Mailinglist Archive: opensuse-features (518 mails)

< Previous Next >
[openFATE 307787] Protection against modifying of system libraries
  • From: fate_noreply@xxxxxxx
  • Date: Mon, 16 Aug 2010 02:51:55 +0200 (CEST)
  • Message-id: <feature-307787-8@xxxxxxxxxxxxxx>
Feature changed by: Otso Rajala (daedaluz)
Feature #307787, revision 8
Title: Protection against modifying of system libraries

Hackweek V: Unconfirmed
Requester: Mandatory

openSUSE-11.3: Unconfirmed
Requester: Important

openSUSE-11.4: Unconfirmed
Requester: Mandatory

Requested by: Mircea Kitsune (mirceakitsune)

A few days ago I made a mistake that caused me to brake my KDE and
Linux installation. Although the fault was mine, I believe OpenSuse
should have a protection against dangerous system changes or at least
signal the user clearly when a change to system packages could damage
important components.
What I did was upgrading Pidgin messenger from version 2.5.1 to 2.6.2,
but selecting the 32bit version from repository instead of the 64bit
one (the installed 2.5.1 was the correct 64bit version). I didn't
realize it and Yast replaced KDE and system libraries with 32bit
versions. OpenSuse did not notify me that I would replace and brake
system components, and everything appeared like a normal installation.
Although I learned from my mistake and should have better reviewed the
list of changes, I believe OpenSuse should have not allowed such a
change rather than letting it seem like a normal installation. This is
dangerous for new users who may not be aware of such dangers and only
learn after braking their first OpenSuse install.

Test Case:
On a 64bit version of OpenSuse 11.1 KDE4 which has Pidgin 2.5.1-x.x-
x86_64 installed:
1 - Open Yast -> Software Management, and add the following repository
in Configuration -> Repositories:
2 - Refresh it then return to the search screen and search for Pidgin.
Select pidgin from the packet list and in the Versions tab below select
"2.6.2-x.x-i586 from gnome-repo" and click Accept.
3 - A conflict window will appear, mentioning you can either take some
actions to resolve the conflict, not install pidgin, or ignore some of
its dependencies. Under "Following actions will be done" there is a
"369 more" list which includes important system libs that would be
changed with 32bit versions.
4 - If the user is a Linux beginner and has commonly avoided such
conflict windows, he may not give enough attention to this nor realize
he has selected the i586 version and choose to replace the libraries.
Once installation is done KDE and Linux core components are broken and
the OpenSuse installation damaged.
This is an example screenshot (I have the correct version of 2.6.2
already installed, consider it's 2.5.1-x86_64 at the top):

#1: Michal Marek (michal-m) (2009-09-22 14:42:40)
The question is how such warning should be displayed, if the goal is to
catch attention of people who tend to ignore warnings in general...

+ #2: Otso Rajala (daedaluz) (2010-08-16 02:51:48)
+ Quick fix to problem: hide packages of differing architecture by
+ default in YaST. That way users are less prone to perform that kind of
+ fatal error, while maintaining the power and flexibility for advanced
+ users. Most apps relying on 32bit parts pull the remaining 32bit
+ dependencies automatically nevertheless.

openSUSE Feature:

< Previous Next >
This Thread