Bug 1118758

Summary: Please define SYSTEMD_OFFLINE=1 when managing packages inside a chroot
Product: [openSUSE] openSUSE Tumbleweed Reporter: Franck Bui <fbui>
Component: libzyppAssignee: E-mail List <zypp-maintainers>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: jsrain
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1117489    

Description Franck Bui 2018-12-07 11:17:01 UTC 
During package installations/removals/updates from within a chroot, all attempts to contact PID1 (via systemctl {daemon-reload,start,stop,...}) by package scriptlets should be avoided.

systemd offers an API for that "SYSTEMD_OFFLINE" which should be defined to "1".

It would be nice if libzypp defines this variable in such scenarios.

Indeed libzypp seems a good place to do that because at least YAST, zypper and Packagekit are linked against it.
Comment 1 Franck Bui 2018-12-07 11:22:03 UTC 
This bug mostly targets Factory but I think it wouldn't hurt if this is done for SLE too since that would make sure that all tools relying on libzypp would behave correclyt in chroots too.
Comment 2 Michael Andres 2018-12-07 12:21:37 UTC 
A fix in libzypp-17.10.2 will cover TW and SLE15* anyway. If it's usefull on SLE12* we can easily backport it.
Comment 3 Michael Andres 2018-12-10 16:03:09 UTC 
Fixed in libyzpp-17.10.2
Comment 4 Franck Bui 2018-12-10 16:28:58 UTC 
Thanks Michael for fixing promptly.

Could you let me know when this change will reach the Factory repo ?

Thanks.
Comment 5 Michael Andres 2018-12-11 11:20:38 UTC 
(In reply to Franck Bui from comment #4)
> Could you let me know when this change will reach the Factory repo ?
You can check it here: https://build.opensuse.org/request/show/657132
Comment 7 Swamp Workflow Management 2019-02-25 10:30:09 UTC 
This is an autogenerated message for OBS integration:
This bug (1118758) was mentioned in
https://build.opensuse.org/request/show/678857 Factory / systemd-rpm-macros
Comment 12 Swamp Workflow Management 2019-07-31 22:12:55 UTC 
SUSE-SU-2019:2030-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    PackageKit-1.1.10-4.10.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    PackageKit-1.1.10-4.10.4, libsolv-0.7.5-3.12.2, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-devel-doc-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Development Tools 15 (src):    libsolv-0.7.5-3.12.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    PackageKit-1.1.10-4.10.4, libyui-qt-pkg-2.45.15.2-3.5.3
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-ncurses-pkg-doc-2.48.5.2-3.5.3, libyui-qt-pkg-2.45.15.2-3.5.3, libyui-qt-pkg-doc-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Installer 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2019-08-18 13:13:53 UTC 
openSUSE-SU-2019:1927-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
openSUSE Leap 15.0 (src):    PackageKit-1.1.10-lp150.11.1, libsolv-0.7.5-lp150.7.1, libyui-ncurses-pkg-2.48.5.2-lp150.7.1, libyui-qt-pkg-2.45.15.2-lp150.7.1, libzypp-17.12.0-lp150.2.13.1, yast2-pkg-bindings-4.0.13-lp150.2.13.1, zypper-1.14.28-lp150.2.13.1