[zypp-devel] Mark reboot_needed patches as interactive

Dominik Heidler

23 May 2011 23 May '11

15:52

Hi, curently all patches with the rebootNeeded flag set to "yes" are automaticly treated as interactive. see https://bugzilla.novell.com/show_bug.cgi?id=665853 We should make this behaviour changeable via zypp.conf Any further suggestions? Dominik -- Dominik Heidler Maxfeldstr. 5, D-90409 Nuernberg, Germany Phone +49-911-74053-141 SUSE LINUX Products GmbH, Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) _________________________________________ ドミニク -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Show replies by date

Michael Andres

24 May 24 May

08:48

On Monday 23 May 2011 16:52:08 Dominik Heidler wrote:

...

Hi,

curently all patches with the rebootNeeded flag set to "yes" are automaticly treated as interactive. see https://bugzilla.novell.com/show_bug.cgi?id=665853

https://bugzilla.novell.com/show_bug.cgi?id=221476 https://bugzilla.novell.com/show_bug.cgi?id=224192 Yes, this is the behavior all stakeholders agreed on a couple of years ago.

...

We should make this behaviour changeable via zypp.conf Any further suggestions?

IMO nothing for a global zypp.conf setting, but something the application may control. AFAIR security team wanted to make sure security fixes which require a reboot are never installed unattended. Otherwise it may happen the security fix is installed, but the system is still vulnerable due to the missing reboot, And no admin knows about this. That's why we IMO should not change the default behavior. But zypper may get a new option which, in conjunction with non-interactive, causes 'rebootNeeded' patches to be included. And if such patches were actually included, zypper should print a BIG MESSAGE on the screen (best at the end and blinking yellow on red) # ###################################################################### # # One of installed patches required a reboot of the system! # # ###################################################################### In libzypp we can offer some 'Patch::isInteractive( REBOOT_OK )', so the application can easily get the right set of patches. (Anyway you need to involve the security/maintenance team to communicate that further on 'rebootNeeded' no longer implies 'interactive'. And if it is just to perevent anyone from placing some actually interactive script into such a patch.) -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres SUSE LINUX Products GmbH, Development, ma@suse.de GF:Jeff Hawn,Jennifer Guild,Felix Imendörffer, HRB16746(AG Nürnberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Duncan Mac-Vicar P.

25 May 25 May

08:34

On 05/24/2011 03:03 PM, bugzilla_noreply@novell.com wrote:

...

https://bugzilla.novell.com/show_bug.cgi?id=665853

https://bugzilla.novell.com/show_bug.cgi?id=665853#c4

Dominik Heidler changed:

What |Removed |Added

----------------------------------------------------------------------------

...

Status|ASSIGNED |RESOLVED Resolution| |FIXED

--- Comment #4 from Dominik Heidler 2011-05-24

13:03:57 UTC ---

...

I added an option to zypper called --reboot-not-interact When it is set, zypper won't treat patches with the reboot_required flag as interactive.

fixed in libzypp 9.2.0 (git commit c56a7818b8aa0a74ae1f27148cf76e666887c679) fixed in zypper 1.6.6 (git commit a68cb07f2eac295dc19d0a7fa3f1b9476e233b4b)

I am not sure about the name. --reboot-not-interact What about? --non-interactive-include-reboot or --non-interactive-include-reboot-patches It is not a common option, so it is better to make it explicit and clear. Also --reboot-not-interact does not follow any current option in terms of style and convention. We don't want zypper end like osc command line interface. -- Duncan Mac-Vicar P. - Novell® Making IT Work As One™ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Duncan Mac-Vicar P.

08:35

One question, how does this bug behaves if the user selected explicitly the reboot-flagged patch with --non-interactive? Does it trigger when the user does zypper patch in general and zypper selects the patches or also when the user explicitly selects the patch? Duncan -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Dominik Heidler

09:41

...

One question, how does this bug behaves if the user selected explicitly the reboot-flagged patch with --non-interactive? Does it trigger when the user does zypper patch in general and zypper selects the patches or also when the user explicitly selects the patch?

Duncan

You mean like this? zypper --non-interactive up -D -t patch kernel The option --non-interactive automaticly triggers --skip-interactive -- Dominik Heidler Maxfeldstr. 5, D-90409 Nuernberg, Germany Phone +49-911-74053-141 SUSE LINUX Products GmbH, Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) _________________________________________ ドミニク -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Duncan Mac-Vicar P.

10:30

On 05/25/2011 10:41 AM, Dominik Heidler wrote:

...

...
One question, how does this bug behaves if the user selected explicitly the reboot-flagged patch with --non-interactive? Does it trigger when the user does zypper patch in general and zypper selects the patches or also when the user explicitly selects the patch?

Duncan

You mean like this? zypper --non-interactive up -D -t patch kernel

The option --non-interactive automaticly triggers --skip-interactive

So if you install one reboot-flagged patch, it will be a NO-OP? -- Duncan Mac-Vicar P. - Novell® Making IT Work As One™ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Michael Andres

10:37

On Wednesday 25 May 2011 11:30:20 Duncan Mac-Vicar P. wrote:

...

On 05/25/2011 10:41 AM, Dominik Heidler wrote:

...
You mean like this? zypper --non-interactive up -D -t patch kernel

The option --non-interactive automaticly triggers --skip-interactive

So if you install one reboot-flagged patch, it will be a NO-OP?

But with --non-interactive-include-reboot it has to install the patch or zypper needs more fixing. -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres SUSE LINUX Products GmbH, Development, ma@suse.de GF:Jeff Hawn,Jennifer Guild,Felix Imendörffer, HRB16746(AG Nürnberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Dominik Heidler

10:41

# zypper --non-interactive up -D -t patch kernel Loading repository data... Reading installed packages... Warning: Patch 'kernel-4437' is interactive, skipping. Resolving package dependencies... Nothing to do. # zypper --non-interactive-include-reboot-patches --non-interactive up -D -t patch kernel Loading repository data... Reading installed packages... Resolving package dependencies... The following NEW patch is going to be installed: kernel The following packages are going to be upgraded: kernel-desktop preload-kmp-desktop 2 packages to upgrade. Overall download size: 35.4 MiB. After the operation, additional 36.0 KiB will be used. Continue? [y/n/?] (y): y Warning: One of installed patches requires reboot of your machine. Reboot as soon as possible. -- Dominik Heidler Maxfeldstr. 5, D-90409 Nuernberg, Germany Phone +49-911-74053-141 SUSE LINUX Products GmbH, Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) _________________________________________ ドミニク -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

Dominik Heidler

09:30

...

On 05/24/2011 03:03 PM, bugzilla_noreply@novell.com wrote:

...
https://bugzilla.novell.com/show_bug.cgi?id=665853

https://bugzilla.novell.com/show_bug.cgi?id=665853#c4

Dominik Heidler changed:

What |Removed |Added

----------------------------------------------------------------------------

...
Status|ASSIGNED |RESOLVED Resolution| |FIXED

--- Comment #4 from Dominik Heidler 2011-05-24

13:03:57 UTC ---

...
I added an option to zypper called --reboot-not-interact When it is set, zypper won't treat patches with the reboot_required flag as interactive.

fixed in libzypp 9.2.0 (git commit c56a7818b8aa0a74ae1f27148cf76e666887c679) fixed in zypper 1.6.6 (git commit a68cb07f2eac295dc19d0a7fa3f1b9476e233b4b)

I am not sure about the name.

--reboot-not-interact

What about?

--non-interactive-include-reboot or --non-interactive-include-reboot-patches

It is not a common option, so it is better to make it explicit and clear. Also --reboot-not-interact does not follow any current option in terms of style and convention.

We don't want zypper end like osc command line interface.

I changed the option to --non-interactive-include-reboot-patches -- Dominik Heidler Maxfeldstr. 5, D-90409 Nuernberg, Germany Phone +49-911-74053-141 SUSE LINUX Products GmbH, Nuernberg GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) _________________________________________ ドミニク -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org

4724

Age (days ago)

4726

Last active (days ago)

List overview

Download

8 comments

3 participants

participants (3)

Dominik Heidler
Duncan Mac-Vicar P.
Michael Andres

[zypp-devel] Mark reboot_needed patches as interactive

tags

participants (3)