Bug 40861

Summary: univention-app install accepts unsigned packages
Product: UCS Reporter: Dirk Wiesenthal <wiesenthal>
Component: App CenterAssignee: Dirk Wiesenthal <wiesenthal>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P1 CC: walkenhorst
Version: UCS 4.1   
Target Milestone: UCS 4.1-1-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Dirk Wiesenthal univentionstaff 2016-03-08 16:15:25 CET 
univention-app seems to not check for unsigned packages. This should be fixed.

To reproduce:
  univention-app install owncloud82=8.2.2
  # add omar:build2 repo, assuming there are unsigned updates
  univention-app upgrade owncloud82
Comment 1 Dirk Wiesenthal univentionstaff 2016-03-27 00:22:28 CET 
Fixed in
  univention-appcenter 5.0.20-35.146.201603270006

The apt-get options have been adjusted (compare ucr get update/commands/install).

When reproducing as in Comment 0, the fix seems to be insufficient. It will actually upgrade owncloud82 but then all of a sudden cancel the upgrade because it found unsigned packages.

This special case is indeed a bit unsatisfying. But keep in mind that this should not really affect the App.

Upgrade is done by
  (1) apt-get install $default_packages
  (2) apt-get dist-upgrade

(1) Has to be done to handle possible changes in DefaulPackages between App version.
(2) Has to be done in case only secondary packages in the App repo were updated, not necessarily DefaultPackages (also, DefaultPackages rarely have a strong version dependecy on all secondary packages)

The dist-upgrade is only for the App's repo but of course also upgrades the UCS packages.

When reproducing like this, we are talking about two different repositories, one signed, one not. ownCloud is upgraded correctly - and this is fine. All owncloud packages were signed.

The error in the end is fine, too, as the dist-upgrade failed. But all those packages were not required to get the new version of owncloud working. Unfortunately the error message is owncloud focused, which is wrong here. But as I said, this is a very improbable error.

What this bug fix should prevent is upgrading owncloud when owncloud (or any secondary package that owncloud explicitly requires) is unsigned. This should have been fixed.
Comment 2 Felix Botner univentionstaff 2016-04-06 11:28:32 CEST 
OK - app installation
OK - app upgrade with unsigned packages fails
OK - app upgrade

OK - YAML
Comment 3 Janek Walkenhorst univentionstaff 2016-04-13 15:00:16 CEST 
<http://errata.software-univention.de/ucs/4.1/146.html>