Bug 190674 - Feature Req: take direct URL argument, skip sig check on URL argument
Feature Req: take direct URL argument, skip sig check on URL argument
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: yum (Show other bugs)
5
All Linux
medium Severity low
: ---
: ---
Assigned To: Jeremy Katz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-04 09:12 EDT by Bryan J. Smith
Modified: 2014-01-21 17:54 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-18 16:32:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bryan J. Smith 2006-05-04 09:12:39 EDT
Description of problem:

"rpm" allows a direct URL argument for install, query, etc... of a rpm package.
"yum" should allow this functionality as well in its "localinstall" or possibly
a new argument.
There seems to be no "yum-utils" tool that offers this functionality either.

E.g., a common program that has a dependency on compat-libstdc++ which is often
not installed:  
# yum localinstall
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm

An additional issue is that "yum" will attempt to check signatures on all
packages, including the "local" package.  "yum" should default to "rpm"'s
default that if a user is explicitly specifying a package.  In the above
example, "yum" should check all dependency signatures, but not the direct rpm
package.

I'm curious if that is not directly feasible.  E.g., does "yum" merely pass on
all rpm packages to "rpm" and then report back if _any_ signature check fails? 
Or does it check signatures individually before passing to "rpm"?

Version-Release number of selected component (if applicable):
All

How reproducible:
All (feature enhancement request)

Actual results:

Setting up Local Package Process
Cannot open file:
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

Expected results:

No messages, automatically fetches via ftp/http, resolves dependencies, checks
signatures _except_ for the explicitly named rpm package.

Additional info:
Comment 1 Seth Vidal 2006-05-04 09:40:37 EDT
1. behaving like rpm when it comes to rpm is a bad idea. rpm, imo, behaves
unsafely. that won't ever be changed.

2. it might be reasonable to add a url checker to install/localinstall to grab
the package first. I'll think about that one.

Comment 2 Jeremy Katz 2006-09-18 16:32:24 EDT
There's a plugin to allow disabling the gpg check on the command line and pirut
has a tool for installing packages that gives a nice UI around needing a signature.

Note You need to log in before you can comment on or make changes to this bug.