1066747 – `dnf update` should check for privileges before attempting privileged operations

Bug 1066747 - `dnf update` should check for privileges before attempting privileged operations

Summary: `dnf update` should check for privileges before attempting privileged operat...

Keywords:
Status:	CLOSED DUPLICATE of bug 910133
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	dnf
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Packaging Maintenance Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-02-19 02:39 UTC by Pete Travis
Modified:	2014-02-19 07:45 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-02-19 07:44:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pete Travis 2014-02-19 02:39:15 UTC

`dnf install foo` or `dnf update`, when executed as a regular user, will go through the entire process of resolving a transaction and downloading packages before reporting that the transaction requires root privileges to complete. The cycles and bandwidth should be conserved.  

I wouldn't mind seeing the transaction resolved, but redirected to `check-update` or `check-install` respectively with an advisement that root privileges are required to complete the transaction. Bonus points for storing the transaction for immediate execution :)

Running something like `dnf install @standard --releasever 20 --installroot=/home/regularuser/container/` doesn't work without privileges either. It's an enhancement I've always wanted from yum, and probably should be in a separate RFE ticket, but mentioned here because it seems like the code might overlap.  The attempt results in messages like this, for all included packages:

    Running transaction
    acl-2.2.52-4.fc20.x86_64 was supposed to be installed but is not!
      Verifying   :     acl-2.2.52-4.fc20.x86_64    1/347
    attr-2.4.47-3.fc20.x86_64 was supposed to be installed but is not!
      Verifying   : attr-2.4.47-3.fc20.x86_64

This completes as expected (plenty of AVCs from %post operations but a functional set of files) with appropriate privileges, of course.

Comment 1 Pete Travis 2014-02-19 07:33:14 UTC

Per Parag in RHBZ#1066743, the noroot plugin from dnf-plugins-core enables the check before the transaction.

You might consider tweaking the packaging a bit, so the minimal dnf deployment comes in a dnf-core package, and dnf with user-facing plugins comes with the more obvious "dnf" package. At least it would save the trouble of spurious bug reports from more simple end users like myself :)

Comment 2 Ales Kozumplik 2014-02-19 07:44:38 UTC

(In reply to Pete Travis from comment #0)
> `dnf install foo` or `dnf update`, when executed as a regular user, will go
> through the entire process of resolving a transaction and downloading
> packages before reporting that the transaction requires root privileges to
> complete. The cycles and bandwidth should be conserved.  

Hello, this is by design for setups that allow noroot to modify rpmdb. Installing dnf-plugins-core prevents this.

*** This bug has been marked as a duplicate of bug 910133 ***

Comment 3 Ales Kozumplik 2014-02-19 07:45:36 UTC

(In reply to Pete Travis from comment #0)
> Running something like `dnf install @standard --releasever 20
> --installroot=/home/regularuser/container/` doesn't work without privileges
> either.

Yeah, we should track this. Please open an RFE.

Note You need to log in before you can comment on or make changes to this bug.