diff --git a/backends/yum/helpers/Makefile.am b/backends/yum/helpers/Makefile.am
index 7f78291..63e16aa 100644
--- a/backends/yum/helpers/Makefile.am
+++ b/backends/yum/helpers/Makefile.am
@@ -22,6 +22,7 @@ dist_helper_DATA = 			\
 	resolve.py			\
 	update.py			\
 	install-file.py			\
+	install-signature.py		\
 	refresh-cache.py		\
 	what-provides.py		\
 	update-system.py		\
diff --git a/backends/yum/helpers/install-signature.py b/backends/yum/helpers/install-signature.py
new file mode 100755
index 0000000..2ac845c
--- /dev/null
+++ b/backends/yum/helpers/install-signature.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2008 Richard Hughes <richard@hughsie.com>
+#
+# Licensed under the GNU General Public License Version 2
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+import sys
+
+sigtype = sys.argv[1]
+key_id = sys.argv[2]
+package_id = sys.argv[3]
+
+from yumBackend import PackageKitYumBackend
+
+backend = PackageKitYumBackend(sys.argv[1:],lock=False)
+backend.install_signature(sigtype,key_id,package_id)
+sys.exit(0)
+
diff --git a/backends/yum/helpers/yumBackend.py b/backends/yum/helpers/yumBackend.py
index af2324f..82708da 100644
--- a/backends/yum/helpers/yumBackend.py
+++ b/backends/yum/helpers/yumBackend.py
@@ -1038,7 +1038,7 @@ class PackageKitYumBackend(PackageKitBaseBackend):
                                              keyData['hexkeyid'],
                                              keyData['fingerprint'],
                                              keyData['timestamp'],
-                                             'GPG')
+                                             'gpg')
                 self.error(ERROR_GPG_FAILURE,"GPG key %s required" % keyData['hexkeyid'])
             except yum.Errors.YumBaseError,ye:
                 message = self._format_msgs(ye.value)
@@ -1380,7 +1380,7 @@ class PackageKitYumBackend(PackageKitBaseBackend):
         else:
             self.error(ERROR_REPO_NOT_FOUND,'repo %s not found' % repoid)
 
-    def repo_signature_install(self,package):
+    def install_signature(self,sigtype,key_id,package):
         self._check_init()
         self.allow_cancel(True)
         self.percentage(None)
diff --git a/backends/yum/pk-backend-yum.c b/backends/yum/pk-backend-yum.c
index 0f81915..f8be2af 100644
--- a/backends/yum/pk-backend-yum.c
+++ b/backends/yum/pk-backend-yum.c
@@ -223,6 +223,19 @@ backend_install_file (PkBackend *backend, const gchar *full_path)
 }
 
 /**
+ * backend_install_signature:
+ */
+static void
+backend_install_signature (PkBackend *backend, const gchar *package_id)
+{
+	g_return_if_fail (backend != NULL);
+	g_return_if_fail (spawn != NULL);
+
+	// GIGANTIC HACK TO PRESERVE ABI
+	pk_backend_spawn_helper (spawn, "install-signature.py", "foo", "bar", package_id, NULL);
+}
+
+/**
  * backend_refresh_cache:
  */
 static void
@@ -411,7 +424,8 @@ PK_BACKEND_OPTIONS (
 	backend_refresh_cache,			/* refresh_cache */
 	backend_remove_package,			/* remove_package */
 	backend_resolve,			/* resolve */
-	NULL,					/* rollback */
+	// GIGANTIC HACK TO PRESERVE ABI
+	backend_install_signature,		/* rollback */
 	backend_search_details,			/* search_details */
 	backend_search_file,			/* search_file */
 	backend_search_group,			/* search_group */
diff --git a/libpackagekit/pk-client.c b/libpackagekit/pk-client.c
index a1cc7e6..f8880e9 100644
--- a/libpackagekit/pk-client.c
+++ b/libpackagekit/pk-client.c
@@ -1810,6 +1810,20 @@ pk_client_get_update_detail (PkClient *client, const gchar *package_id, GError *
 }
 
 /**
+ * pk_client_rollback_action:
+ **/
+static gboolean
+pk_client_rollback_action (PkClient *client, const gchar *transaction_id, GError **error)
+{
+	gboolean ret;
+	ret = dbus_g_proxy_call (client->priv->proxy, "Rollback", error,
+				 G_TYPE_STRING, client->priv->tid,
+				 G_TYPE_STRING, transaction_id,
+				 G_TYPE_INVALID, G_TYPE_INVALID);
+	return ret;
+}
+
+/**
  * pk_client_rollback:
  * @client: a valid #PkClient instance
  * @transaction_id: a transaction_id structure
@@ -1824,8 +1838,10 @@ gboolean
 pk_client_rollback (PkClient *client, const gchar *transaction_id, GError **error)
 {
 	gboolean ret;
+	GError *error_pk = NULL; /* we can't use the same error as we might be NULL */
 
 	g_return_val_if_fail (PK_IS_CLIENT (client), FALSE);
+	g_return_val_if_fail (transaction_id != NULL, FALSE);
 
 	/* check to see if we already have a transaction */
 	ret = pk_client_allocate_transaction_id (client, error);
@@ -1837,10 +1853,25 @@ pk_client_rollback (PkClient *client, const gchar *transaction_id, GError **erro
 	client->priv->role = PK_ROLE_ENUM_ROLLBACK;
 	client->priv->cached_transaction_id = g_strdup (transaction_id);
 
-	ret = dbus_g_proxy_call (client->priv->proxy, "Rollback", error,
-				 G_TYPE_STRING, client->priv->tid,
-				 G_TYPE_STRING, transaction_id,
-				 G_TYPE_INVALID, G_TYPE_INVALID);
+	/* hopefully do the operation first time */
+	ret = pk_client_rollback_action (client, transaction_id, &error_pk);
+
+	/* we were refused by policy */
+	if (!ret && pk_polkit_client_error_denied_by_policy (error_pk)) {
+		/* try to get auth */
+		if (pk_polkit_client_gain_privilege_str (client->priv->polkit, error_pk->message)) {
+			/* clear old error */
+			g_clear_error (&error_pk);
+			/* retry the action now we have got auth */
+			ret = pk_client_rollback_action (client, transaction_id, &error_pk);
+		}
+	}
+	/* we failed one of these, return the error to the user */
+	if (!ret) {
+		pk_client_error_fixup (&error_pk);
+		g_propagate_error (error, error_pk);
+	}
+
 	if (ret) {
 		/* allow clients to respond in the status changed callback */
 		pk_client_change_status (client, PK_STATUS_ENUM_WAIT);
@@ -1850,7 +1881,7 @@ pk_client_rollback (PkClient *client, const gchar *transaction_id, GError **erro
 			g_main_loop_run (client->priv->loop);
 		}
 	}
-	pk_client_error_fixup (error);
+
 	return ret;
 }
 
diff --git a/libpackagekit/pk-enum.c b/libpackagekit/pk-enum.c
index 0e4bab5..4838c9d 100644
--- a/libpackagekit/pk-enum.c
+++ b/libpackagekit/pk-enum.c
@@ -870,7 +870,7 @@ libst_enum (LibSelfTest *test)
 	/************************************************************/
 	libst_title (test, "find value");
 	value = pk_enum_find_value (enum_role, "search-file");
-	if (PK_ROLE_ENUM_SEARCH_FILE) {
+	if (value == PK_ROLE_ENUM_SEARCH_FILE) {
 		libst_success (test, NULL);
 	} else {
 		libst_failed (test, NULL);
@@ -888,7 +888,7 @@ libst_enum (LibSelfTest *test)
 	/************************************************************/
 	libst_title (test, "find value");
 	value = pk_role_enum_from_text ("search-file");
-	if (PK_ROLE_ENUM_SEARCH_FILE) {
+	if (value == PK_ROLE_ENUM_SEARCH_FILE) {
 		libst_success (test, NULL);
 	} else {
 		libst_failed (test, NULL);
diff --git a/src/pk-engine.c b/src/pk-engine.c
index 07a3d31..b01e5d1 100644
--- a/src/pk-engine.c
+++ b/src/pk-engine.c
@@ -2094,7 +2094,7 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
 
 	g_return_if_fail (PK_IS_ENGINE (engine));
 
-	pk_debug ("Rollback method called: %s, %s", tid, transaction_id);
+	pk_debug ("InstallSignature method called: %s", transaction_id);
 
 	/* find pre-requested transaction id */
 	item = pk_transaction_list_get_from_tid (engine->priv->transaction_list, tid);
@@ -2105,15 +2105,6 @@ pk_engine_rollback (PkEngine *engine, const gchar *tid, const gchar *transaction
 		return;
 	}
 
-	/* check for sanity */
-	ret = pk_strvalidate (transaction_id);
-	if (!ret) {
-		error = g_error_new (PK_ENGINE_ERROR, PK_ENGINE_ERROR_INPUT_INVALID,
-				     "Invalid input passed to daemon");
-		dbus_g_method_return_error (context, error);
-		return;
-	}
-
 	/* check if the action is allowed from this client - if not, set an error */
 	sender = dbus_g_method_get_sender (context);
 	ret = pk_engine_action_is_allowed (engine, sender, PK_ROLE_ENUM_ROLLBACK, &error);
diff --git a/src/pk-runner.c b/src/pk-runner.c
index 8876c67..a06ed1b 100644
--- a/src/pk-runner.c
+++ b/src/pk-runner.c
@@ -270,6 +270,7 @@ pk_runner_set_running (PkRunner *runner)
 	} else if (priv->role == PK_ROLE_ENUM_RESOLVE) {
 		desc->resolve (priv->backend, priv->cached_filter, priv->cached_package_id);
 	} else if (priv->role == PK_ROLE_ENUM_ROLLBACK) {
+		// GIGANTIC HACK TO PRESERVE ABI
 		desc->rollback (priv->backend, priv->cached_transaction_id);
 	} else if (priv->role == PK_ROLE_ENUM_GET_DESCRIPTION) {
 		desc->get_description (priv->backend, priv->cached_package_id);
@@ -586,8 +587,9 @@ pk_runner_rollback (PkRunner *runner, const gchar *transaction_id)
 {
 	g_return_val_if_fail (PK_IS_RUNNER (runner), FALSE);
 
+	// GIGANTIC HACK TO PRESERVE ABI
 	if (runner->priv->backend->desc->rollback == NULL) {
-		pk_debug ("Not implemented yet: Rollback");
+		pk_debug ("Not implemented yet: InstallSignature");
 		return FALSE;
 	}
 	runner->priv->cached_transaction_id = g_strdup (transaction_id);
diff --git a/src/pk-security-polkit.c b/src/pk-security-polkit.c
index 676b370..6487991 100644
--- a/src/pk-security-polkit.c
+++ b/src/pk-security-polkit.c
@@ -116,7 +116,8 @@ pk_security_role_to_action (PkSecurity *security, PkRoleEnum role)
 	} else if (role == PK_ROLE_ENUM_INSTALL_FILE) {
 		policy = "org.freedesktop.packagekit.localinstall";
 	} else if (role == PK_ROLE_ENUM_ROLLBACK) {
-		policy = "org.freedesktop.packagekit.rollback";
+		// GIGANTIC HACK TO PRESERVE ABI
+		policy = "org.freedesktop.packagekit.install-signature";
 	} else if (role == PK_ROLE_ENUM_REPO_ENABLE ||
 		   role == PK_ROLE_ENUM_REPO_SET_DATA) {
 		policy = "org.freedesktop.packagekit.repo-change";