Bug 859244

Summary: systemd-udev: specified group 'plugdev' unknown
Product: [Fedora] Fedora Reporter: Jóhann B. Guðmundsson <johannbg>
Component: argyllcmsAssignee: Richard Hughes <hughsient>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: graeme, kay, limburgher, rhughes
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-20 10:57:07 EST Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Jóhann B. Guðmundsson 2012-09-20 17:21:18 EDT
Description of problem:

/lib/udev/rules.d/55-Argyll.rules need to be fixed the group "plugdev" should not exist on Fedora.

See comment 2 on bug 815093

Version-Release number of selected component (if applicable):

Affects both F17 and F18

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Jon Ciesla 2012-09-21 08:53:27 EDT
Is there another group that should be used, or should the GROUP directive be dropped entirely?  Or that whole line?
Comment 2 Jóhann B. Guðmundsson 2012-09-21 09:23:38 EDT
The group directory should be dropped entirely and the rule fixed. 

I have asked Kay to give a bit more detail ( sample ) what he means on the bug I mentioned there in the meantime you can add this as a workaround ( as is being done in the libftdi.spec ) 

"%pre
getent group plugdev >/dev/null || groupadd -r plugdev
exit 0"

To the spec file then just remove it when the actual fix for the udev rule is ready.
Comment 3 Jon Ciesla 2012-09-21 09:30:21 EDT
Ok, I'll get this out.  Let me know when "fixed" becomes specifically defined.
Comment 4 Jon Ciesla 2012-09-21 09:42:45 EDT
*** Bug 785729 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2012-09-21 09:55:30 EDT
argyllcms-1.4.0-5.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/argyllcms-1.4.0-5.fc18
Comment 6 Fedora Update System 2012-09-21 09:55:41 EDT
argyllcms-1.4.0-4.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/argyllcms-1.4.0-4.fc17
Comment 7 Fedora Update System 2012-09-22 02:33:43 EDT
Package argyllcms-1.4.0-5.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing argyllcms-1.4.0-5.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-14574/argyllcms-1.4.0-5.fc18
then log in and leave karma (feedback).
Comment 8 Graeme Gill 2012-09-24 00:39:49 EDT
Once again - it's fairly pointless having such a discussion without
feeding it upstream - you're then stuck with re-evaluating and
merging such changes for every ArgyllCMS release.

plugdev is used as a fallback for wider range of systems than just
Redhat, so you need to marshal some better arguments as to why and
how it can be done away with if there is truly a problem (ie.
isn't Fedora going to end up using ACL_MANAGE ?)

Note the existing instructions for dealing with the lack a a plugdev:
<http://www.argyllcms.com/doc/Installing_Linux.html>
Comment 9 Jóhann B. Guðmundsson 2012-09-24 03:17:56 EDT
(In reply to comment #8)
> Once again - it's fairly pointless having such a discussion without
> feeding it upstream - you're then stuck with re-evaluating and
> merging such changes for every ArgyllCMS release.

Arguably upstreams that are dependant and or use other upstreams should always follow what that upstream is doing and recommends ( in this case udev ) and downstreams work around those changes. Not the other way around as in downstream having to patch upstream to keep themselves and upstream up to date in relevance other upstreams changes from my pov ( At least that comes more logically to me ).
 
> plugdev is used as a fallback for wider range of systems than just
> Redhat,

You need to be a bit more specific to which systems you are referring to.  

> so you need to marshal some better arguments as to why and
> how it can be done away with if there is truly a problem (ie.
> isn't Fedora going to end up using ACL_MANAGE 

See comment 4 on bug 815093 which in essence just explains that the old udev way of doing things was kind of hacky, abused system group(s) and requiring you
to add user account(s) to it manually. ( which is what the "workaround" in comment 2 is exactly doing )

In anycase I'm no udev expert but I would think that color measurement devices should receive it's own ID and be added to 70-uaccess.rules as in something like ENV{ID_COLOR_MEASUREMENT_DEVICE}=="1", TAG+="uaccess" and 55-Argyll.rules and 69-cd-sensors.rules merged and adjusted into a single ruleset for both of them to use ( and every application that work with color measurement devices ), since to me those rules should be identical more or less ( colord has a daemon which is probably why it's being added to the colord group ) but Kay can probably comment on what is the proper cause of action here and if application should be conducting ( needless ) fragmentation in this area. 

In the meantime you ( or Jon )could have a look at 69-cd-sensors.rules and adjust yours according to what Richard has done there.

Btw encse yo missed it consolekit is no longer actively being maintained ( it has been replaced with systemd-loginctl [1] ) so you can probably drop the reference to it in your udev rule(s) and the udev sources got merged with systemd systemd source tree a while back

1. http://www.freedesktop.org/software/systemd/man/loginctl.html
2. http://www.freedesktop.org/software/systemd/man/udev.html
Comment 10 Graeme Gill 2012-09-24 04:41:26 EDT
> Arguably upstreams that are dependant and or use other upstreams
> should always follow what that upstream is doing and recommends ( in
> this case udev ) and downstreams work around those changes. Not the
> other way around as in downstream having to patch upstream to keep
> themselves and upstream up to date in relevance other upstreams
> changes from my pov ( At least that comes more logically to me ).

I'm subscribed to the udev mailing list, and have seen nothing that
covers such changes. In any case, I'm leery of anything stated about
udev - I've been well and truly lead down the garden path by
whatever is seen as the latest trendy change for changes sake
(ie. PolicyKit + Hal), and I'm now only interested in what will
works across a range of real systems.

> You need to be a bit more specific to which systems you are referring to.

I don't think I do - ACL_MANAGE etc. is relatively new. Older systems
don't use it, so a group is a reasonably standard UNIX mechanism
for covering such permissions, and not subject to the sort of
API churn that udev has a history of. "plugdev" was merely picked
as a convenient name that has been used for a very similar and
compatible purpose. I could have chosen "argyll" as a group,
but decided to at least leverage some history there.

> See comment 4 on bug 815093 which in essence just explains that the
> old udev way of doing things was kind of hacky, abused system group(s)
> and requiring you
> to add user account(s) to it manually. ( which is what the
> "workaround" in comment 2 is exactly doing )

This comment seems to be perfectly consistent with the reason that
55-Argyll.rules us written as it is - it uses ACL_MANAGE if
available, and falls back to a group if it is not available.

> In anycase I'm no udev expert but I would think that color measurement
> devices should receive it's own ID and be added to 70-uaccess.rules as
> in something like ENV{ID_COLOR_MEASUREMENT_DEVICE}=="1",
> TAG+="uaccess" and 55-Argyll.rules and 69-cd-sensors.rules merged and
> adjusted into a single ruleset for both of them to use ( and every
> application that work with color measurement devices ), since to me
> those rules should be identical more or less ( colord has a daemon
> which is probably why it's being added to the colord group ) but Kay
> can probably comment on what is the proper cause of action here and if
> application should be conducting ( needless ) fragmentation in this area.

ArgyllCMS is not tied to Redhat, nor even Linux, and is an independent
applications, that is released on its own schedule. New color instruments
are being added all the time, so the end user needs a simple a way of
possible to update the udev rules to enable the new devices, when they
install an ArgyllCMS update.  That this is awkward and less
convenient on Linux than other operating systems, is part of
the reason why Linux on the desktop has never taken off. I certainly don't
wish to be tied to what other applications with much narrower platform
scope such as colord are doing, so a separate 55-Argyll.rules that is
deliberately designed to work on a wide range of linux distributions
is as it should be. No, you can't assume users get Argyll from a distro
repository, since such repositories have a history of adding unwelcome
changes to it, and being too platform dependent.

> In the meantime you ( or Jon )could have a look at 69-cd-sensors.rules
> and adjust yours according to what Richard has done there.

Richard has done his own thing, and much of it it's tied to what colord
needs. In the Redhat world what he's done makes perfect sense. Not all
systems use colord though - they use ArgyllCMS as is, or use Oyranos.

> Btw encse yo missed it consolekit is no longer actively being
> maintained ( it has been replaced with systemd-loginctl [1] ) so you
> can probably drop the reference to it in your udev rule(s) and the
> udev sources got merged with systemd systemd source tree a while back

Fabulous - more API churn!
[And I note that this merger is far from completely accepted amongst
 distributions.]

I'll remove the test for console kit in the next release.
Comment 11 Jóhann B. Guðmundsson 2012-09-24 06:58:17 EDT
(In reply to comment #10)
> > Arguably upstreams that are dependant and or use other upstreams
> > should always follow what that upstream is doing and recommends ( in
> > this case udev ) and downstreams work around those changes. Not the
> > other way around as in downstream having to patch upstream to keep
> > themselves and upstream up to date in relevance other upstreams
> > changes from my pov ( At least that comes more logically to me ).
> 
> I'm subscribed to the udev mailing list, and have seen nothing that
> covers such changes. In any case, I'm leery of anything stated about
> udev - I've been well and truly lead down the garden path by
> whatever is seen as the latest trendy change for changes sake
> (ie. PolicyKit + Hal), and I'm now only interested in what will
> works across a range of real systems.

The announcement can be found here [1]

> > You need to be a bit more specific to which systems you are referring to.
> 
> I don't think I do - ACL_MANAGE etc. is relatively new. Older systems
> don't use it, so a group is a reasonably standard UNIX mechanism
> for covering such permissions, and not subject to the sort of
> API churn that udev has a history of. "plugdev" was merely picked
> as a convenient name that has been used for a very similar and
> compatible purpose. I could have chosen "argyll" as a group,
> but decided to at least leverage some history there.

As far as I know every major distribution except Ubuntu ( which has a tendency to fork it self in a corner one way or another ) is either defaulting to or is shipping systemd along with as an init replacement for their distribution so which system does indeed matter ( Atleast for the future that is ).

Trying to support what all ca 500 linux distribution out there to me is an unrealistic goal + as of udev release 182 the udev-acl tool is no longer being provided which breaks your test there and is affecting F17+ and any other distro that ships udev 182 or newer  
 
> > See comment 4 on bug 815093 which in essence just explains that the
> > old udev way of doing things was kind of hacky, abused system group(s)
> > and requiring you
> > to add user account(s) to it manually. ( which is what the
> > "workaround" in comment 2 is exactly doing )
> 
> This comment seems to be perfectly consistent with the reason that
> 55-Argyll.rules us written as it is - it uses ACL_MANAGE if
> available, and falls back to a group if it is not available.

As I mentioned before udev-acl tool is no longer provided as of udev release 182 [2] the test case for it will always fail and try to fallback on the non existing group

> > In anycase I'm no udev expert but I would think that color measurement
> > devices should receive it's own ID and be added to 70-uaccess.rules as
> > in something like ENV{ID_COLOR_MEASUREMENT_DEVICE}=="1",
> > TAG+="uaccess" and 55-Argyll.rules and 69-cd-sensors.rules merged and
> > adjusted into a single ruleset for both of them to use ( and every
> > application that work with color measurement devices ), since to me
> > those rules should be identical more or less ( colord has a daemon
> > which is probably why it's being added to the colord group ) but Kay
> > can probably comment on what is the proper cause of action here and if
> > application should be conducting ( needless ) fragmentation in this area.
> 
> ArgyllCMS is not tied to Redhat, nor even Linux, and is an independent
> applications, that is released on its own schedule. New color instruments
> are being added all the time, so the end user needs a simple a way of
> possible to update the udev rules to enable the new devices, when they
> install an ArgyllCMS update.  That this is awkward and less
> convenient on Linux than other operating systems, is part of
> the reason why Linux on the desktop has never taken off. I certainly don't
> wish to be tied to what other applications with much narrower platform
> scope such as colord are doing, so a separate 55-Argyll.rules that is
> deliberately designed to work on a wide range of linux distributions
> is as it should be. No, you can't assume users get Argyll from a distro
> repository, since such repositories have a history of adding unwelcome
> changes to it, and being too platform dependent.

How is this process being handled on other OS like for example in OS-X?

> > In the meantime you ( or Jon )could have a look at 69-cd-sensors.rules
> > and adjust yours according to what Richard has done there.
> 
> Richard has done his own thing, and much of it it's tied to what colord
> needs. In the Redhat world what he's done makes perfect sense. Not all
> systems use colord though - they use ArgyllCMS as is, or use Oyranos.

But the supported color management devices still remain the same for all of these right?  

1.http://thread.gmane.org/gmane.linux.hotplug.devel/17392
2.http://git.kernel.org/?p=linux/hotplug/udev.git;a=blob_plain;f=NEWS;hb=a3a304ddc090db59cb3be0dcbf1c0d83fe84c33a
Comment 12 Jóhann B. Guðmundsson 2012-09-24 15:10:32 EDT
Jon the proper way to fix this is to revert the workaround and carry a local patch and follow what other distributions are doing like for example opensuse [1]
since upstream cant drop those rules

1. https://build.opensuse.org/package/view_file?file=argyllcms-1.3.0-udev151.patch&package=argyllcms&project=multimedia%3Aphoto&rev=60ca08ca9e2425de1ef13a9b0f9a27a4
Comment 13 Jon Ciesla 2012-09-24 15:23:57 EDT
Does that apply against what we ship?
Comment 14 Jóhann B. Guðmundsson 2012-09-24 15:47:23 EDT
What's being done in that patch certainly applies to to us atleast F17+ not sure if udev-acl has been removed in F16 for that "TEST" section to work which is being removed there. I have not tested applying that patch to our sources if that's what you are referring but if it does not our patch should look the same as what other distributions are doing so we can all drop it if/when upstream decides it's time to drop those rules.
Comment 15 Jon Ciesla 2012-09-24 15:54:14 EDT
Richard, would you care to weigh in here?
Comment 16 Kay Sievers 2012-09-24 16:23:49 EDT
That sounds like the right thing. We do not want "plugdev" in Fedora. It's
mainly an Ubuntuism, that is misguiding, too static, and insecure.

Fedora fully dynamically grants access to devices based on the state of
the user's login session and the physical seat configuration. We do not
ever put users in groups to grant ordinary users access to hot-pluggable
devices.

Static system groups are inflexible and insecure in the sense that e.g.
ssh-login users must not be able to log into a machine and listen to the microphone or the camera or any other device that is associated with a
physical seat.
It would be unlikely to cause any harm for a color management device,
but the general rule that we do not want to support any static group like:
"the users who can use pluggable devices" still applies, and it it the
wrong thing to introduce "plugdev".

The right thing for Fedora is to patch out all ACL_MANAGE, udev-acl,
ConsoleKit and plugdev group stuff from the upstream packages in the
packaging step. These fallbacks are not expected or wanted in Fedora.

Upstream should note that blindly using unknown system groups in udev
rules can cause systems to be unable to boot up, because the group is
unresolvable. This is a major issue and nothing that is about just
"making things work", it actually can cause quite the opposite of it.
Comment 17 Graeme Gill 2012-09-25 00:28:34 EDT
bugzilla@redhat.com wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=859244
> 
> --- Comment #11 from Jóhann B. Guðmundsson <johannbg@gmail.com> ---
> (In reply to comment #10)
>>> Arguably upstreams that are dependant and or use other upstreams
>>> should always follow what that upstream is doing and recommends ( in
>>> this case udev ) and downstreams work around those changes. Not the
>>> other way around as in downstream having to patch upstream to keep
>>> themselves and upstream up to date in relevance other upstreams
>>> changes from my pov ( At least that comes more logically to me ).
>>
>> I'm subscribed to the udev mailing list, and have seen nothing that
>> covers such changes. In any case, I'm leery of anything stated about
>> udev - I've been well and truly lead down the garden path by
>> whatever is seen as the latest trendy change for changes sake
>> (ie. PolicyKit + Hal), and I'm now only interested in what will
>> works across a range of real systems.
> 
> The announcement can be found here [1]

I see no mention of the plugdev group in this announcement.

My aim is to write and support an application, not to scour
the universe tracking minute changes to various versions of
an operating system.

The best I can do is investigate when something breaks due to
API churn, fix it in the most robust and backwards compatible
way I can identify, test as best I can, and then go back to real
work and wait for future breakage. (Note that systems that
want to encourage a rich, diverse and vibrant application
ecosystem try and minimise API breakage.) 

> As far as I know every major distribution except Ubuntu ( which has a tendency
> to fork it self in a corner one way or another ) is either defaulting to or is
> shipping systemd along with as an init replacement for their distribution so
> which system does indeed matter ( Atleast for the future that is ).

Hmm. I can't seem to locate it on Fedora 8 development box,
so I guess that you mean just the latest releases of major
distributions have systemd. Unfortunately not everyone
is in a position to upgrade their operating system to
the latest release when it comes out (possibly involving
upgrading hardware etc.), and then spend time getting
their system working again. So it's necessary to allow for
backwards compatibility - just like many systems try and
make sure they don't break existing applications, good
application try and make sure that they don't stop 
working when new versions are installed on older systems.

> Trying to support what all ca 500 linux distribution out there to me is an
> unrealistic goal + as of udev release 182 the udev-acl tool is no longer being
> provided which breaks your test there and is affecting F17+ and any other
> distro that ships udev 182 or newer  

It's not at all unrealistic if there is a core API. Trying to
support them all by each one tweaking and compiling every application
for each of them, is an unrealistic expectation. Which is why the
distro model is broken. In fact it encourages API churn, poor planning,
and ad-hoc API changes, under the assumption that all the applications
that get broken can be fixed, because all the applications
are part of the distribution. The result is few applications that
are distributed any other way.
 
> As I mentioned before udev-acl tool is no longer provided as of udev release
> 182 [2] the test case for it will always fail and try to fallback on the non
> existing group

I see no mention of ACL_MANAGE in your reference. In fact
I can see no mention of udev-acl tool being deprecated in
your reference, merely that it is being packaged in a different
way. Or are you meaning that the TEST=="/lib/udev/udev-acl"
is no longer valid ?

Looking at the current git 70-acl.rules it seems that
ACL_MANAGE is not deprecated, and uses the test
TEST=="/var/run/ConsoleKit/database". So I guess
that is the test that should remain in 55-Argyll.rules for
using ACL_MANAGE.

It's not evident if there is any way of testing for
the existence of the ENV{COLOR_MEASUREMENT_DEVICE}=="*?", ENV{ACL_MANAGE}="1"
line in 70-acl.rules though, which is what would be necessary to
modify 55-Argyll.rules to be able to reliably use COLOR_MEASUREMENT_DEVICE
as a first choice.

> How is this process being handled on other OS like for example in OS-X?

Other operating systems are generally simpler. For HID devices on MSWin,
nothing needs to be done - plug in the device and the application
can access it. For non HID devices it is more complex, but
essentially there needs to be a .inf file that tells the OS
what kernel driver to use, and the application can then access it.
There are no device permission issues. And this applies from Win2K though
to Win8

For OS X, nothing has to be done. Plug the instrument in and
the application can access it. There are no device permission issues.
This applies for OS X 10.3 - 10.8

i.e. Because both of these OS's are more person oriented rather
than server oriented, the default policy is that someone having
physical access to the machine has permission to run an application
on the console that can access such a device.

> But the supported color management devices still remain the same for all of
> these right?  

Yes, but the support is application dependent, so it's tied to the
application release, not the system release. ie., both the
system and applications need a mechanism for enabling
color instruments independently. So given the arrangement of
udev, there needs to be room for independent .rules files
being installed with an application update. And backwards
compatibility requirements mean not relying on any system
changes that are recent (ie. say less than 5 years old).
Comment 18 Graeme Gill 2012-09-25 00:51:48 EDT
>--- Comment #16 from Kay Sievers <kay@redhat.com> ---
> That sounds like the right thing. We do not want "plugdev" in Fedora. It's
> mainly an Ubuntuism, that is misguiding, too static, and insecure.

Be that as it may, older systems do not have any other widely
available option, hence its use as a fallback. It provides
a means for a user to get an instrument going when ACL_MANAGE
is not supported.

> Fedora fully dynamically grants access to devices based on the state of
> the user's login session and the physical seat configuration. We do not
> ever put users in groups to grant ordinary users access to hot-pluggable
> devices.

It may do now, but it did things differently in the past. And that's
the issue here - dealing with backwards and other distribution compatibility.

> The right thing for Fedora is to patch out all ACL_MANAGE, udev-acl,
> ConsoleKit and plugdev group stuff from the upstream packages in the
> packaging step. These fallbacks are not expected or wanted in Fedora.

That's simply an unacceptable churn in the Application Programming Interface
in my view. udev .rules files are part of the API, because they need to be set
for applications to access user USB devices, due to the conservative
permission policy adopted by Linux. So changes in the way
.rules files should work need to worked out with some care
and an eye for compatibility with existing applications and
backward compatibility in older systems and other distributions.

The best way forward is to at least provide some versioning or
preferably capability mechanism, so that backwards compatible
.rules files can be crafted that shift to new mechanisms when
available.

> Upstream should note that blindly using unknown system groups in udev
> rules can cause systems to be unable to boot up, because the group is
> unresolvable. This is a major issue and nothing that is about just
> "making things work", it actually can cause quite the opposite of it.

Sounds poor if a system fails to boot for this reason, particularly
one involving a non-boot critical user device such as color instrument.
Note that groups are a very suitable fallback given their wide support
amongst UNIX like systems. My previous option was simply
changing permissions on the device directly. I guess that could
be reverted to, although various people complained about it.
Comment 19 Kay Sievers 2012-09-25 06:28:12 EDT
First, upstream is not in charge of providing something that matches Fedora's
need. That can all be done in the packaging.

Second, only ENV{ID_COLOR_MEASUREMENT_DEVICE}=="1" is needed, and that works
for quite some years. When upstream like to fiddle with low-level knobs of the
Base OS, which change depending on the need of the overall architecture, it's
fine, they can do that. But they should also not be surprised that these games
end up in breakage. We do not want this in Fedora. The udev-acl tool,
ACL_MANAGE, ConsoleKit have never been any sort of API to be used directly by
tools, only the flags for the classes of devices are the API, the rest is part
of the system/distro policy which must not be touched by tools.

Third, a single wrong udev rule can render the entire system
un-bootable. Therefore, installing udev rules comes with a certain
responsibility; such an issue can not be ignored for that long. Upstream
seem not to even understand the problem it is causing, by naively playing
around with lowest-level Base OS properties. Jon, please just patch out all
upstream udev mis-use, it can not work reliably on Fedora, and it will cause serious bugs.
Comment 20 Graeme Gill 2012-09-25 10:43:46 EDT
bugzilla@redhat.com wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=859244
> 
> --- Comment #19 from Kay Sievers <kay@redhat.com> --- First,
> upstream is not in charge of providing something that matches
> Fedora's need. That can all be done in the packaging.

Please explain how. I've been looking into these USB permission problems for many years, and no-one pointed to anything as simple as
"packaging" - on the contrary, all advice pointed to the need to udev
.rules files, and prior to that, hotplug usermap files.

> Second, only ENV{ID_COLOR_MEASUREMENT_DEVICE}=="1" is needed, and
> that works for quite some years. When upstream like to fiddle with
> low-level knobs of the Base OS, which

It's only been around since colord has been part of Fedora,
and hence cannot be relied upon for older systems or those
without colord.

> change depending on the need of the overall architecture, it's
> fine, they can do that. But they should also not be surprised that
> these games end up in breakage. We do not

This is not some "game" - it's simply trying to get things to
work in the best possible manner.

> want this in Fedora. The udev-acl tool, ACL_MANAGE, ConsoleKit have
> never been any sort of API to be used directly by tools, only the
> flags for the classes of devices are the API, the rest is part of
> the system/distro policy which must not be touched by tools.

If the only way that an application can enable permissions to access
a USB device is to install a udev .rules file, then these are indeed
part of the application programming interface, and it is simply
wishful thinking to claim that they are not. If I am mistaken (and
there is some other standard mechanism to fix the USB permissions
problem that everyone has overlooked for the past 10 years), and
please point it out. It would be a relief not to have to worry
about udev.

> Third, a single wrong udev rule can render the entire system
> un-bootable. Therefore, installing udev rules comes with a certain
> responsibility; such an issue can not be ignored for that long.
> Upstream seem not to even understand the problem it is causing, by
> naively playing around with lowest-level Base OS properties.

That is the recommended mechanism provided to allow applications to
fix USB device permission problems. If that exposed API is "lowlevel",
and can easily render a system un-bootable, then it seem like very poor
API design, and I suggest an effort to correct it or replace it with
something safer.

> Jon, please just patch out all upstream udev mis-use, it can not
> work reliably on Fedora, and it will cause serious bugs.

Sounds like you'll be patching it into the indefinite future then,
since it seems you cannot be bothered to understand and address a
very real and long standing Linux application problem.
Comment 21 Richard Hughes 2012-10-24 09:34:27 EDT
I've reverted the "groupadd -r plugdev" fix in the spec file as it's the wrong fix for Fedora. It might be correct upstream (not going to get in that argument) but for Fedora the fix is to just rely on ENV{COLOR_MEASUREMENT_DEVICE}="1" magically doing the right thing. I'll push a new package tomorrow with the fix which involves one line being removed from 55-Argyll.rules as a distro-patch. If the distro relies on colord (which Fedora does) then we can remove the 55-Argyll.rules file completely, although it certainly makes sense to ship upstream.

Richard.
Comment 22 Fedora Admin XMLRPC Client 2012-10-24 09:57:39 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 23 Fedora Update System 2012-10-24 12:23:03 EDT
argyllcms-1.4.0-6.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/argyllcms-1.4.0-6.fc18
Comment 24 Fedora Update System 2012-10-26 15:41:11 EDT
Package argyllcms-1.4.0-6.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing argyllcms-1.4.0-6.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-16950/argyllcms-1.4.0-6.fc18
then log in and leave karma (feedback).
Comment 25 Fedora Update System 2012-12-20 10:57:09 EST
argyllcms-1.4.0-5.fc18 has been pushed to the Fedora 18 obsolete repository.  If problems still persist, please make note of it in this bug report.