Mailinglist Archive: zypp-devel (226 mails)

[Jan Kupec <jkupec@xxxxxxx>]

Marcus Meissner wrote:
> On Tue, Apr 22, 2008 at 01:36:16PM +0200, Jan Kupec wrote:
> > Hi,
> >
> > so far, zypp-checkpatches-wrapper has been used in the updater applets
> > to refresh repos (needs root access) and check for patches. This
> > solution was not too flexible though and as there came a need to check
> > also for package updates, Thomas added the xml-updates command to zypper
> > directly. But that solution lacked the ability to do the suid refresh.
> >
> > So with Thomas we agreed that we'll try a different approach: drop
> > zypp-checkpatches-wrapper, use a new refresh-only suid wrapper and once
> > called, use zypper query commands directly as normal non-root to do
> > whathever queries you like (zypper --xmlout list-updates in the case of
> > the updater applets).
> >
> > The zypp-refresh and zypp-refresh-wrapper is fairly general thing then,
> > so my question is whether we should package it in zypper package or
> > directly in the libzypp package.
> >
> > I'd also appreciate opinions on this solution.
> >
> > @Security: zypp-refresh-wrapper will be much simpler than the previous
> > zypp-checkpatches-wrapper, so this should be an increase in security, too.
>
> An alternative would be to just do a dummy call to PackageKit for refreshing
> via dbus?

AFAIK, the choice is either a PackageKit backend for the applets, or
zypper. It probably doesn't make much sense to mix these two.

> But we are fine even with above setuid refresh approach. We would like
> to look at the sources though, once done.

Sure.

j.
-- 
To unsubscribe, e-mail: zypp-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: zypp-devel+help@xxxxxxxxxxxx