Bug 178908 - system-install-packages bug and patches
Summary: system-install-packages bug and patches
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: pirut
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-01-25 11:51 UTC by Tim Lauridsen
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-03 22:24:12 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Patch for file not found traceback (1006 bytes, patch)
2006-01-25 11:51 UTC, Tim Lauridsen
no flags Details | Diff
Patch for telling the user if a package allready installed (1.54 KB, patch)
2006-01-25 11:54 UTC, Tim Lauridsen
no flags Details | Diff
Patch for installing packages that are not signed (3.61 KB, patch)
2006-01-25 11:55 UTC, Tim Lauridsen
no flags Details | Diff
new patch for file not found there was an error in the first one (598 bytes, patch)
2006-01-25 11:58 UTC, Tim Lauridsen
no flags Details | Diff

Description Tim Lauridsen 2006-01-25 11:51:58 UTC
Description of problem:

1. system-install-packages foo gives a traceback if foo doesn't exist.
2. system-install-packages dont tell the user if package already is installed.
   it is only written to stdout.
3. system-install-packages can't install a non signed package.

I have done a little hacking and created some patches for the problems.

Version-Release number of selected component (if applicable): 0.9.7-1

Comment 1 Tim Lauridsen 2006-01-25 11:51:58 UTC
Created attachment 123664 [details]
Patch for file not found traceback

Comment 2 Tim Lauridsen 2006-01-25 11:54:24 UTC
Created attachment 123665 [details]
Patch for telling the user if a package allready installed

It also fixes two time 'elif == 0:' efter each other

Comment 3 Tim Lauridsen 2006-01-25 11:55:45 UTC
Created attachment 123666 [details]
Patch for installing packages that are not signed

Comment 4 Tim Lauridsen 2006-01-25 11:58:41 UTC
Created attachment 123667 [details]
new patch for file not found there was an error in the first one

Comment 5 Jeremy Katz 2006-02-02 00:14:47 UTC
In the future, it helps to provide patches separately so they can be tracked
individually.

* File not found: Committed
* Already installed: Committed, with some text tweaks as well as i18n marking

For the third, I'm not sure that installing unsigned packages is really the
right thing to do if the configuration is set up to require signed packages. 
Which is most of why I've held off applying any of these, but I'm not any closer
to personal resolution.

What would be the use case of having gpgcheck=1 and then wanting to install an
unsigned package?

Comment 6 Tim Lauridsen 2006-02-03 08:05:09 UTC
(In reply to comment #5)
> In the future, it helps to provide patches separately so they can be tracked
> individually.
> 
I will do so in the future :-)
> * File not found: Committed
> * Already installed: Committed, with some text tweaks as well as i18n marking
> 

> For the third, I'm not sure that installing unsigned packages is really the
> right thing to do if the configuration is set up to require signed packages. 
> Which is most of why I've held off applying any of these, but I'm not any closer
> to personal resolution.
> 
I most cases it would be ok, not to install unsigned packages, but in some cases
 it would be nice to just warn the user and let the user decide.

Example:

A user what to use the 'foobar' application, but it is not availible in any
repositories. He locates the application on the "foobar" homepage, And there is
a link to download a rpm for Fedora Core, He clicks the link and Firefox
suggests to open the rpm with the system-install-packages tool, he selects to do
so, and he get a "Unable to verify" error.

Possible solution.

1. Keep it as is, maybe change the text to something like "The package is not
signed, so it cant be installed for security reasons"

2. just install it.

3. Warn the user about the security issues and let him choose to install it or not.

Maybe it should be something to be enabled in /etc/pirut.conf

> What would be the use case of having gpgcheck=1 and then wanting to install an
> unsigned package?

When installing from a repository, it is up to the state of "gpgcheck=" to
deside how to handle unsigned packages, but it not very useful in the previous
example.






Comment 7 Jeremy Katz 2006-02-03 22:24:12 UTC
After talking with jrb a bit (who happened to hit this case installing VMware
the other day), went ahead and implemented, although I did it a bit differently
than your patch.

Comment 8 Tim Lauridsen 2006-02-04 15:20:29 UTC
Looking good 


Note You need to log in before you can comment on or make changes to this bug.