Marcus Meissner wrote:
On Tue, Apr 22, 2008 at 01:36:16PM +0200, Jan Kupec wrote:
Hi,
so far, zypp-checkpatches-wrapper has been used in the updater applets to refresh repos (needs root access) and check for patches. This solution was not too flexible though and as there came a need to check also for package updates, Thomas added the xml-updates command to zypper directly. But that solution lacked the ability to do the suid refresh.
So with Thomas we agreed that we'll try a different approach: drop zypp-checkpatches-wrapper, use a new refresh-only suid wrapper and once called, use zypper query commands directly as normal non-root to do whathever queries you like (zypper --xmlout list-updates in the case of the updater applets).
The zypp-refresh and zypp-refresh-wrapper is fairly general thing then, so my question is whether we should package it in zypper package or directly in the libzypp package.
I'd also appreciate opinions on this solution.
@Security: zypp-refresh-wrapper will be much simpler than the previous zypp-checkpatches-wrapper, so this should be an increase in security, too.
An alternative would be to just do a dummy call to PackageKit for refreshing via dbus?
AFAIK, the choice is either a PackageKit backend for the applets, or zypper. It probably doesn't make much sense to mix these two.
But we are fine even with above setuid refresh approach. We would like to look at the sources though, once done.
Sure. j. -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org