Re: [Alert] PR1.2 install bug - take action now!
 

This is all based on tests by N950 PR1.2beta users on the #harmattan IRC - you can see an example of exactly what happens when the problem hits in the attachments of Harmattan Bug 978.

Note that the bug doesn't affect installing .debs that aren't part of an unsigned APT repository - so you won't experience this if you're running dpkg -i on your own packages.

If you want to try testing on your N9, I've sent you my IM info in PM.

Apps submitted to the Ovi Store get signed when published. Try downloading a .deb from the store and running ar tv package.deb - the _x509sig file is the signature. However, that's a different system from what I'm talking about; with APT repository signing, the list of packages is signed instead of each individual .deb. Unlike the other system, repository signing is part of APT itself and is used on other distros like Debian, Ubuntu, etc.

Re: [Alert] PR1.2 install bug - take action now!
 

hi

Can you tell us how could obs been setup to handle signed package ?

it looks this need to be configured server side isnt it ?


# rzr@lap:home:rzr/ # [1] # osc signkey
home:rzr has no key, trying home
Server returned an error: HTTP Error 404: Not Found
home
# rzr@lap:home:rzr/ # [1] # osc signkey --create
Server returned an error: HTTP Error 400: Bad Request
don't know how to create a key

Re: [Alert] PR1.2 install bug - take action now!
 

What about the packages we have already installed from the SDK repo????? I have quite a few. If this breaks or removes something I will be very very pissed.

Re: [Alert] PR1.2 install bug - take action now!
 

Those should be left alone during the upgrade - this only affects new installations. Also, the bug can be worked around, so you'll still be able to install SDK packages if you need to post-upgrade...it just won't be a matter of a simple apt-get anymore.

Re: [Alert] PR1.2 install bug - take action now!
 

Ok man thanx I already saw the workaround but I was worried about the already installed packages. hopefully you are right :D

Re: [Alert] PR1.2 install bug - take action now!
 

really limited N9, maybe this device is not that good, *sigh

Re: [Alert] PR1.2 install bug - take action now!
 

Not to worry...for every limitation, there's always an unlimitation. ;)

Re: [Alert] PR1.2 install bug - take action now!
 

i still cant find 64gb version here in Indonesia, ty sir, N900 also limited one, but became an unlimited when came to the right hand, :)

Re: [Alert] PR1.2 install bug - take action now!
 

I suppose they don't want us to use the SDK repo on the devices, we should be allowed if we wanted though. Just a question, if they release an updated Harmattan Scratchbox (for PR1.2) with the new apt, wouldn't it be affected by the same issue?

I know apt security is no SSL... My point was moe about allow/deny dialogs etc...

But why would debian implement apt security framework if everyone setting up a repo decided to not use it!? I see is as an ENDUSER not as dev. Endusers doesnt understand all those security warnings and better not include all those damn warnings and just deny them.

I am way from an expert on this but to me it looks like no issue.

Because devs(and nokia) SHOULD provide "the keys" and the problem is gone.

To me there is more important stuff that should be fixed...