diff --git a/PackageKit-0.6.21-fix-trusted-pkgs.patch b/PackageKit-0.6.21-fix-trusted-pkgs.patch
new file mode 100644
index 0000000..604fd1b
--- /dev/null
+++ b/PackageKit-0.6.21-fix-trusted-pkgs.patch
@@ -0,0 +1,34 @@
+From 7dbee21a7adbc25856b53532d0fe55f272f580bb Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Mon, 9 Jan 2012 15:51:17 +0100
+Subject: [PATCH] yum: don't request authorization for trusted packages
+ (#771746)
+
+Misunderstood PackageKitYumBackend._is_package_repo_signed() semantics,
+revert to the implementation from before I fixed it till it broke.
+(cherry picked from commit d99c430775a6de3e7e98819f5b5c0c6017d6edde)
+---
+ backends/yum/yumBackend.py |    7 +------
+ 1 files changed, 1 insertions(+), 6 deletions(-)
+
+diff --git a/backends/yum/yumBackend.py b/backends/yum/yumBackend.py
+index fd73f87..beb027e 100755
+--- a/backends/yum/yumBackend.py
++++ b/backends/yum/yumBackend.py
+@@ -1706,12 +1706,7 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage):
+         signed = False
+         try:
+             repo = self.yumbase.repos.getRepo(pkg.repoid)
+-            if hasattr(repo, "_override_sigchecks"):
+-                # yum >= 3.2.29
+-                signed = not repo._override_sigchecks
+-            else:
+-                # yum < 3.2.29
+-                signed = repo.gpgcheck
++            signed = repo.gpgcheck
+         except yum.Errors.RepoError, e:
+             raise PkError(ERROR_REPO_NOT_AVAILABLE, _to_unicode(e))
+         except exceptions.IOError, e:
+-- 
+1.7.7.5
+
diff --git a/PackageKit.spec b/PackageKit.spec
index dda6a62..3035898 100644
--- a/PackageKit.spec
+++ b/PackageKit.spec
@@ -3,7 +3,7 @@
 Summary:   Package management service
 Name:      PackageKit
 Version:   0.6.21
-Release:   1%{?dist}
+Release:   2%{?dist}
 License:   GPLv2+ and LGPLv2+
 URL:       http://www.packagekit.org
 Source0:   http://www.packagekit.org/releases/%{name}-%{version}.tar.xz
@@ -14,6 +14,9 @@ Patch0:    PackageKit-0.3.8-Fedora-Vendor.conf.patch
 # Fedora specific: the yum backend doesn't do time estimation correctly
 Patch1:    PackageKit-0.4.4-Fedora-turn-off-time.conf.patch
 
+# Upstreamed: yum: don't request authorization for trusted packages (#771746)
+Patch2:    PackageKit-0.6.21-fix-trusted-pkgs.patch
+
 Requires: PackageKit-glib = %{version}-%{release}
 Requires: PackageKit-backend
 Requires: shared-mime-info
@@ -250,6 +253,7 @@ user to restart the computer or remove and re-insert the device.
 %setup -q
 %patch0 -p1 -b .fedora
 %patch1 -p1 -b .no-time
+%patch2 -p1 -b .fix-trusted-pkgs
 
 %build
 %configure \
@@ -463,6 +467,9 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
 %{_includedir}/PackageKit/backend/*.h
 
 %changelog
+* Mon Jan 09 2012 Nils Philippsen <nils@redhat.com> - 0.6.21-2
+- yum: don't request authorization for trusted packages (#771746)
+
 * Mon Dec 05 2011 Richard Hughes  <rhughes@redhat.com> - 0.6.21-1
 - New upstream release.
 - Consistently use same logic to determine GPG checking.