commit f25455d2d48d20f6086effe47971ed439cee2cc5 Author: Richard Hughes Date: Thu Jun 6 13:10:58 2013 +0100 systemd-updates: Do not exit with an error for a race condition The daemon plugin pk-plugin-systemd-update deletes the /var/lib/PackageKit/prepared-update file if any transaction is done that affects the prepared state. This includes the offline-update process itself. If the daemon deletes the file before the pk-offline-update process tries to do it a warning is shown and the systemd unit fails. diff --git a/contrib/systemd-updates/pk-offline-update.c b/contrib/systemd-updates/pk-offline-update.c index 8678959..7b8d812 100644 --- a/contrib/systemd-updates/pk-offline-update.c +++ b/contrib/systemd-updates/pk-offline-update.c @@ -500,16 +500,20 @@ main (int argc, char *argv[]) pk_progress_bar_end (progressbar); pk_offline_update_write_results (results); - /* delete prepared-update file */ + /* delete prepared-update file if it's not already been done by the + * pk-plugin-systemd-update daemon plugin */ file = g_file_new_for_path (PK_OFFLINE_PREPARED_UPDATE_FILENAME); ret = g_file_delete (file, NULL, &error); if (!ret) { - retval = EXIT_FAILURE; - g_warning ("failed to delete %s: %s", - PK_OFFLINE_PREPARED_UPDATE_FILENAME, - error->message); - g_error_free (error); - goto out; + if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND)) { + retval = EXIT_FAILURE; + g_warning ("failed to delete %s: %s", + PK_OFFLINE_PREPARED_UPDATE_FILENAME, + error->message); + g_error_free (error); + goto out; + } + g_clear_error (&error); } retval = EXIT_SUCCESS; commit 3eb921f2ddbe94dc5b180522b8aa5a057dd6eac2 Author: Richard Hughes Date: Thu May 23 15:06:41 2013 +0100 Raise the package process threshold to 5000 TeXLive has officially jumped the shark, and it's quite plausible to have > 2500 updates in one transaction now. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=894731 diff --git a/etc/PackageKit.conf.in b/etc/PackageKit.conf.in index 3440be5..c09c8d2 100644 --- a/etc/PackageKit.conf.in +++ b/etc/PackageKit.conf.in @@ -228,8 +228,8 @@ MaximumItemsToResolve=1200 # Setting this lower decreases the risk of a local denial of service, but may # cause errors if the desktop client is trying to do a large transaction. # -# default=2500 -MaximumPackagesToProcess=2500 +# default=5000 +MaximumPackagesToProcess=5000 # How long the transaction is valid before it's destroyed, in seconds # commit cac9936e0950831905039c25f4b8e25ee4db3ce1 Author: Richard Hughes Date: Thu Jun 13 13:05:07 2013 +0100 yum: Use yb.downloadPkgs() to download updates There were two bugs here: - Using repo.getPackage() did not check the package checksum, only the size, so it was possible to download a corrupt package and then not be able to apply the updates - By restricting to TS_UPDATE and TS_INSTALL we were ignoring any package that was obsoleting another which could miss out packages. Many thanks to Zdenek Pavlas for all the help in finding these issues. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=968936 diff --git a/backends/yum/yumBackend.py b/backends/yum/yumBackend.py index 289f10f..49a0f7b 100755 --- a/backends/yum/yumBackend.py +++ b/backends/yum/yumBackend.py @@ -2365,22 +2365,16 @@ class PackageKitYumBackend(PackageKitBaseBackend, PackagekitPackage): self.percentage(100) return + # just download packages ready for the actual transaction if TRANSACTION_FLAG_ONLY_DOWNLOAD in transaction_flags: - package_list = [] for txmbr in self.yumbase.tsInfo: - if txmbr.output_state in (TS_UPDATE, TS_INSTALL): - self._show_package(txmbr.po, INFO_DOWNLOADING) - repo = self.yumbase.repos.getRepo(txmbr.po.repoid) + if txmbr.output_state in TS_INSTALL_STATES: try: - path = repo.getPackage(txmbr.po) - except yum.Errors.RepoError, e: - self.error(ERROR_PACKAGE_DOWNLOAD_FAILED, "Cannot download file: %s" % _to_unicode(e), exit=False) - return - except IOError, e: - self.error(ERROR_PACKAGE_DOWNLOAD_FAILED, "Cannot write to file: %s" % _to_unicode(e), exit=False) - return + self._show_package(txmbr.po, INFO_DOWNLOADING) + self.yumbase.downloadPkgs([txmbr.po]) except Exception, e: - raise PkError(ERROR_INTERNAL_ERROR, _format_str(traceback.format_exc())) + self.error(ERROR_PACKAGE_DOWNLOAD_FAILED, "Cannot download packages: %s" % _to_unicode(e), exit=False) + return self.percentage(100) return From b78af414daf2176aac74540039b341a3e4e49412 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Tue, 28 May 2013 14:34:59 +0100 Subject: [PATCH] Allow local active users in the wheel group to install signed packages without a password --- contrib/PackageKit.spec.in | 1 + policy/Makefile.am | 5 +++++ policy/org.freedesktop.packagekit.policy.in | 2 +- policy/org.freedesktop.packagekit.rules | 7 +++++++ 4 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 policy/org.freedesktop.packagekit.rules diff --git a/policy/Makefile.am b/policy/Makefile.am index ebb7808..6babe33 100644 --- a/policy/Makefile.am +++ b/policy/Makefile.am @@ -2,6 +2,11 @@ NULL = if SECURITY_TYPE_POLKIT +polkit_rulesdir = $(datadir)/polkit-1/rules.d +dist_polkit_rules_DATA = \ + org.freedesktop.packagekit.rules \ + $(NULL) + polkit_policydir = $(datadir)/polkit-1/actions dist_polkit_policy_DATA = \ org.freedesktop.packagekit.policy \ diff --git a/policy/org.freedesktop.packagekit.policy.in b/policy/org.freedesktop.packagekit.policy.in index 28ab3b1..19cdd20 100644 --- a/policy/org.freedesktop.packagekit.policy.in +++ b/policy/org.freedesktop.packagekit.policy.in @@ -42,7 +42,7 @@ no no - yes + auth_admin_keep diff --git a/policy/org.freedesktop.packagekit.rules b/policy/org.freedesktop.packagekit.rules new file mode 100644 index 0000000..6a1c8a7 --- /dev/null +++ b/policy/org.freedesktop.packagekit.rules @@ -0,0 +1,7 @@ +polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.packagekit.package-install" && + subject.active == true && subject.local == true && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } +}); -- 1.8.2.1