Bug 190674

Summary: Feature Req: take direct URL argument, skip sig check on URL argument
Product: [Fedora] Fedora Reporter: Bryan J. Smith <b.j.smith>
Component: yumAssignee: Jeremy Katz <katzj>
Status: CLOSED RAWHIDE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 5CC: katzj
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-18 20:32:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Bryan J. Smith 2006-05-04 13:12:39 UTC 
Description of problem:

"rpm" allows a direct URL argument for install, query, etc... of a rpm package.
"yum" should allow this functionality as well in its "localinstall" or possibly
a new argument.
There seems to be no "yum-utils" tool that offers this functionality either.

E.g., a common program that has a dependency on compat-libstdc++ which is often
not installed:  
# yum localinstall
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm

An additional issue is that "yum" will attempt to check signatures on all
packages, including the "local" package.  "yum" should default to "rpm"'s
default that if a user is explicitly specifying a package.  In the above
example, "yum" should check all dependency signatures, but not the direct rpm
package.

I'm curious if that is not directly feasible.  E.g., does "yum" merely pass on
all rpm packages to "rpm" and then report back if _any_ signature check fails? 
Or does it check signatures individually before passing to "rpm"?

Version-Release number of selected component (if applicable):
All

How reproducible:
All (feature enhancement request)

Actual results:

Setting up Local Package Process
Cannot open file:
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

Expected results:

No messages, automatically fetches via ftp/http, resolves dependencies, checks
signatures _except_ for the explicitly named rpm package.

Additional info:
Comment 1 Seth Vidal 2006-05-04 13:40:37 UTC 
1. behaving like rpm when it comes to rpm is a bad idea. rpm, imo, behaves
unsafely. that won't ever be changed.

2. it might be reasonable to add a url checker to install/localinstall to grab
the package first. I'll think about that one.
Comment 2 Jeremy Katz 2006-09-18 20:32:24 UTC 
There's a plugin to allow disabling the gpg check on the command line and pirut
has a tool for installing packages that gives a nice UI around needing a signature.