Bug 20751 - mgaapplet configuration problem. logs check
Summary: mgaapplet configuration problem. logs check
Status: REOPENED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Mageia tools maintainers
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-04-29 10:29 CEST by Antonin Roussel
Modified: 2021-08-18 20:28 CEST (History)
3 users (show)

See Also:
Source RPM: mgaonline-3.20-1.mga6.src.rpm
CVE:
Status comment:


Attachments
mgaapplet: Computing new updates -then- Failed to open urpmi database (3.14 KB, text/plain)
2017-04-29 10:34 CEST, Antonin Roussel
Details
mgaapplet: Computing new updates -then- Failed to open urpmi database (4.87 KB, text/plain)
2017-04-29 10:36 CEST, Antonin Roussel
Details
mgaapplet: Computing new updates -then- Failed to open urpmi database (4.87 KB, text/plain)
2017-04-29 16:56 CEST, Antonin Roussel
Details

Description Antonin Roussel 2017-04-29 10:29:39 CEST
Description of problem:
mgaapplet failed to see updates


Version-Release number of selected component (if applicable):


How reproducible:
Every time

Steps to Reproduce:
1. on mgaaplet icon, Check for update availability
2. Fatal error alert window -> click OK
3. on mgaapplet icon, read "Problème de configuration du service. Merci de vérifier dans les journaux et de contacter %s."
Comment 1 Antonin Roussel 2017-04-29 10:34:35 CEST
Created attachment 9237 [details]
mgaapplet: Computing new updates -then- Failed to open urpmi database
Comment 2 Antonin Roussel 2017-04-29 10:36:20 CEST
Created attachment 9238 [details]
mgaapplet: Computing new updates -then- Failed to open urpmi database

journalctl -af

Attachment 9237 is obsolete: 0 => 1

Antonin Roussel 2017-04-29 10:38:21 CEST

CC: (none) => antonin.roussel

Comment 3 Antonin Roussel 2017-04-29 10:44:58 CEST
looks close to :
bug 9911 - mga-applet is failing to notify regarding updates
bug 12796 - Possible bug in mgaapplet-update-checker
Rémi Verschelde 2017-04-29 10:46:51 CEST

Assignee: bugsquad => mageiatools
CC: (none) => LpSolit

Comment 4 Frédéric "LpSolit" Buclin 2017-04-29 14:43:48 CEST
What's the error message displayed in the error window?
Comment 5 Antonin Roussel 2017-04-29 16:43:41 CEST
error window should be for "Failed to open urpmi database"
Erreur fatale
Une erreur fatale est survenue : impossible d'ouvrir la base de donnée rpm.
                               OK
Comment 6 Antonin Roussel 2017-04-29 16:56:35 CEST
Created attachment 9239 [details]
mgaapplet: Computing new updates -then- Failed to open urpmi database

Attachment 9238 is obsolete: 0 => 1

Frédéric "LpSolit" Buclin 2017-10-08 15:28:40 CEST

CC: LpSolit => (none)

Comment 7 Antonin Roussel 2021-08-18 10:54:41 CEST
This is an "out of the box" configuration problem, when installing mageia system in secure mode (instead of standard).

By default, msec is maintaining permissions of file /var/lib/rpm/Packages as follow : rpm rpm 640. Which make it unreadable by mgaapplet run by user.

To solve this, a msec customized rule can be added :
/var/lib/rpm/Packages rpm rpm 644

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 8 papoteur 2021-08-18 13:41:49 CEST
The rights 640 are explicitly defined in /etc/security/msec/perm.secure:

/var/lib/rpm/Packages				rpm.rpm			640

Thus, this has to be changed in msec source.

CC: (none) => yves.brungard_mageia
Resolution: FIXED => (none)
Status: RESOLVED => REOPENED

Comment 9 papoteur 2021-08-18 19:54:51 CEST
Adding David for security PoV

CC: (none) => luigiwalser

Comment 10 David Walser 2021-08-18 20:28:07 CEST
mgaapplet probably shouldn't be relying on being able to read the Packages file as user, but in secure mode, I think the thought generally is that you don't have regular users updating the system anyway.  The secure mode isn't really aimed at workstations, though it can be used on them (and I did so at my previous job) but it can cause some minor issues here and there.  I would suggest just having the system administrator update the system, or put the rule from Comment 7 in /etc/security/msec/perms.conf and run 'msecperms -e'

I'll let the Mageia tools maintainers decide if they want to fix mgaapplet to work without direct access to the rpm database, but if not, this can be closed.

Note You need to log in before you can comment on or make changes to this bug.