Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1151869
Summary: | yumex 3.0.16 requires administrative authentication to start. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Woi <woiling> |
Component: | yumex | Assignee: | Tim Lauridsen <tla> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | fedora, lukas+fedora, projects.rg, tla |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | yumex-3.0.17-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-04-26 12:44:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Woi
2014-10-12 21:16:47 UTC
It is by design, It give a lot of issues to running the yumex backend as non root if the user cancel a transaction, all selection & pending actions are lot, because we restarted the backend as root, so every thing we done is lost, same issue if there is a problem in the transaction, you could not just deselect the packages with problems and apply again. You also have to download repository metadata 2 times, one in non-root mode and one in root-mode. The next generation for yumex based on dnf, also require root access So I deceided to always start the backend in root mode for solve all these issues. yumex 4.x will have standalone notification icon, there can check for updates an alert the user without needing to start the yumex gui. I can confirm the described behaviour change. Someone suggested in IRC to use a PolicyKit rule to allow general root access for Yumex. (In reply to Raphael Groner from comment #2) > I can confirm the described behaviour change. Someone suggested in IRC to > use a PolicyKit rule to allow general root access for Yumex. Yes, there are multiple ways to make it possible for a user to run yumex, without typing a password. 1. making a Policykit rule 2. using sudo http://www.yumex.dk/2012/05/running-yumex-without-typing-password.html warning the PolicyKit rule described in this blog, do not work any longer, because PolicyKit has change to using JS rules. this show an exsample of how to do it using the current version of PolicyKit https://lists.fedoraproject.org/pipermail/users/2013-August/440106.html I have made this document on how to setup yumex to run without the user is asked for a password. http://www.yumex.dk/p/yumex-without-password.html You could provide the rule file within the yumex package as well as create the (initially empty) yumex group, so that all that is installed by default. The user would have to configure only by simply adding herself to the yumex group, if root password dialog is not wished. Alternatively, how is it possible to run yumex as a special yumex user that is only allowed to start this foreground yumex process? Not sure if that would again increase any security. That a unpriveleged user can search for packages but isn't allow to install a package is complete useless and not fair to him. Also, downloading double yum cache makes old version of yumex complete slow, and it's cost power and time. In a green world we should save server power. Think about....... (In reply to Raphael Groner from comment #6) > You could provide the rule file within the yumex package as well as create > the (initially empty) yumex group, so that all that is installed by default. > The user would have to configure only by simply adding herself to the yumex > group, if root password dialog is not wished. > Good idea, I have added that upstream. https://github.com/timlau/yumex/commit/f0c8ef8264c691f31c56d138afbf6782d85fa3c7 Being able to optionally run without root as an ordinary user is useful for systems where the user is not the admin of the system but wants to ask the admin to install a specific package. That way he can search in the repos using yumex and afterwards give the admin specific package names. Ideally that would also include some easy export of selected package names for sending via email. (In reply to Lukas Middendorf from comment #9) > Being able to optionally run without root as an ordinary user is useful for > systems where the user is not the admin of the system but wants to ask the > admin to install a specific package. That way he can search in the repos > using yumex and afterwards give the admin specific package names. > Ideally that would also include some easy export of selected package names > for sending via email. This is not the kind of use yumex is intented for, I was for security reason that yumex was not asking for root access before it was really needed, not to work with a user with limitted rights. It was introduced in yumex 3.0.11, but it introduced a lot of issues, therefor i switch back to the old way of asking for root access from the start. Next release will solve the issues with the user have to enter password to use yumex. You use case, running in readonly mode, will need a lot of work, by hidding features there need root access, they should not be show to a user if he cant perform them. yumex 3.0.x is in bug fix mode only, new features will mostly be done in yumex 4.0.x based on dnf. You can create an issue for your usecase here: https://github.com/timlau/yumex-dnf An I will consider to implement it in a future yumex 4.0.x release. (In reply to Lukas Middendorf from comment #9) > Being able to optionally run without root as an ordinary user is useful for > systems where the user is not the admin of the system but wants to ask the > admin to install a specific package. That way he can search in the repos > using yumex and afterwards give the admin specific package names. > Ideally that would also include some easy export of selected package names > for sending via email. For this case a normal user can run 'yum list *<expression-to-search>*' in a terminal. So this function in yumex isn't really needed for this special case. I mean we are on linux and using a terminal command is not the badest ;) (In reply to Wolfgang Ulbrich from comment #11) > For this case a normal user can run 'yum list *<expression-to-search>*' in a > terminal. So this function in yumex isn't really needed for this special > case. > I mean we are on linux and using a terminal command is not the badest ;) I think the comfortable search for packages (and then displaying the description and content of some of them) is the main advantage of yumex over yum. If that is irrelevant, let's stop development of yumex and drop it from fedora repos. We can all use yum directly instead. Thx for the answers, especially Raphael and Tim for suggesting and upstreaming a sustainable solution. I wasn't aware of the issues with the backend running as non-root. Getting rid of this issues ads some extra value for me, too. All in all the policykit solution works better for me than before. How ever I prefer users to re-enter their password before changing system settings to make them aware of it. It also adds some security. I'm very happy to hear yumex 4 will fix the backend issues, indicates available updates for normal users and requires a password to apply these updates all at once :) Is there already a plan when a rpm containing the policykit rule will hit the update-testing repo? I could provide some feedback after installing it of course. Last but not least in addition to the --update-only option I'd love to see a command line option to preselect all updates. Is this already covered by yumex 4 or do you like me to write an feature request for for this? (In reply to Woi from comment #13) > Thx for the answers, … I am happy to can help. No problem, you're welcome. > Is there already a plan when a rpm containing the policykit rule will hit > the update-testing repo? I could provide some feedback after installing it > of course. > Last but not least in addition to the --update-only option I'd love to see a > command line option to preselect all updates. Is this already covered by > yumex 4 or do you like me to write an feature request for for this? You should open another bug report for this feature request. It does not seem to have any relation to the password dialog thingy, does it? yumex-3.0.17-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/yumex-3.0.17-1.fc22 yumex-3.0.17-1.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/yumex-3.0.17-1.fc21 yumex-3.0.17-1.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/yumex-3.0.17-1.el7 Beside that yumex-dnf is now in f22, does normal yumex use dnf too in f22 with the redirector package dnf-yum? Package yumex-3.0.17-1.el7: * should fix your issue, * was pushed to the Fedora EPEL 7 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing yumex-3.0.17-1.el7' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5908/yumex-3.0.17-1.el7 then log in and leave karma (feedback). (In reply to Wolfgang Ulbrich from comment #18) > Beside that yumex-dnf is now in f22, does normal yumex use dnf too in f22 > with the redirector package dnf-yum? No, yumex uses the yum python api, it is not affected by the changes to the yum cli tool there has been renamed to yum-deprecated. yumex, will proberly get retired in f23 or f24 an only yumex-dnf will live on yumex-3.0.17-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. yumex-3.0.17-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. yumex-3.0.17-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report. |