SUMMARY When performing an update of my Fedora KDE system, if a package comes from a repo with a custom gpg signature and requires it to be accepted, Discover just fails the transaction. Gnome Software handles this situation by having a popup asking for the signature to be accepted or rejected, as you would also expect to see on the commandline when using dnf. STEPS TO REPRODUCE (Use Fedora KDE) 1. Have an rpm installed from a non-standard repo with an update 2. Ask Discover to update the system 3. During the download stage, it will fail and report a technical error OBSERVED RESULT <html>Bad GPG signature found:<br/><br/>/var/cache/PackageKit/42/metadata/<package> could not be verified. /var/cache/PackageKit/42/metadata/<package>: digest: SIGNATURE: NOT OK</html> EXPECTED RESULT A pop-up asking for the gpg signature to be accepted or rejected as is seen when performing this same update using Gnome's Software app. SOFTWARE/OS VERSIONS Linux/KDE Plasma: Fedora KDE 42 KDE Plasma Version: 6.4.4 KDE Frameworks Version: 6.17.0 Qt Version: 6.9.2 ADDITIONAL INFORMATION
I'm afraid this is a limitation of the PackageKit library that Discover uses for update distro packages. I believe GNOME Software has moved away from it, and this may be something Discover has to do in the future as well if PackageKit continues to be unsuitable for interactive use like this. However that's not directly actionable now as resources to do so don't exist at the moment.