Bug 190674 - Feature Req: take direct URL argument, skip sig check on URL argument
Summary: Feature Req: take direct URL argument, skip sig check on URL argument
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: yum
Version: 5
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-05-04 13:12 UTC by Bryan J. Smith
Modified: 2014-01-21 22:54 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-09-18 20:32:24 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Bryan J. Smith 2006-05-04 13:12:39 UTC
Description of problem:

"rpm" allows a direct URL argument for install, query, etc... of a rpm package.
"yum" should allow this functionality as well in its "localinstall" or possibly
a new argument.
There seems to be no "yum-utils" tool that offers this functionality either.

E.g., a common program that has a dependency on compat-libstdc++ which is often
not installed:  
# yum localinstall
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm

An additional issue is that "yum" will attempt to check signatures on all
packages, including the "local" package.  "yum" should default to "rpm"'s
default that if a user is explicitly specifying a package.  In the above
example, "yum" should check all dependency signatures, but not the direct rpm
package.

I'm curious if that is not directly feasible.  E.g., does "yum" merely pass on
all rpm packages to "rpm" and then report back if _any_ signature check fails? 
Or does it check signatures individually before passing to "rpm"?

Version-Release number of selected component (if applicable):
All

How reproducible:
All (feature enhancement request)

Actual results:

Setting up Local Package Process
Cannot open file:
ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

ftp://ftp.adobe.com/pub/adobe/reader/unix/7x/7.0.5/enu/AdobeReader_enu-7.0.5-1.i386.rpm.
Skipping.

Expected results:

No messages, automatically fetches via ftp/http, resolves dependencies, checks
signatures _except_ for the explicitly named rpm package.

Additional info:

Comment 1 Seth Vidal 2006-05-04 13:40:37 UTC
1. behaving like rpm when it comes to rpm is a bad idea. rpm, imo, behaves
unsafely. that won't ever be changed.

2. it might be reasonable to add a url checker to install/localinstall to grab
the package first. I'll think about that one.



Comment 2 Jeremy Katz 2006-09-18 20:32:24 UTC
There's a plugin to allow disabling the gpg check on the command line and pirut
has a tool for installing packages that gives a nice UI around needing a signature.


Note You need to log in before you can comment on or make changes to this bug.