Description of problem: 1. system-install-packages foo gives a traceback if foo doesn't exist. 2. system-install-packages dont tell the user if package already is installed. it is only written to stdout. 3. system-install-packages can't install a non signed package. I have done a little hacking and created some patches for the problems. Version-Release number of selected component (if applicable): 0.9.7-1
Created attachment 123664 [details] Patch for file not found traceback
Created attachment 123665 [details] Patch for telling the user if a package allready installed It also fixes two time 'elif == 0:' efter each other
Created attachment 123666 [details] Patch for installing packages that are not signed
Created attachment 123667 [details] new patch for file not found there was an error in the first one
In the future, it helps to provide patches separately so they can be tracked individually. * File not found: Committed * Already installed: Committed, with some text tweaks as well as i18n marking For the third, I'm not sure that installing unsigned packages is really the right thing to do if the configuration is set up to require signed packages. Which is most of why I've held off applying any of these, but I'm not any closer to personal resolution. What would be the use case of having gpgcheck=1 and then wanting to install an unsigned package?
(In reply to comment #5) > In the future, it helps to provide patches separately so they can be tracked > individually. > I will do so in the future :-) > * File not found: Committed > * Already installed: Committed, with some text tweaks as well as i18n marking > > For the third, I'm not sure that installing unsigned packages is really the > right thing to do if the configuration is set up to require signed packages. > Which is most of why I've held off applying any of these, but I'm not any closer > to personal resolution. > I most cases it would be ok, not to install unsigned packages, but in some cases it would be nice to just warn the user and let the user decide. Example: A user what to use the 'foobar' application, but it is not availible in any repositories. He locates the application on the "foobar" homepage, And there is a link to download a rpm for Fedora Core, He clicks the link and Firefox suggests to open the rpm with the system-install-packages tool, he selects to do so, and he get a "Unable to verify" error. Possible solution. 1. Keep it as is, maybe change the text to something like "The package is not signed, so it cant be installed for security reasons" 2. just install it. 3. Warn the user about the security issues and let him choose to install it or not. Maybe it should be something to be enabled in /etc/pirut.conf > What would be the use case of having gpgcheck=1 and then wanting to install an > unsigned package? When installing from a repository, it is up to the state of "gpgcheck=" to deside how to handle unsigned packages, but it not very useful in the previous example.
After talking with jrb a bit (who happened to hit this case installing VMware the other day), went ahead and implemented, although I did it a bit differently than your patch.
Looking good