I modified ~/.cache/gnome-software/fedora-pkgdb-collections/fedora.json to mark Fedora 31 as active, restarted gnome-software, went to the updates, and clicked to have my system updated to Fedora 31. This error popped up, with no explanation as to what the problem is, and how it could be fixed. This is just cryptic, and impossible to fix unless one googles the error message.
15:05 < sgallagh> kalev: Oh, and when I click "Download" for the regular updates, I get "Unable to download updates: could not do untrusted queestion as no klass support"15:05 < sgallagh> ... did GNOME Software just accuse me of having no class?15:05 < sgallagh> (I mean, it's probably *correct*, but still)15:06 < hughsie> it's trying to tell you you're installing an unsigned file over http15:06 < hughsie> i.e. it's not letting you do something insecure15:06 < hughsie> the error message is just bad15:07 < sgallagh> hughsie: Yes, it also gives me no clue what file that might be15:08 < hughsie> right, pkcon update does i think15:08 < hughsie> but then it has the klass function, so yo ucan agree to doing something dangerous15:09 < sgallagh> hughsie: `pkcon update` doesn't appear to15:09 < sgallagh> At least not before "Proceed with changes?"15:09 < hughsie> hmm15:09 * hughsie has to prep for the next meeting in 1hr, but kalev might know a trick here15:09 < sgallagh> Hmm, it does with -d15:09 < sgallagh> hughsie: Do you want to allow installing of unsigned software? [N/y] 15:10 < sgallagh> Again, doesn't tell me which package though15:10 < kalev> I don't, I just know that the untrusted support is broken15:10 < hughsie> well, it was deliberately not implemented in g-s :)15:10 < sgallagh> I'm *guessing* it's one of the internal RHEL development tools I have installed.15:11 < sgallagh> But I have no obvious way to tell which15:11 < sgallagh> --verbose doesn't tell me either15:11 < hughsie> packagekitd running with --verbose?15:11 < hughsie> (as root)15:13 < sgallagh> emitting error-code bad-gpg-signature, 'failed to lookup digest in keyring for /var/cache/PackageKit/29/metadata/rcm-tools-fedora-rpms-29-x86_64/packages/python3-brewkoji-1.23-1.fc29eng.noarch.rpm'15:13 < sgallagh> looks like that's it.15:13 * sgallagh sighs15:14 < hughsie> i guess g-s needs to not swallow that15:14 < hughsie> sgallagh, if you file it upstream, i'll fix it later15:14 < sgallagh> Will do15:14 < sgallagh> hughsie: G-S or packagekit?15:14 < sgallagh> Because neither one indicates the problem15:14 < hughsie> G-S15:14 < sgallagh> okay15:15 < hughsie> if PK gives us an error-code, it should make it up to g-s15:15 < hughsie> but we show the "we can't handle this error" rather than the error itself15:15 * sgallagh nods15:18 < sgallagh> hughsie: https://gitlab.gnome.org/GNOME/gnome-software/issues/603 and thank you15:19 < hughsie> cheers dude
Interistingly, after changing atom.repo file to gpgcheck=1, g-s shows a precise warning.
In packagekitd logs I see this:
emitting error-code invalid-package-file, 'pacchetto atom-1.47.0-0.1.x86_64 non può essere verificato e repo Atom è abilitato per GPG: package not signed: atom-1.47.0-0.1.x86_64.rpm'
This is still a problem in Fedora 33. Here's a script that disables all repos that have gpgcheck turned off.
#!/usr/bin/env perl# Attempts to fix the error: "could not do untrusted question as no klass support"# Bill Chatfield - GPL2# The problems is repos that have GPG disabled, probably because their packages# are unsigned. The gpgcheck=0 in repo file is the direct cause of the error.# But, you can't just set it to 1 because then any packages will fail to upgrade# because they're likely unsigned.my$iniPackage="perl-Config-INI";my$isIniInstalled=(system("rpm --query --quiet $iniPackage")>>8)==0;if(!$isIniInstalled){print"Required package $iniPackage will be installed.\n";system("sudo dnf install $iniPackage");}useConfig::INI::Reader;my@repoFiles=`grep -lw 'gpgcheck=0' /etc/yum.repos.d/*`;my$foundRepoToDisable=0;formy$repoFile(@repoFiles){chomp($repoFile);my$conf=Config::INI::Reader->read_file($repoFile);formy$repoName(keys(%$conf)){my$repoProps=$conf->{$repoName};if($repoProps->{gpgcheck}==0&&$repoProps->{enabled}==1){$foundRepoToDisable=1;print"The $repoName repo has gpgcheck turned off, so it will be disabled.\n";system("sudo dnf config-manager --set-disabled $repoName");}}}if(!$foundRepoToDisable){print"All repos are ready for upgrade.\n";}