[opensuse] zypper, how to avoid rpm --force
Hi, even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed. How could I avoid that? cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2012-11-15 15:59, Ruediger Meier wrote:
Hi,
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed. How could I avoid that?
I think you are mistaken. That conflict is detected before you press Y to go on with zypper propossal. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iF4EAREIAAYFAlClDkUACgkQja8UbcUWM1z2ZgD+NtY4ms2y37EWonqM8EK5l/YP QcM/bBey7n5kw43OrpsBAIWqi0KN59AIsjsx+eV3NdyiLlaa8KltzlSNax/pcfAd =AeGY -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thursday 15 November 2012, Carlos E. R. wrote:
On 2012-11-15 15:59, Ruediger Meier wrote:
Hi,
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed. How could I avoid that?
I think you are mistaken. That conflict is detected before you press Y to go on with zypper propossal.
-- Cheers / Saludos,
Carlos E. R. (from 11.4 x86_64 "Celadon" (Minas Tirith))
I have two conflicting packages here. rpm aborts with an error: ------- zappa:/tmp # rpm -Uvh libquickfix10-1.12.4-17.1.x86_64.rpm quickfix-1.12.4-0.rudi.6.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] file /usr/lib64/libquickfix.so.10.0.0 conflicts between attempted installs of libquickfix10-1.12.4-17.1.x86_64 and quickfix-1.12.4-0.rudi.6.x86_64 -------------- while zypper just installs it without any warning: ---------------- zappa:/tmp # zypper in libquickfix10-1.12.4-17.1.x86_64.rpm quickfix-1.12.4-0.rudi.6.x86_64.rpm Loading repository data... Reading installed packages... Resolving package dependencies... The following NEW packages are going to be installed: libquickfix10 quickfix 2 new packages to install. Overall download size: 3.1 MiB. After the operation, additional 26.8 MiB will be used. Continue? [y/n/?] (y): y Retrieving package quickfix-1.12.4-0.rudi.6.x86_64 (1/2), 2.7 MiB (24.9 MiB unpacked) Retrieving package libquickfix10-1.12.4-17.1.x86_64 (2/2), 370.0 KiB (1.9 MiB unpacked) Retrieving package quickfix-1.12.4-0.rudi.6.x86_64 (1/2), 2.7 MiB (24.9 MiB unpacked) Installing: quickfix-1.12.4-0.rudi.6 [done] Retrieving package libquickfix10-1.12.4-17.1.x86_64 (2/2), 370.0 KiB (1.9 MiB unpacked) Installing: libquickfix10-1.12.4-17.1 [done] ---------------- Now both seem to be installed: zappa:/tmp # rpm -qa |grep quickfix libquickfix10-1.12.4-17.1.x86_64 quickfix-1.12.4-0.rudi.6.x86_64 But this is of course not really true. BTW I find it strange that even rpm --verify does not notice the oddness. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Nov 15, 2012 at 03:59:26PM +0100, Ruediger Meier wrote:
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed.
(not random, but last one wins)
How could I avoid that?
You currently can't avoid it, it's one of the missing features in zypper. The underlying libsolv library already supports it, it "just" needs to be added to libzypp. (Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.) Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thursday 15 November 2012, Michael Schroeder wrote:
On Thu, Nov 15, 2012 at 03:59:26PM +0100, Ruediger Meier wrote:
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed.
(not random, but last one wins)
The last one regarding alphabetical order? Since package names are randomly choosen it is still random. ## see $ zypper in quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0 ## and $ zypper in libquickfix10-1.12.4-17.1.x86_64.rpm \ quickfix-1.12.4-0.rudi.6.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0 ## But rpm would respect the order of packages given in the commandline. $ rpm -Uvh --force quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:libquickfix10 ########################################### [ 50%] 2:quickfix ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 187d807f0bcc50633b35c31b28274927 /usr/lib64/libquickfix.so.10.0.0 $ rpm -Uvh --force libquickfix10-1.12.4-17.1.x86_64.rpm quickfix-1.12.4-0.rudi.6.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:quickfix ########################################### [ 50%] 2:libquickfix10 ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
How could I avoid that?
You currently can't avoid it, it's one of the missing features in zypper. The underlying libsolv library already supports it, it "just" needs to be added to libzypp.
(Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.)
I understand that it can't resolve these conflicts before downloading but I'd rather would like to see zypper aborting the installation after downloading than just using --force. What worth is the rpm database if "rpm --verify" does not show me broken files and "rpm -qa" is not comparable between two machines. I mean to compare two systems you would need to diff all installed files rather than the package list only. The current behavior only works at all because we have nice official repositories without conflicting packages. But isn't it one of rpm's key feature to protect our installation against broken repos and packages? cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2012-11-15 18:36, Ruediger Meier wrote:
On Thursday 15 November 2012, Michael Schroeder wrote:
(Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.)
I understand that it can't resolve these conflicts before downloading but I'd rather would like to see zypper aborting the installation after downloading than just using --force.
As I understand all checks are done before any package is downloaded, using the metadata that is downloaded first. That metadata has to contain all the necessary info to detect conflicts. Once the package download has started, it is too late, decisions are already made. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iF4EAREIAAYFAlClXt0ACgkQja8UbcUWM1xgqQD/YNeOi1tmFOaM3MTBcQVkkujJ YPjfhjcyGBgcu707K0IA/1QkffszLRuJZNYnN1YOqQ42DWGjP1v1K2ShIUPH1ZSe =LFcd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Nov 15, 2012 at 10:30:05PM +0100, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2012-11-15 18:36, Ruediger Meier wrote:
On Thursday 15 November 2012, Michael Schroeder wrote:
(Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.)
I understand that it can't resolve these conflicts before downloading but I'd rather would like to see zypper aborting the installation after downloading than just using --force.
As I understand all checks are done before any package is downloaded, using the metadata that is downloaded first. That metadata has to contain all the necessary info to detect conflicts. Once the package download has started, it is too late, decisions are already made.
That's true, but you can still abort the transaction with an error message and offer to re-run the solver. My little "solv" demo package manager from the libsolv-demo package does that. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Nov 15, 2012 at 06:36:59PM +0100, Ruediger Meier wrote:
On Thursday 15 November 2012, Michael Schroeder wrote:
On Thu, Nov 15, 2012 at 03:59:26PM +0100, Ruediger Meier wrote:
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed.
(not random, but last one wins)
The last one regarding alphabetical order? Since package names are randomly choosen it is still random.
No, the last one from the transaction.
## see $ zypper in quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
## and $ zypper in libquickfix10-1.12.4-17.1.x86_64.rpm \ quickfix-1.12.4-0.rudi.6.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
## But rpm would respect the order of packages given in the commandline.
In gerneral rpm doesn *not* respect the given order, it does a topolocical sort so that packages that depend on other to-be-installed packages are installed last.
$ rpm -Uvh --force quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:libquickfix10 ########################################### [ 50%] 2:quickfix ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 187d807f0bcc50633b35c31b28274927 /usr/lib64/libquickfix.so.10.0.0
$ rpm -Uvh --force libquickfix10-1.12.4-17.1.x86_64.rpm quickfix-1.12.4-0.rudi.6.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:quickfix ########################################### [ 50%] 2:libquickfix10 ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
I guess in that example quickfix can go first because libquickfix10 was already installed.
How could I avoid that?
You currently can't avoid it, it's one of the missing features in zypper. The underlying libsolv library already supports it, it "just" needs to be added to libzypp.
(Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.)
I understand that it can't resolve these conflicts before downloading but I'd rather would like to see zypper aborting the installation after downloading than just using --force.
No, it can only use --force if all the packages are installed in a single rpm transaction. If you do multiple calls to rpm, you have to - check for file conflicts before starting the transaction - use --force for every element in the transaction.
What worth is the rpm database if "rpm --verify" does not show me broken files and "rpm -qa" is not comparable between two machines. I mean to compare two systems you would need to diff all installed files rather than the package list only.
Yeah, I've always considered this to be a bug in rpm. (And I think this is fixed in rpm upstream.) rpm marks overwritten files as "replaced" and doesn't show them in rpm --verify.
The current behavior only works at all because we have nice official repositories without conflicting packages. But isn't it one of rpm's key feature to protect our installation against broken repos and packages?
Well yes, that's why file conflicts will be supported in libzypp in some upcoming version. (Note that the debian folks don't support file conflicts at all and they still manage to survive somehow.) Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday 16 November 2012, Michael Schroeder wrote:
On Thu, Nov 15, 2012 at 06:36:59PM +0100, Ruediger Meier wrote:
On Thursday 15 November 2012, Michael Schroeder wrote:
On Thu, Nov 15, 2012 at 03:59:26PM +0100, Ruediger Meier wrote:
even I've noticed that zypper seems to install with "rpm --force". This means that it does not abort if 2 packages have conflicting files and this results in having random files installed.
(not random, but last one wins)
The last one regarding alphabetical order? Since package names are randomly choosen it is still random.
No, the last one from the transaction.
## see $ zypper in quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
## and $ zypper in libquickfix10-1.12.4-17.1.x86_64.rpm \ quickfix-1.12.4-0.rudi.6.x86_64.rpm $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
## But rpm would respect the order of packages given in the commandline.
In gerneral rpm doesn *not* respect the given order, it does a topolocical sort so that packages that depend on other to-be-installed packages are installed last.
$ rpm -Uvh --force quickfix-1.12.4-0.rudi.6.x86_64.rpm libquickfix10-1.12.4-17.1.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:libquickfix10 ########################################### [ 50%] 2:quickfix ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 187d807f0bcc50633b35c31b28274927 /usr/lib64/libquickfix.so.10.0.0
$ rpm -Uvh --force libquickfix10-1.12.4-17.1.x86_64.rpm quickfix-1.12.4-0.rudi.6.x86_64.rpm warning: libquickfix10-1.12.4-17.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID b611872d: NOKEY Preparing... ########################################### [100%] 1:quickfix ########################################### [ 50%] 2:libquickfix10 ########################################### [100%] $ md5sum /usr/lib64/libquickfix.so.10.0.0 bc43e6e877d710a9a40cbdac23562fcb /usr/lib64/libquickfix.so.10.0.0
I guess in that example quickfix can go first because libquickfix10 was already installed.
No, I always uninstalled both ones between the runs.
How could I avoid that?
You currently can't avoid it, it's one of the missing features in zypper. The underlying libsolv library already supports it, it "just" needs to be added to libzypp.
(Note that zypper will nevertheless install with --force, at that time in the transaction it's too late to check for file conflicts. They need to get checked right after all packages are downloaded. This also means that conflict checking will not work with the old "DownloadAsNeeded" mode.)
I understand that it can't resolve these conflicts before downloading but I'd rather would like to see zypper aborting the installation after downloading than just using --force.
No, it can only use --force if all the packages are installed in a single rpm transaction. If you do multiple calls to rpm, you have to - check for file conflicts before starting the transaction - use --force for every element in the transaction.
Why not installing in a single rpm transaction? Or couldnt't it only use explicitely --replacepkgs,--replacefiles or --oldpackage in case it is really wanted/needed? Probably --replacefiles is never wanted by default
What worth is the rpm database if "rpm --verify" does not show me broken files and "rpm -qa" is not comparable between two machines. I mean to compare two systems you would need to diff all installed files rather than the package list only.
Yeah, I've always considered this to be a bug in rpm. (And I think this is fixed in rpm upstream.) rpm marks overwritten files as "replaced" and doesn't show them in rpm --verify.
How can I list all "replaced" files?
The current behavior only works at all because we have nice official repositories without conflicting packages. But isn't it one of rpm's key feature to protect our installation against broken repos and packages?
Well yes, that's why file conflicts will be supported in libzypp in some upcoming version.
It's nice that libzypp wants to solve it but IMO rpm should have the final word about it's database.
(Note that the debian folks don't support file conflicts at all and they still manage to survive somehow.)
Yeah, I could also survive with make install but I want to live easy. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Nov 16, 2012 at 12:58:32PM +0100, Ruediger Meier wrote:
On Friday 16 November 2012, Michael Schroeder wrote:
I guess in that example quickfix can go first because libquickfix10 was already installed.
No, I always uninstalled both ones between the runs.
Then there's probably a dependency loop between quickfix and libquickfix10.
No, it can only use --force if all the packages are installed in a single rpm transaction. If you do multiple calls to rpm, you have to - check for file conflicts before starting the transaction - use --force for every element in the transaction.
Why not installing in a single rpm transaction?
Well, we could (in fact Fedora does it that way). There are some cons, though. For example, libzypp offers to retry installation of a package if the install fails, AFAIK that doesn't work with a single transaction. Or the complete transaction will abort if rpm dies for some reason. Or that it's harder to install packages that rely on new rpm features, like a new compression type.
Yeah, I've always considered this to be a bug in rpm. (And I think this is fixed in rpm upstream.) rpm marks overwritten files as "replaced" and doesn't show them in rpm --verify.
How can I list all "replaced" files?
There's no direct way, but you can do: rpm -qa --qf "[%4{RPMTAG_FILESTATES:fstate} %{NAME} %{FILENAMES}\n]" | grep '^replaced' Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Jeff Hawn, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday 16 November 2012, Michael Schroeder wrote:
Why not installing in a single rpm transaction?
Well, we could (in fact Fedora does it that way). There are some cons, though. For example, libzypp offers to retry installation of a package if the install fails, AFAIK that doesn't work with a single transaction. Or the complete transaction will abort if rpm dies for some reason. Or that it's harder to install packages that rely on new rpm features, like a new compression type.
Maybe the way to go would be to implement an optional single-transaction mode (disabled per default). I'd like to test it in practice. Moreover "zypper in --dry-run" could also do "rpm --test".
How can I list all "replaced" files?
There's no direct way, but you can do:
rpm -qa --qf "[%4{RPMTAG_FILESTATES:fstate} %{NAME} %{FILENAMES}\n]" | grep '^replaced'
Thanks. Even checked some of my systems and found around 50-100 conflicting files on each one. I guess it would be much more if I would always use zypper instead of rpm when installing non-official rpms. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R. -
Michael Schroeder -
Ruediger Meier