|
Bugzilla – Full Text Bug Listing |
| Summary: | When you upgrade using SUSE Updater even if 3rd party updates is unchecked, it will try to install said package from 3rd party repo | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 10.3 | Reporter: | Forgotten User zhFaldehF_ <forgotten_zhFaldehF_> |
| Component: | Update Problems | Assignee: | E-mail List <zypp-maintainers> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P2 - High | CC: | coolo, dmacvicar, ma, schubi, tgoettlicher |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | i386 | ||
| OS: | openSUSE 10.3 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | YaST Log | ||
|
Description
Forgotten User zhFaldehF_
2007-10-10 23:46:45 UTC
Please attach your yast logs (http://en.opensuse.org/YaST/Bugs). I will attach YaST logs but I don't see the good it would do. You can easily replicate the issue. Open the openSUSE Updater Configuration manager. Make sure the following is unchecked "Show avaliable upgrades when backend provides them" Setup the Packman Community Repository Downgrade say.. Amarok to the version initially released with SUSE 10.3. do a zypper update You will notice it will try to upgrade Amarok to the version on the Packman repository and not the one on the Updates repo. Created attachment 180336 [details]
YaST Log
Don't know if this will show this behavior.
Actually it is the zypper.log that would be of help here (http://en.opensuse.org/Zypper#Log) since the updater applet currently uses zypper to do the update. Ben, please attach zypper.log (you can even delete it before you try to reproduce the problem so that it is smaller). Also please specify which updater exactly do you use. Is is the KDE OpenSUSE Updater or Gnome? (In reply to comment #4 from Jan Kupec) > Actually it is the zypper.log that would be of help here > (http://en.opensuse.org/Zypper#Log) since the updater applet currently uses > zypper to do the update. > > Ben, please attach zypper.log (you can even delete it before you try to > reproduce the problem so that it is smaller). > > Also please specify which updater exactly do you use. Is is the KDE OpenSUSE > Updater or Gnome? > I will add something soon. I will have to create a VM or wait for another package since I've flushed my Zypper logs since it originally happened (when I first setup my machine). Thanks. Ben In the meantime, Thomas, what does the updater do with the "3rd party updates" checkbox? I guess that currently the download of a package from another repository can be prevented only if that repository is disabled. Otherwise libzypp doesn't care where does the package come from, it just cares whether it is the right name, version, and arch. I wonder what happens if the 3rd party repo has the package with a different checksum. (In reply to comment #6 from Ján Kupec) > In the meantime, Thomas, what does the updater do with the "3rd party updates" > checkbox? If this checkbox is enabled opensuseupdater-kde shows another tab with packages (additional to the patches tab). The shown packages are the same as the output of 'zypper lu'. If the user wants to install such a package 'zypper in -type package' is called. No reaction from the reporter. Should we close this - or can you move ahead without it? I believe we can. IMO the problem is with the name of the check-box itself :O) Zypper does not have a way to enforce a specific vendor (don't know about libzypp). The check box is about 'patch updates' vs. 'package updates', not about 'suse updates' vs. '3rd party updates'. If only patch updates are enabled, if a particular package from a 3rd party repo satisfies requirements of a patch better than suse package, zypper will install that package. If this is a security risk, then the options are as mentioned below. If not, then the behavior is correct and we should close this bug as INVALID. The options: 1) have means of identification of the product repository and the update repository and use --repo to restrict the operation to these two. 2) implement vendor locking in zypper (libzypp?) and restrict the operation to suse vendor. 3) rename the checkbox to "Allow package udpates" :O) Thomas, how do you identify the update and the product repo? Once identified, do you use '--repo update-repo --repo product-repo' with the zypper command when the 3rd party checkbox is unchecked? NEEDINFO: all Opensuseupdater doesn't identify update and product repos and doesn't call zypper with "--repo". You are right the wording is misleading. So we need to decide what to do with this, see comment #9. I hope this hasn't falled off the boat.. Any one consider what the check box will be named? Or if the function has actually changed in the newer versions of zypper? The current checkbox says 'Show avaialble upgrades when backend provides them (for experts only).' The issue with using 3rd party repositories even for security updates is still there and will not be addressed for 11.0. Sorry changed for the wrong bug.. changing back Any news on this bug? I don't actually use the updater anymore so I cannot determine it's usage etc. Maybe I'll try on live cd? I believe this bug is fixed by fixing zypper's lu/up inconsistency - unless the user manually adds some vendors to /etc/zypp/vendors.d, non-suse updates will not be shown by the updater using zypp-based backend. Additionally, any vendor changes that would be needed to satisfy possible dependency problems are now reported by the solver and must be manually resolved by user in yast or zypper or elsewhere. So it should work correctly in openSUSE 11.1 since beta2. |