| Summary: | virt-manager RPM should required ssh-askpass | |||
|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andrew Cathrow <acathrow> | |
| Component: | virt-manager | Assignee: | Cole Robinson <crobinso> | |
| Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 28 | CC: | berrange, cra, crobinso, hbrock, hedayatv, jforbes, tadej.j, virt-maint | |
| Target Milestone: | --- | Keywords: | Reopened | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 784710 (view as bug list) | Environment: | ||
| Last Closed: | 2018-10-08 18:35:30 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 784710 | |||
It's not required for SSH connections if you have SSH keys set up. And SSH connections are not used by a large subset of virt-manager users, so we can't abuse RPM dependencies in this case. This is why it would be nice to have a Recommends: or similar functionality in RPM. Closing as NOTABUG (In reply to comment #1) > It's not required for SSH connections if you have SSH keys set up. And SSH > connections are not used by a large subset of virt-manager users, so we can't > abuse RPM dependencies in this case. This is why it would be nice to have a > Recommends: or similar functionality in RPM. Closing as NOTABUG I don't see how this is abusing RPM dependencies. If we present an option to the user in the menu then it's fair for them to expect it to work. What's the issue in pulling in ssh-askpass ? > I don't see how this is abusing RPM dependencies.
> If we present an option to the user in the menu then it's fair for them to
> expect it to work.
> What's the issue in pulling in ssh-askpass ?
The issue is that we don't have any hard requirement on ssh being installed to use virt-manager in a variety of use cases (including the most common one of local administration). And even for users that want SSH access many will have SSH keys set up.
Basically, having a hard RPM requirement on a completely separate package (ssh) that users may have legitimate reasons for _not_ wanting on their system isn't the best thing to do. I mean, we also offer 'xen' in the connection dialog but don't require xen being installed on the system either (big difference I know, but ssh isn't just some random library, I'm sure there are some people out there that explicitly remove it from systems).
virsh/libvirt doesn't have an RPM dep on ssh either for that matter (though that is a bit different than a UI tool)
I was just bitten by the same bug today. While I see your point, Cole, I think it should not be a package by package decision but rather a more general guidelines about using rpm Requires for such cases. Meanwhile, may I suggest another solution, which is *a lot* more user friendly. Please, improve the error dialog and point the user to install the ssh-askpass package. Regards, Tadej *** Bug 784092 has been marked as a duplicate of this bug. *** As we have weak dependencies in RPM now, I think this issue can be reconsidered. virt-manager might Recommend openssh-askpass. This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'. I've thought about it and I don't want to use a weak dependency either. For one, there isn't any single askpass dialog, there's several that are tied to your current desktop environment. So recommending or depending on one particular package is problematic. Additionally relying on askpass in virt-manager is terrible for a lot of reasons, users should really really be using SSH keys. virt-manager in git will also point users in that direction when we hit the askpass error. But users can still manually install an askpass impl Weak dependency would work with a virtual dependency for all askpass providers. (In reply to Hedayat Vatankhah from comment #9) > Weak dependency would work with a virtual dependency for all askpass > providers. Yes but that virtual dependency doesn't exist, and personally I don't think it's important enough to do the work just to facilitate this case. |
Description of problem: When attempting to connect to remote host via SSH a connection error is generated (libvirtd not started) Version-Release number of selected component (if applicable): virt-manager-0.8.7-4.fc15.noarch libvirt-0.8.8-4.fc15.x86_64 How reproducible: 100% Actual results: Clicking details on the error dialog yields the following cannot recv data: ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). : Connection reset by peer Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 1055, in _try_open None], flags) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 107, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: cannot recv data: ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). : Connection reset by peer Installing ssh-askpass resolves the issue, however if we require this for SSH connections then it should be part of the dependency list.