Kermit Mei wrote:

Marc and Stephanie Chamberlin wrote:

...

I am running SuSE 10.3 and am getting an update notification as described - This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability.

When I install it I get the following error message -

Repository 'openSUSE BuildService - KDE:Community' is invalid. Signature verification failed for repomd.xml Please, check if the URLs defined for this repository are pointing to a valid repository. Disabling repository 'openSUSE BuildService - KDE:Community' because of the above error. Repository 'openSUSE BuildService - Games (action)' is invalid. Signature verification failed for repomd.xml Please, check if the URLs defined for this repository are pointing to a valid repository. Disabling repository 'openSUSE BuildService - Games (action)' because of the above error. Repository 'openSUSE BuildService - KDE:Community' is invalid. Signature verification failed for repomd.xml Please, check if the URLs defined for this repository are pointing to a valid repository. Disabling repository 'openSUSE BuildService - KDE:Community' because of the above error. Error building the cache database: SQL logic error or missing database Disabling repository 'Packman Repository' because of the above error. Error building the cache database: SQL logic error or missing database Disabling repository 'VideoLan Repository' because of the above error. Error building the cache database: SQL logic error or missing database Disabling repository 'VideoLan Repository' because of the above error. Repository 'openSUSE BuildService - Games (action)' is invalid. Signature verification failed for repomd.xml Please, check if the URLs defined for this repository are pointing to a valid repository. Disabling repository 'openSUSE BuildService - Games (action)' because of the above error.

What the heck??? This has been working fine, what broke it? Inquiring minds are worried.... Marc...

Just look at here:

http://packages.opensuse-community.org/

8-)

I don't understand Kermit... All this gives me is a web page for searching for packages. It does not seem to have anything to do with the automatic online update service provided by Yast. All I want is to keep my system updated with the latest security fixes, updates to the software I have installed etc... I am not searching for anything in particular... Now this inquiring mind is confused... Marc... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org

On Thursday 31 January 2008 01:11:58 pm Marc Chamberlin wrote: [...]

So I restarted it, thinking perhaps I should import those keys as I feel I should be able to "trust" the repositories (or at least I think I should) When I got those error messages I told it to go ahead an import those keys... This time it got further but after a long delay it popped up another error message -

Those keys are new thing and everyone have to import them in order to use download.opensuse.org repositories. You can look in archives http://lists.opensuse.org mail list [opensuse-announce] for subject "Build Service Repositories Get New GPG Keys".

There was an error in the repository initialization. Record not found in the cache History: - SQL logic error or missing database

This one you want to remember: Delete /var/cache/zypp/zypp.db and start YaST or run 'zypper refresh' to create new database cache.

Gack! That sounds BAD! Now I am stuck on the SuSE 10.3 system and don't know what to do with it... I decided to compare this behavior with a 10.2 system I have on my laptop and try Basil's suggestion of updating everything there just to see if YaST is working OK there also... I started up the YaST Software Management tool and and it at least initialized itself ok from all the repositories. I then selected the zzz All group and told it to update everything if a newer version is available... That lead me into getting errors (which I have seen before but never know what to do about) such as

kipi-plugins-0.1-100.pm.2.x86_64[20080111-102132] cannot be installed due to missing dependencies There are no installable providers of libkdcraw.so.1()(64bit) for kipi-plugins-0.11.4-100.pm.2.x86_64[20080111-102132] Conflict Resolution

The Packman repositories here are installed, but disabled. I have similar problems during update recently, as I enabled them to download something, but forgot to disable again, so on next update it produced a lot of errors.

with choices following it that I do not understand or more importantly I don't understand what the consequences are of making each of the choices...

Who does? Package management software is there because it is MI (Mission Impossible) to find solution in real time.

(for example how do I know I won't break some other package if I choose to not update this one or to ignore the requirement here on a dependency this package has?) I have tried to make a guess and choose what I consider to be the "safest" one - do not install kipi-plugins but that only lead on to more and more of these missing dependencies errors, and after a few I decide it is best to abort and not do anything. (especially since I do not understand what it is I am being asked to do in making these choices in the first place!)

Normally this update process seems to work fine, but when it doesn't this poor user is at a complete loss as to what course of action should be taken.. Now I got to figure something is broken with both 10.2 and 10.3's update processes so I return to this news group and ask for more suggestions...

Packman out (disable) during regular updates.

Another question on the side I have, which I cannot find any info on... In the list of packages that the Software Manager shows me, some are color coded blue, some are red and most are black. What do the colors mean? I can find no legend explaining the colors.

Black = no new version Blue = there is new version Red = installed version is newer than available in repositories Means you installed something on your own.

Also some packages have a lock symbol on them which I understand means do not ever update that package??? But why are they locked? I NEVER told the Software Manager to lock anything and it seems odd that I should not be allowed to update some packages. How come these are being set this way without my permission?

See are they Packman files - they have pm in version string. I guess that is feature of 'YaST Software Management' to prevent some libraries to be updated with openSUSE versions that have no certain features that Packman versions have.

Don't I want to keep all my packages updated to the current/latest releases so as to get the latest bug fixes? (The Help - Symbols gives a hint but I still do not understand why these packages are being locked without my permission to lock them.)

Yes, but you see that you have to update Packman packages manually, one at the time, not bulk, as many with the same name are provided by openSUSE and than you get dependency errors, like above. You can try to imagine Packman repository as many single packages, some can be installed without problems, some not, they are not tested that they can work as a system, like openSUSE. They are often newer than those provided by openSUSE, but in some cases user has to find and install dependencies. That is the reason for advice to update one package at the time.

Inquiring minds are pesky I know... Marc...

Why? They are the best thing in the world. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org