Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 57

Thread: virt-manager throws an error after downgrade from Tumbleweed to 13.2

  1. #21

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Something interesting from today:

    A few hours ago I ran "zypper up" and that updated some packages. IIRC there were some related to qemu too but I didn't write down the details.

    Now I ran:

    Code:
    i7:~ # zypper up
    Loading repository data...
    Reading installed packages...
    
    
    The following 29 package updates will NOT be installed:
      libcacard0 libcap-ng0 libcelt051-0 libnetcontrol0 libosinfo libosinfo-1_0-0 libspice-client-glib-2_0-8 libspice-client-gtk-2_0-4 libspice-client-gtk-3_0-4 libspice-controller0 
      libspice-server1 libvdeplug3 libvirt-daemon-driver-libxl libvirt-python python-SpiceClientGtk qemu qemu-block-curl qemu-ipxe qemu-ksm qemu-kvm qemu-seabios qemu-sgabios 
      qemu-tools qemu-vgabios qemu-x86 typelib-1_0-Libosinfo-1_0 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 virt-viewer 
    
    
    Nothing to do.
    i7:~ # zypper dup
    Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
    Loading repository data...
    Reading installed packages...
    Computing distribution upgrade...
    
    
    The following 5 NEW packages are going to be installed:
      kde4-print-manager patterns-openSUSE-kde4_games patterns-openSUSE-kde4_internet patterns-openSUSE-kde4_utilities patterns-openSUSE-kde4_utilities_opt 
    
    
    The following 4 NEW patterns are going to be installed:
      kde4_games kde4_internet kde4_utilities kde4_utilities_opt 
    
    
    The following 5 packages are going to be REMOVED:
      kde-print-manager patterns-openSUSE-kde_games patterns-openSUSE-kde_internet patterns-openSUSE-kde_utilities patterns-openSUSE-kde_utilities_opt 
    
    
    The following 4 patterns are going to be REMOVED:
      kde_games kde_internet kde_utilities kde_utilities_opt 
    
    
    The following 25 packages are going to be upgraded:
      libcacard0 libcap-ng0 libcelt051-0 libnetcontrol0 libosinfo libosinfo-1_0-0 libspice-client-glib-2_0-8 libspice-client-gtk-2_0-4 libspice-client-gtk-3_0-4 libspice-controller0 
      libspice-server1 libvdeplug3 libvirt-glib-1_0-0 python-SpiceClientGtk qemu-ipxe qemu-ksm qemu-seabios qemu-sgabios qemu-vgabios typelib-1_0-Libosinfo-1_0 
      typelib-1_0-LibvirtGLib-1_0 typelib-1_0-SpiceClientGlib-2_0 typelib-1_0-SpiceClientGtk-3_0 virt-viewer vm-install 
    
    
    The following 25 packages are going to change vendor:
      libcacard0                       openSUSE -> obs://build.opensuse.org/Virtualization
      libcap-ng0                       openSUSE -> obs://build.opensuse.org/Virtualization
      libcelt051-0                     openSUSE -> obs://build.opensuse.org/Virtualization
      libnetcontrol0                   openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libosinfo                        openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libosinfo-1_0-0                  openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libspice-client-glib-2_0-8       openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libspice-client-gtk-2_0-4        openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libspice-client-gtk-3_0-4        openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libspice-controller0             openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libspice-server1                 openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libvdeplug3                      openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      libvirt-glib-1_0-0               openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      python-SpiceClientGtk            openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      qemu-ipxe                        openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      qemu-ksm                         openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      qemu-seabios                     openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      qemu-sgabios                     openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      qemu-vgabios                     openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      typelib-1_0-Libosinfo-1_0        openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      typelib-1_0-LibvirtGLib-1_0      openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      typelib-1_0-SpiceClientGlib-2_0  openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      typelib-1_0-SpiceClientGtk-3_0   openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      virt-viewer                      openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
      vm-install                       openSUSE -> obs://build.opensuse.org/Virtualization                                                                                             
                                                                                                                                                                                       
                                                                                                                                                                                       
    25 packages to upgrade, 5 new, 5 to remove, 25  to change vendor.                                                                                                                  
    Overall download size: 4.5 MiB. Already cached: 0 B  After the operation, additional 192.9 KiB will be used.                                                                       
    Continue? [y/n/? shows all options] (y):
    Should I say yes? Why is dup different from up in this particular setup we created in this thread?

  2. #22

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by tsu2 View Post
    After some long thought,
    I can't think of a reason for zypper to be invoked
    But it is. Otherwise this bug wouldn't exist, and the fix wouldn't fix it...

    As mentioned I never used virt-manager myself, but AIUI it offers to "copy" the host's installation sources to a guest and install a fresh openSUSE system from those same repos.
    At least that's how I understand the comment I quoted.

  3. #23

    Default AW: Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by heyjoe View Post
    i7:~ # zypper dup
    Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
    ...
    Should I say yes? Why is dup different from up in this particular setup we created in this thread?
    See the warning. "zypper dup" is intended to do a Distribution UPgrade, i.e. upgrade from one openSUSE release to the next.
    Don't use it for installing the normal updates.

    The main difference is that "zypper dup" just installs the highest versined package it can find from all enabled repositories. "zypper up" OTOH will not switch installed packages to some version from another repo but only installs updates from the _same_ repo.

    In your particular case: you added the "Virtualization" repo, which contains the latest versions of some virtualization related packages (including virt-manager). zypper dup wants to install all of them, zypper up not because they come from another repo (you have those packages from the standard repo installed).

    In principle I would recommend you to not use "zypper dup", but switch those particular packages to the other repo that _you_ really want from there (with YaST's "Versions" tab e.g.). You will then get only updates from that particular repo installed for those packages.
    If you want to update all packages to some repo, do the switch once and then continue to use "zypper up" or the update applet.
    See also: https://en.opensuse.org/SDB:Vendor_change_update
    Last edited by wolfi323; 10-Jul-2015 at 09:08.

  4. #24

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Thanks for explaining wolfi! Then I won't say yes and won't try dup, sounds safer

    BTW I notice something strange since I downgraded - Apper in 13.2 can upgrade packages by confirmation from a user and doesn't ask for root password (as I remember it used to do in earlier versions of openSUSE). Isn't that some security issue?

  5. #25

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by heyjoe View Post
    BTW I notice something strange since I downgraded - Apper in 13.2 can upgrade packages by confirmation from a user and doesn't ask for root password (as I remember it used to do in earlier versions of openSUSE).
    This is the way it is since years, and it is the same in Tumbleweed too:
    A locally logged in user is allowed to install updates with Apper (or PackageKit actually, Apper is just one frontend of several) without root password.

    But for installing new packages, you do need the root password.

    Isn't that some security issue?
    How is being able to install security updates a security issue? It would more be a security issue if you do not install them.

    If you want to you can change the polkit configuration and forbid this though.
    The easy way is set the security level to "restrictive" in YaST or /etc/sysconfig/security, but that will force you to enter the root password for other things too (like accessing removeable media).
    Or you can override single polkit rules in /etc/polkit-default-privs.local. See "man polkit" and "man set_polkit_default_privs" for more information if you're interested, or ask.

  6. #26
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,058
    Blog Entries
    2

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by wolfi323 View Post
    But it is. Otherwise this bug wouldn't exist, and the fix wouldn't fix it...

    As mentioned I never used virt-manager myself, but AIUI it offers to "copy" the host's installation sources to a guest and install a fresh openSUSE system from those same repos.
    At least that's how I understand the comment I quoted.
    On the face of it,
    That makes no sense since a Guest or Container is typically created to explore an environment different than the Host (Well, at least except for the philosophy of "old" LXC installed and managed by YAST which hardly supported running anything except a clone of the Host and not libvirt which AFAIK is a fundamentally different approach to management).

    Which is why I've been trying to hard to find some kind of published source but unable to do so at the moment.
    Unless there is a reason I can't think of at the moment, IMO the proper fix should be to remove, not patch.

    TSU

  7. #27

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by tsu2 View Post
    On the face of it,
    That makes no sense
    Well, tell that to the openSUSE maintainers.

    Apparently it does make sense to them, otherwise that feature wouldn't have been added as an openSUSE specific patch.

  8. #28

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by wolfi323 View Post
    How is being able to install security updates a security issue? It would more be a security issue if you do not install them.
    Yes but I guess it depends. If the repo (especially unofficial one) is hacked and a non-expert installs updates which an expert would not... I have read some stories of such cases.
    In earlier versions (12.x, 11.x) I remember I was asked to enter root password when installing updates through apper. I may look into what you explained later. Thanks!

  9. #29
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,058
    Blog Entries
    2

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by wolfi323 View Post
    Well, tell that to the openSUSE maintainers.

    Apparently it does make sense to them, otherwise that feature wouldn't have been added as an openSUSE specific patch.
    As a last resort.
    Usually I try to exhaust all options trying to evaluate something myself before I start bothering someone else who probably has better things to do than respond to unresearched speculation.

    TSU

  10. #30

    Default Re: virt-manager throws an error after downgrade from Tumbleweed to 13.2

    Quote Originally Posted by heyjoe View Post
    Yes but I guess it depends. If the repo (especially unofficial one) is hacked and a non-expert installs updates which an expert would not... I have read some stories of such cases.
    If a repo is hacked, Apper should not allow you to install any updates at all, because the checksums/hashes/keys don't match.

    And how would it make a difference whether you are asked for the root password or not in such a case?
    How would an "expert" know that the repo is hacked?

    In earlier versions (12.x, 11.x) I remember I was asked to enter root password when installing updates through apper.
    11.x didn't even have Apper, that was introduced in 12.1 as successor to kpackagekit. Before that openSUSE's own kupdateapplet was used which used the command line zypper command to check for and install updates and therefore needed the root password (although a PackageKit backend was available too in the later versions).

    I just had a look, the default was changed to allow PackageKit to install updates without entering the root password in 12.2.
    And it was a conscious decision by the security team.
    This is the changelog entry btw:
    Code:
    * Thu Jul 12 2012 meissner@suse.com
    
    - allow logged in users to update the system via online updates. bnc#771189
    And that's the corresponding bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=771189

    If you don't want that, you could of course also uninstall PackageKit, then the only way to install updates is YaST and zypper which both need to be started as root (and therefore need the user to enter the root password).

    Btw, regarding polkit: the rule that controls installing updates is "org.freedesktop.packagekit.system-update". Add this to /etc/polkit-default-privs.local (and run "sudo /sbin/set_polkit_default_privs" to apply the change) to only allow installing updates after entering the root password:
    Code:
    org.freedesktop.packagekit.system-update auth_admin
    Last edited by wolfi323; 10-Jul-2015 at 10:19.

Page 3 of 6 FirstFirst 12345 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •