35:09 alan-laptop PackageKit[19819]: refresh-cache transaction /17652_eabaebee from uid 1000 finished with success after 11018ms

$ rpm -q PackageKit
PackageKit-1.1.12-2.fc29.x86_64
sourcejedi
  • 48,311
  • 17
  • 143
  • 296

1 Answers1

0

The --allow-untrusted option, and the only_trusted flag, are not relevant when refreshing.

They are only relevant when you request that a package be installed or upgraded (or removed, possibly?).

On the client side:

  • pk-console.c always checks whether the pkcon command is run with --allow_untrusted, and sets the only_trusted property of pk_task accordingly. However:
  • pk_task_refresh_cache_async() ignores the pk_task property, and unconditionally sets PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED in PkTaskState::transaction_flags.
  • This then calls pk_task_do_async_action(). But that function does not actually use PkTaskState::transaction_flags for anything, if PkTaskState::role is PK_ROLE_ENUM_REFRESH_CACHE.

On the dnf backend side:

  • The only place that checks for PK_TRANSACTION_FLAG_ENUM_ONLY_TRUSTED in PkBackendDnfJobData::transaction_flags, is pk_backend_transaction_run().
  • pk_backend_transaction_run() is not called from pk_backend_refresh_cache_thread(). It is only relevant for jobs which install or remove packages. For example, it is called from pk_backend_install_packages_thread().
sourcejedi
  • 48,311
  • 17
  • 143
  • 296