"urpmq --list-media active" show what ?

Source RPM: (none) => mgaonline

# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)

The same problem occurs on Mga-3 :
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)

This message is a reminder that Mageia 2 is nearing its end of life.
Approximately one month from now Mageia will stop maintaining and issuing updates for Mageia 2. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '2'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 2's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 2 is end of life.  If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete.

-- 
The Mageia Bugsquad

This bug is still present in mga-4

Version: 3 => 4

Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan to 
fix it in a currently maintained version, simply change the 'version' to a later 
Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't 
able to fix it before Mageia 4's end of life. If you are able to reproduce it 
against a later version of Mageia, you are encouraged to click on "Version" and 
change it against that version of Mageia. If it's valid in several versions, 
select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.

Although we aim to fix as many bugs as possible during every release's lifetime, 
sometimes those efforts are overtaken by events. Often a more recent Mageia 
release includes newer upstream software that fixes bugs or makes them obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/

This bug is still present in mga-5

Version: 4 => 5

Thierry, do you know what could trigger this issue, or what debug info could be useful to investigate?

CC: (none) => thierry.vignaud

Hi Christian
I have never seen this, would you please give some more details. What desktop are you using? What is the applet?

CC: (none) => nic
Keywords: (none) => NEEDINFO

I use KDE.
I don't know what is the applet.
I have 2 PCs under mga-5 x86_64 that show this same problem.
I have 1 PC under mga-5 i586 that works correctly.

Created attachment 7390 [details]
The task bar with the message

sometimes, a little box displays and says that there's no update repository configured and I have to add one

(In reply to Christian CHEVALIER from comment #11)
> Created attachment 7390 [details]
> The task bar with the message
> 
> sometimes, a little box displays and says that there's no update repository
> configured and I have to add one

So you _never_ see the red round icon with white ! in it, to tell you that there are updates available?

If indeed never, then please attach 

    /etc/urpmi/urpmi.cfg


(You might in that case also want to check this MCC screen:
http://doc.mageia.org/mcc/5/fr/content/drakrpm-edit-media.html

The following sources need have a tick in the Updates (Mise à jour, M.à.j.) column:

Core Updates
Nonfree Updates
Tainted Updates )


However, if you do sometimes see the orange icon with question mark, and other times the red icon with exclamation mark, then please attach red.txt and orange.txt that are the result of (as root)
when you see the orange icon:

   journalctl -b > orange. txt

when you see the red icon:

   journalctl -b > red.txt

CC: (none) => marja11

Created attachment 7469 [details]
/etc/urpmi/urpmi.cfg

no, I never see the red round icon with white ! in it

Created attachment 7470 [details]
My MCC configuration

urpmi.cfg shows you have 32bit medias disabled on the 64bit system. If this was done post-installation then it's possible you have some 32bit libraries installed which require them to be enabled to be able to update.

CC: (none) => eeeemail

To show your active medias in a terminal use..

$ urpmq --list-media active


eg.
$ urpmq --list-media active
Core Release
Core Updates
Nonfree Release
Nonfree Updates
Tainted Release
Tainted Updates
Core 32bit Release
Core 32bit Updates
Nonfree 32bit Release
Nonfree 32bit Updates
Tainted 32bit Release
Tainted 32bit Updates

# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)

I have wine 32bit installed. So I added the updates repositories and now :
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Core 32bit Updates (distrib32)
Nonfree 32bit Updates (distrib37)
Tainted 32bit Updates (distrib42)

Assuming enabling 32bit repos did indeed the problem, so that the icon was correct to ask to add a repository.

Closing.

Feel free to reopen if my assumption is wrong.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

I disabled 32bit repos and the problem is still here.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

Created attachment 7732 [details]
The box that open periodically

Moreover, when I click the button add (Ajouter) on this box, nothing happens and the button disappear.

(In reply to Marja van Waes from comment #18)
> Assuming enabling 32bit repos did indeed the problem, so that the icon was
> correct to ask to add a repository.

Sorry, Christian, for the confusion, I forgot a word there, it should have been:

Assuming enabling 32bit repos did indeed _solve_ the problem, so that the icon was correct to ask to add a repository.

32bit repos need to be enabled, because you have 32bits packages installed.

Again closing. 


(In reply to Christian CHEVALIER from comment #20)

> 
> Moreover, when I click the button add (Ajouter) on this box, nothing happens
> and the button disappear.

Thanks, that's another symptom of bug 15341
I added your information to it

Status: REOPENED => RESOLVED
Resolution: (none) => INVALID

Well, I thought I had posted a message but it isn't here.
I enabled the 32 bit repository :

# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Core 32bit Release (distrib31)
Core 32bit Updates (distrib32)
Nonfree 32bit Release (distrib36)
Nonfree 32bit Updates (distrib37)
Tainted 32bit Release (distrib41)
Tainted 32bit Updates (distrib42)

and the problem is still there.

Otherwise, as I said before, when I click the button add on this box, nothing happens and the button disappear. this is rather strange for a button supposed adding a repository !

So the problem is not resolved and I have to reopen it.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

(In reply to Christian CHEVALIER from comment #22)
> Well, I thought I had posted a message but it isn't here.
> I enabled the 32 bit repository :
> 
> # urpmq --list-media active
> Core Release (distrib1)
> Core Updates (distrib3)
> Nonfree Release (distrib11)
> Nonfree Updates (distrib13)
> Tainted Release (distrib21)
> Tainted Updates (distrib23)
> Core 32bit Release (distrib31)
> Core 32bit Updates (distrib32)
> Nonfree 32bit Release (distrib36)
> Nonfree 32bit Updates (distrib37)
> Tainted 32bit Release (distrib41)
> Tainted 32bit Updates (distrib42)
> 
> and the problem is still there.

@ Christian

For this problem, can you please _attach_ your

  /etc/urpmi/urpmi.cfg

> 
> Otherwise, as I said before, when I click the button add on this box,
> nothing happens and the button disappear. this is rather strange for a
> button supposed adding a repository !

As said before, that is bug 15341

It is very unlikely that the two problems are related, so they need to be handled in two different bug reports.

Assignee: bugsquad => thierry.vignaud

Created attachment 7735 [details]
my /etc/urpmi/urpmi.cfg

# cat /etc/urpmi/urpmi.cfg
{
}

Core\ Release cdrom://x86_64/media/core {
  ignore
  key-ids: 80420f66
}

Nonfree\ Release cdrom://x86_64/media/nonfree {
  ignore
  key-ids: 80420f66
}

Core\ Release\ (distrib1)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/release
}

Core\ Release\ Debug\ (distrib2)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/release
}

Core\ Updates\ (distrib3)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/core/updates
}

Core\ Updates\ Debug\ (distrib4)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/updates
}

Core\ Updates\ Testing\ (distrib5)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/updates_testing
}

Core\ Updates\ Testing\ Debug\ (distrib6)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/updates_testing
}

Core\ Backports\ (distrib7)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/backports
}

Core\ Backports\ Debug\ (distrib8)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/backports
}

Core\ Backports\ Testing\ (distrib9)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/backports_testing
}

Core\ Backports\ Testing\ Debug\ (distrib10)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/backports_testing
}

Nonfree\ Release\ (distrib11)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/release
}

Nonfree\ Release\ Debug\ (distrib12)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/release
}

Nonfree\ Updates\ (distrib13)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/nonfree/updates
}

Nonfree\ Updates\ Debug\ (distrib14)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/updates
}

Nonfree\ Updates\ Testing\ (distrib15)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/updates_testing
}

Nonfree\ Updates\ Testing\ Debug\ (distrib16)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/updates_testing
}

Nonfree\ Backports\ (distrib17)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/backports
}

Nonfree\ Backports\ Debug\ (distrib18)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/backports
}

Nonfree\ Backports\ Testing\ (distrib19)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/backports_testing
}

Nonfree\ Backports\ Testing\ Debug\ (distrib20)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/backports_testing
}

Tainted\ Release\ (distrib21)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/release
}

Tainted\ Release\ Debug\ (distrib22)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/release
}

Tainted\ Updates\ (distrib23)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/tainted/updates
}

Tainted\ Updates\ Debug\ (distrib24)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/updates
}

Tainted\ Updates\ Testing\ (distrib25)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/updates_testing
}

Tainted\ Updates\ Testing\ Debug\ (distrib26)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/updates_testing
}

Tainted\ Backports\ (distrib27)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/backports
}

Tainted\ Backports\ Debug\ (distrib28)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/backports
}

Tainted\ Backports\ Testing\ (distrib29)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/backports_testing
}

Tainted\ Backports\ Testing\ Debug\ (distrib30)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/backports_testing
}

Core\ 32bit\ Release\ (distrib31)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/release
}

Core\ 32bit\ Updates\ (distrib32)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/core/updates
}

Core\ 32bit\ Updates\ Testing\ (distrib33)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/updates_testing
}

Core\ 32bit\ Backports\ (distrib34)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/backports
}

Core\ 32bit\ Backports\ Testing\ (distrib35)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/backports_testing
}

Nonfree\ 32bit\ Release\ (distrib36)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/release
}

Nonfree\ 32bit\ Updates\ (distrib37)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/nonfree/updates
}

Nonfree\ 32bit\ Updates\ Testing\ (distrib38)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/updates_testing
}

Nonfree\ 32bit\ Backports\ (distrib39)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/backports
}

Nonfree\ 32bit\ Backports\ Testing\ (distrib40)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/backports_testing
}

Tainted\ 32bit\ Release\ (distrib41)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/release
}

Tainted\ 32bit\ Updates\ (distrib42)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/tainted/updates
}

Tainted\ 32bit\ Updates\ Testing\ (distrib43)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/updates_testing
}

Tainted\ 32bit\ Backports\ (distrib44)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/backports
}

Tainted\ 32bit\ Backports\ Testing\ (distrib45)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/backports_testing
}

I looked into the code called by mgaapplet and mgaapplet-update-checker and found several locations where the program fails.
It is always a problem of read permissions by mgaapplet and mgaapplet-update-checker processes.
The concerned files were :
/etc/urpmi/urpmi.cfg which was -rw-------
/var/lib/urpmi/* which was drwx------ or -rw-------
/etc/urpmi/proxy.cfg which was -rw-------
/var/cache/urpmi/mirrors.cache which was -rw-------

After restoring the permissions -rw-r--r-- on files and drwxr-xr-x on directories, the applet runs correctly, finds the repositories and displays the red icon in the task bar when updates are available.

But when the MCC is run and "Configure media sources for install and update" is opened and closed, /etc/urpmi/urpmi.cfg is reset at -rw-------.
If a new media list is loaded, /var/lib/urpmi/* is reset at drwx------ or -rw-------

Christian, when you run this command from a console, what's the output?

perl -wE 'say sprintf("%03o", umask())'

Please run this command from your own account and as root, for comparison. If you get 077, then you have your explanation.

$ perl -wE 'say sprintf("%03o", umask())'
077
# perl -wE 'say sprintf("%03o", umask())'
022

I think a root umask=077 could have been responsible of the wrong permissions of urpmi files but it is not the case.

However, when the MCC is run from a konsole, it inherits its umask=022.
But when it is started from the taskbar, after root authentication, the umask displayed by drakconf is 077 !

type: umask 022 from your account and the problem should go away.

It is not a solution.
Any user should have the possibility to set his umask to any value without interfering with the administration tools.
I think it's a bug that should be fixed !

Moreover, the umask policy setting is not clear when drakconf is started from the taskbar. Its value tested at line 44 of /usr/libexec/drakconf gives :
user umask=077 -> drakconf umask=077
but
user umask=022 -> drakconf umask=002

Who has modified it ?

(In reply to Christian CHEVALIER from comment #30)
> It is not a solution.
> Any user should have the possibility to set his umask to any value without
> interfering with the administration tools.
> I think it's a bug that should be fixed !

Yes, sure. I didn't mean this wasn't a bug which should be fixed. My comment 29 was rather a proposal to make sure this fixed your problem. If yes, then I can properly fix this bug.

Ok.
/etc/urpmi/urpmi.cfg is effectively set at :

-rw-rw-r-- 1 root root 7016 mars  23 17:18 urpmi.cfg
when drakconf is started with a user umask=022 (and MCC->"Configure media sources for install and update" is used).

-rw------- 1 root root 7016 mars  24 12:39 urpmi.cfg
when drakconf is started with a user umask=077

The problem is easily reproducible when the msec security level is set to 'secure'. This level enforces umask = 077.

Target Milestone: --- => Mageia 6
Status: REOPENED => ASSIGNED
Assignee: mageiatools => LpSolit
Summary: An icon in the task bar always asks to add a repository (even if a repository is already configured) => mgaapplet always asks to add a repository when urpmi.cfg is not readable

Created attachment 9150 [details]
fix file permissions

Tested in Cauldron.

Attachment 7470 is obsolete: 0 => 1
Attachment 7390 is obsolete: 0 => 1
Attachment 7469 is obsolete: 0 => 1
Attachment 7735 is obsolete: 0 => 1

Thierry, WDYT of the patch?

Keywords: (none) => PATCH

commit f27b8d7a11f261d0b15ca1a7871a497936bd1ee9
Author: Frédéric Buclin <LpSolit@...>
Date:   Fri Mar 24 20:06:01 2017 +0100

    Make sure that urpmi.cfg is world-readable so that mgaapplet can read it (mga#9386)
---
 Commit Link:
   http://gitweb.mageia.org/software/rpm/urpmi/commit/?id=f27b8d7a11f261d0b15ca1a7871a497936bd1ee9

Fixed in git.

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Version: 5 => Cauldron
Whiteboard: (none) => MGA5TOO

Frederic,

I tested your patch (attachment 9150 [details]) and it does not resolve completely the problem.
/etc/urpmi/urpmi.cfg is readable but when I add an new set of repositories, they are not world readable :
# ll
total 868
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports (distrib34)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports Testing (distrib35)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Release (distrib31)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates (distrib32)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates Testing (distrib33)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Debug (distrib8)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports (distrib7)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing Debug (distrib10)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing (distrib9)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release Debug (distrib2)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release (distrib1)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Debug (distrib4)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates (distrib3)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing Debug (distrib6)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing (distrib5)/
drwxr-xr-x 2 root root   4096 mai   12  2016 Dr.Web Installer Temporary Repo/
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Core Release
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Nonfree Release
-rw-r--r-- 1 root root  61556 mars   6 16:57 names.Core Release
-rw-r--r-- 1 root root    441 mai   14  2016 names.Dr.Web Installer Temporary Repo
-rw-r--r-- 1 root root    721 mars   6 16:57 names.Nonfree Release
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports (distrib39)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports Testing (distrib40)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Release (distrib36)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates (distrib37)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates Testing (distrib38)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Debug (distrib18)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports (distrib17)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing Debug (distrib20)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing (distrib19)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release Debug (distrib12)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release (distrib11)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Debug (distrib14)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates (distrib13)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing Debug (distrib16)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing (distrib15)/
-r--r--r-- 1 root root 605336 nov.  22 14:37 synthesis.hdlist.Core Release.cz
-r--r--r-- 1 root root   3891 nov.  22 14:37 synthesis.hdlist.Nonfree Release.cz
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports (distrib44)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports Testing (distrib45)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Release (distrib41)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates (distrib42)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates Testing (distrib43)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Debug (distrib28)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports (distrib27)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing Debug (distrib30)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing (distrib29)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release Debug (distrib22)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release (distrib21)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Debug (distrib24)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates (distrib23)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing Debug (distrib26)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing (distrib25)/
[root@station urpmi]# ll /var/lib/urpmi
total 868
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports (distrib34)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports Testing (distrib35)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Release (distrib31)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates (distrib32)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates Testing (distrib33)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Debug (distrib8)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports (distrib7)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing Debug (distrib10)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing (distrib9)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release Debug (distrib2)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release (distrib1)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Debug (distrib4)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates (distrib3)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing Debug (distrib6)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing (distrib5)/
drwxr-xr-x 2 root root   4096 mai   12  2016 Dr.Web Installer Temporary Repo/
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Core Release
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Nonfree Release
-rw-r--r-- 1 root root  61556 mars   6 16:57 names.Core Release
-rw-r--r-- 1 root root    441 mai   14  2016 names.Dr.Web Installer Temporary Repo
-rw-r--r-- 1 root root    721 mars   6 16:57 names.Nonfree Release
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports (distrib39)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports Testing (distrib40)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Release (distrib36)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates (distrib37)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates Testing (distrib38)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Debug (distrib18)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports (distrib17)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing Debug (distrib20)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing (distrib19)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release Debug (distrib12)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release (distrib11)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Debug (distrib14)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates (distrib13)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing Debug (distrib16)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing (distrib15)/
-r--r--r-- 1 root root 605336 nov.  22 14:37 synthesis.hdlist.Core Release.cz
-r--r--r-- 1 root root   3891 nov.  22 14:37 synthesis.hdlist.Nonfree Release.cz
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports (distrib44)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports Testing (distrib45)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Release (distrib41)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates (distrib42)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates Testing (distrib43)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Debug (distrib28)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports (distrib27)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing Debug (distrib30)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing (distrib29)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release Debug (distrib22)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release (distrib21)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Debug (distrib24)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates (distrib23)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing Debug (distrib26)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing (distrib25)/

moreover, /var/cache/urpmi/mirrors.cache is no more world readable.

So (as I noticed in https://bugs.mageia.org/show_bug.cgi?id=9386#c30), I tried to include at line 44 of /usr/libexec/drakconf : 
umask 0022;
and it seems to resolve the problem for all the files I have tested.

But, I'd like to understand why the umask is propagated rather strangely as I say in https://bugs.mageia.org/show_bug.cgi?id=9386#c30

IMHO, this is the reason of the problem.

So, what are your answer and your solution ?

After some more consideration, I think that mgaapplet should require the root password to manage repositories and updates if msec level = "secure" (i.e. umask = 077). The job of this security level is to restrict what users can do, and so this means that mgaapplet should not try to change files and folders permissions, because this could be seen as a policy violation. This means that my previous commit should be reverted.

I will try to work on this next week.

What you say may be true for msec level = "secure" but in my case, I have just redefined the umask to 077 in my .bashrc. So the umask is not the best filter for identifying the "secure" level.

Anyway, as I said in https://bugs.mageia.org/show_bug.cgi?id=9386#c38, your patch does not resolve completely the problem.

I do not plan to look at umask to identify the msec level. I will look at msec directly. I will then set umask accordingly, if needed, ignoring your setting in .bashrc.

Keywords: PATCH => (none)