Difference between revisions of "Talk:Yum-plugin-priorities"
m |
|||
| Line 1: | Line 1: | ||
| + | ==[[User:Mmccarn|Mmccarn]] 15:31, 22 November 2008 (UTC)== | ||
| + | ===perl-DBIx-DBSchema=== | ||
| + | Yes - I finally figured out that perl-DBIx-DBSchema was installed when I tried to install 'Resource Tracker' - they have their own repository.... | ||
| + | |||
| + | Clearly, we could choose to ignore this issue -- but just as clearly if we configure yum-plugin-priorities it will become possible to install 3rd party apps that later break yum. | ||
| + | |||
| + | In this case, perl-DBIx-DBSchema, which is ''not'' included with SME requires perl-DBIx-SearchBuilder which ''is'' included with SME - so the low priority repo locates and wants to update perl-DBIx-DBSchema, but the priorities plugin then prevents the install of the correct perl-DBIx-SearchBuilder. | ||
| + | |||
| + | We need | ||
| + | * a plugin, method, or option that blocks the update of packages from 3rd party repos if the new version requires a package that is included with SME / Centos that has not yet been updated. | ||
| + | * a way to notify users of the blocked updates so they can decide if the blocked update involves a security issue | ||
| + | * '''or''' documentation on how to work around this issue, along the lines of "observe the problem, identify the blocking package, update the blocking package independantly using the "--noplugins" option, then finish your update | ||
| + | |||
| + | ===Side note on security=== | ||
| + | A major reason that I use SME server is that I feel the developers are highly security conscious, and that if I keep a SME server relatively virgin it will remain secure. I don't have the knowledge, time or experience to evaluate every package available in Linux for its security exposure level. | ||
| + | |||
| + | Is there any easy way to scan a SME server, identify any installed packages that are not considered secure by the SME developers, then modify /etc/motd and add a note to server-manager stating that "unevaluated packages are installed"? | ||
| + | |||
| + | ===Installation=== | ||
| + | My "script" for modifying /etc/yum.conf is just my notes on how to make these changes easily and temporarily; I hadn't gotten around to making a custom template fragment yet... | ||
| + | |||
| + | ==[[User:Snoble|Snoble]] 09:37, 22 November 2008 (UTC)== | ||
You should be able to use my script on 7.3 to populate the db | You should be able to use my script on 7.3 to populate the db | ||
| Line 19: | Line 41: | ||
Installing for dependencies: | Installing for dependencies: | ||
perl-DBD-Pg i386 2.11.1-1.el4.rf dag 286 k | perl-DBD-Pg i386 2.11.1-1.el4.rf dag 286 k | ||
| − | |||
| − | |||
| − | |||
Revision as of 16:31, 22 November 2008
Mmccarn 15:31, 22 November 2008 (UTC)
perl-DBIx-DBSchema
Yes - I finally figured out that perl-DBIx-DBSchema was installed when I tried to install 'Resource Tracker' - they have their own repository....
Clearly, we could choose to ignore this issue -- but just as clearly if we configure yum-plugin-priorities it will become possible to install 3rd party apps that later break yum.
In this case, perl-DBIx-DBSchema, which is not included with SME requires perl-DBIx-SearchBuilder which is included with SME - so the low priority repo locates and wants to update perl-DBIx-DBSchema, but the priorities plugin then prevents the install of the correct perl-DBIx-SearchBuilder.
We need
- a plugin, method, or option that blocks the update of packages from 3rd party repos if the new version requires a package that is included with SME / Centos that has not yet been updated.
- a way to notify users of the blocked updates so they can decide if the blocked update involves a security issue
- or documentation on how to work around this issue, along the lines of "observe the problem, identify the blocking package, update the blocking package independantly using the "--noplugins" option, then finish your update
Side note on security
A major reason that I use SME server is that I feel the developers are highly security conscious, and that if I keep a SME server relatively virgin it will remain secure. I don't have the knowledge, time or experience to evaluate every package available in Linux for its security exposure level.
Is there any easy way to scan a SME server, identify any installed packages that are not considered secure by the SME developers, then modify /etc/motd and add a note to server-manager stating that "unevaluated packages are installed"?
Installation
My "script" for modifying /etc/yum.conf is just my notes on how to make these changes easily and temporarily; I hadn't gotten around to making a custom template fragment yet...
Snoble 09:37, 22 November 2008 (UTC)
You should be able to use my script on 7.3 to populate the db
only difference is there will be a different fragment to modify /etc/yum.conf/something
perl-DBIx-DBSchema is not installed by default, I don't have either of the below rpms installed
I tried to install with priority=10 and couldn't, same error as you
with priority=99 it would install
yum install --enablerepo=dag perl-DBIx-DBSchema ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: perl-DBIx-DBSchema noarch 0.36-1.el4.rf dag 70 k Installing for dependencies: perl-DBD-Pg i386 2.11.1-1.el4.rf dag 286 k
