2011/4/1 Greg KH <gregkh@suse.de>:
On Fri, Apr 01, 2011 at 12:22:16PM -0400, Greg Freemyer wrote:
All,
Is there a simple way security updates can be tested to install cleanly on a Tumbleweed system?
Can we make that part of the process somehow?
No, that's not up to the security or maintance people, that's up to the tumbleweed developers.
== details
I just tried to do a YOU, but I get a conflict that a typical user should not have to face just because they're using Tumbleweed:
What's a "YOU"?
=== #### YaST2 conflicts list - generated 2011-04-01 11:29:43 ####
patch:python-virtualbox-4219.noarch conflicts with virtualbox-qt.x86_64 < 4.0.4-1.6.1 provided by virtualbox-qt-4.0.4-1.2.x86_64
What is causing this conflict? What is "python-virtualbox"? Does it not come from the main virtualbox repo? If not, it looks like just adding it to tumbleweed would resolve the issue, right?
openSUSE comes with python-virtualbox 4.0.4-1.2.3, and an update was released: python-virtualbox 4.0.4-1.6.1 No problem with these *packages*, but then there are the *patches*. Patches are something only ZYpp devs fully understand that are useful, if I understood it correctly, because provides a way to give more and better information to the user (multiple packages as a single security update, whether a reboot is needed, category, etc.). To make users update the python-virtualbox *package* to 4.0.4-1.6.1, the python-virtualbox 4219 *patch* is provided. These *patches* conflict with the old versions of the *packages*, so forcing the update. A "zypper info -t patch python-virtualbox" will show you: Conflicts: python-virtualbox.i586 < 4.0.4-1.6.1 python-virtualbox.x86_64 < 4.0.4-1.6.1 .... So it conflicts with the version from the openSUSE repo but doesn't conflict with the version from the updates repo. This works because who created the patch knew the version-release numbers of the packages in the main openSUSE repo and in the updates repo... but can break with any other repository. Has happened already with Packman a few times in the past. Tumbleweed provides python-virtualbox 4.0.4-1.2. That match the "python-virtualbox.<arch> < 4.0.4-1.6.1" conflict from the python-virtualbox 4219 *patch*. When you have the version from Tumbleweed installed and try to install the patch, ZYpp finds that: - It can't install python-virtualbox 4.0.4-1.6.1 from the updates repo since it would mean a vendor change - It can't install the patch since it conflicts with the version from the Tumbleweed repo The problem is those conflicts from patches are way too fragile. They are conflicting with the Tumbleweed version just by chance, since the release numbers have no real meaning inter-repo. Once Tumbleweed updates virtualbox to 4.0.5 the conflict will disappear (Tumbleweed could just artificially increase the release number now, but...) Anyway, the problem only happens if the users uses patches. Something that can be easily avoided: - zypper will only use patches with the "zypper up -t patch" command - if the updater applet is configured to not update packages it does the equivalent of a "zypper up -t patch"... not really sure if it does a "zypper up" or something more complex if it's configured to update packages (this is new from 11.4) - YOU uses patches (equivalent of "zypper up -t patch"), but somebody really uses YOU? To make it clear. You can avoid using patches and still get the updates from the updates repository, patches only give the extra pretty information. And for people that uses zypper to update its systems it's a lot more normal to run "zypper up" (equivalent of zypper up -t packages) than zypper up -t patch. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org