[wp-trac] [WordPress Trac] #46615: Updates: No package signature can cause updates to fail

WordPress Trac noreply at wordpress.org
Sat Mar 23 04:53:19 UTC 2019


#46615: Updates: No package signature can cause updates to fail
-----------------------------+---------------------------------------
 Reporter:  pento            |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  highest omg bbq  |  Milestone:  5.2
Component:  Upgrade/Install  |    Version:  trunk
 Severity:  blocker          |   Keywords:  needs-patch needs-testing
  Focuses:                   |
-----------------------------+---------------------------------------
 It's currently not possible to update the WordPress nightly build from
 within the dashboard, as it fails a signature check.


 {{{
 Downloading update from https://wordpress.org/nightly-builds/wordpress-
 latest.zip…

 The authenticity of wordpress-latest.zip could not be verified as no
 signature was found.

 Installation Failed
 }}}

 The root cause of this appears to be `WP_Upgrader::download_package()`
 returning a `WP_Error` a soft signature check failure occurs.
 `WP_Upgrader::run()` correctly checks for the soft failure,
 `Core_Upgrader::upgrade()` does not.

 This will likely also cause issues with plugins that rely on
 `WP_Upgrader::download_package()` to return the download package file name
 when it can continue, and a `WP_Error` when it cannot
 ([https://plugins.trac.wordpress.org/browser/worker/trunk/src/MMB/Installer.php#L476
 example]).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/46615>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list