Description of problem: mgaapplet failed to see updates Version-Release number of selected component (if applicable): How reproducible: Every time Steps to Reproduce: 1. on mgaaplet icon, Check for update availability 2. Fatal error alert window -> click OK 3. on mgaapplet icon, read "Problème de configuration du service. Merci de vérifier dans les journaux et de contacter %s."
Created attachment 9237 [details] mgaapplet: Computing new updates -then- Failed to open urpmi database
Created attachment 9238 [details] mgaapplet: Computing new updates -then- Failed to open urpmi database journalctl -af
Attachment 9237 is obsolete: 0 => 1
CC: (none) => antonin.roussel
looks close to : bug 9911 - mga-applet is failing to notify regarding updates bug 12796 - Possible bug in mgaapplet-update-checker
Assignee: bugsquad => mageiatoolsCC: (none) => LpSolit
What's the error message displayed in the error window?
error window should be for "Failed to open urpmi database" Erreur fatale Une erreur fatale est survenue : impossible d'ouvrir la base de donnée rpm. OK
Created attachment 9239 [details] mgaapplet: Computing new updates -then- Failed to open urpmi database
Attachment 9238 is obsolete: 0 => 1
CC: LpSolit => (none)
This is an "out of the box" configuration problem, when installing mageia system in secure mode (instead of standard). By default, msec is maintaining permissions of file /var/lib/rpm/Packages as follow : rpm rpm 640. Which make it unreadable by mgaapplet run by user. To solve this, a msec customized rule can be added : /var/lib/rpm/Packages rpm rpm 644
Status: NEW => RESOLVEDResolution: (none) => FIXED
The rights 640 are explicitly defined in /etc/security/msec/perm.secure: /var/lib/rpm/Packages rpm.rpm 640 Thus, this has to be changed in msec source.
CC: (none) => yves.brungard_mageiaResolution: FIXED => (none)Status: RESOLVED => REOPENED
Adding David for security PoV
CC: (none) => luigiwalser
mgaapplet probably shouldn't be relying on being able to read the Packages file as user, but in secure mode, I think the thought generally is that you don't have regular users updating the system anyway. The secure mode isn't really aimed at workstations, though it can be used on them (and I did so at my previous job) but it can cause some minor issues here and there. I would suggest just having the system administrator update the system, or put the rule from Comment 7 in /etc/security/msec/perms.conf and run 'msecperms -e' I'll let the Mageia tools maintainers decide if they want to fix mgaapplet to work without direct access to the rpm database, but if not, this can be closed.