Bug 9386 - mgaapplet always asks to add a repository when urpmi.cfg is not readable
Summary: mgaapplet always asks to add a repository when urpmi.cfg is not readable
Status: REOPENED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal normal
Target Milestone: Mageia 6
Assignee: Frédéric Buclin
QA Contact:
URL:
Whiteboard: MGA5TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-14 14:48 CET by Christian CHEVALIER
Modified: 2017-05-06 18:56 CEST (History)
5 users (show)

See Also:
Source RPM: urpmi
CVE:
Status comment:


Attachments
The task bar with the message (17.30 KB, image/png)
2016-01-29 12:22 CET, Christian CHEVALIER
Details
/etc/urpmi/urpmi.cfg (6.46 KB, text/plain)
2016-02-18 10:59 CET, Christian CHEVALIER
Details
My MCC configuration (88.13 KB, image/png)
2016-02-18 11:04 CET, Christian CHEVALIER
Details
The box that open periodically (13.33 KB, image/png)
2016-05-02 18:19 CEST, Christian CHEVALIER
Details
my /etc/urpmi/urpmi.cfg (6.41 KB, text/plain)
2016-05-02 22:27 CEST, Christian CHEVALIER
Details
fix file permissions (1.23 KB, patch)
2017-03-24 20:16 CET, Frédéric Buclin
Details | Diff

Description Christian CHEVALIER 2013-03-14 14:48:39 CET
Description of problem:
An icon (question mark) is always displayed in the right part of the task bar (boite à miniatures).
If I pass the mouse pointer over it, a message (my translation of french message) "No repository has been found. You should add one with the software manager".
If I click the icon, I open the media manager that displays the list of repositories already configured.

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. open a desktop session
2.
3.


Reproducible: 

Steps to Reproduce:
Comment 1 Manuel Hiebel 2013-03-15 01:49:45 CET
"urpmq --list-media active" show what ?

Source RPM: (none) => mgaonline

Comment 2 Christian CHEVALIER 2013-03-15 10:27:23 CET
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Comment 3 Christian CHEVALIER 2013-10-18 14:53:08 CEST
The same problem occurs on Mga-3 :
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Comment 4 Manuel Hiebel 2013-10-22 12:21:14 CEST
This message is a reminder that Mageia 2 is nearing its end of life.
Approximately one month from now Mageia will stop maintaining and issuing updates for Mageia 2. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '2'.

Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 2's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 2 is end of life.  If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia.

Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete.

-- 
The Mageia Bugsquad
Christian CHEVALIER 2013-10-22 13:27:43 CEST

Version: 2 => 3

Comment 5 Christian CHEVALIER 2014-04-21 18:03:02 CEST
This bug is still present in mga-4

Version: 3 => 4

Comment 6 Samuel Verschelde 2015-09-21 13:22:02 CEST
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer 
maintained, which means that it will not receive any further security or bug 
fix updates.

Package Maintainer: If you wish for this bug to remain open because you plan to 
fix it in a currently maintained version, simply change the 'version' to a later 
Mageia version.

Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't 
able to fix it before Mageia 4's end of life. If you are able to reproduce it 
against a later version of Mageia, you are encouraged to click on "Version" and 
change it against that version of Mageia. If it's valid in several versions, 
select the highest and add MGAxTOO in whiteboard for each other valid release.
Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO.

Although we aim to fix as many bugs as possible during every release's lifetime, 
sometimes those efforts are overtaken by events. Often a more recent Mageia 
release includes newer upstream software that fixes bugs or makes them obsolete.

If you would like to help fixing bugs in the future, don't hesitate to join the
packager team via our mentoring program [1] or join the teams that fit you 
most [2].

[1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager
[2] http://www.mageia.org/contribute/
Comment 7 Christian CHEVALIER 2015-09-21 14:54:40 CEST
This bug is still present in mga-5

Version: 4 => 5

Comment 8 Rémi Verschelde 2015-09-21 15:16:35 CEST
Thierry, do you know what could trigger this issue, or what debug info could be useful to investigate?

CC: (none) => thierry.vignaud

Comment 9 Nic Baxter 2016-01-24 12:03:05 CET
Hi Christian
I have never seen this, would you please give some more details. What desktop are you using? What is the applet?

CC: (none) => nic
Keywords: (none) => NEEDINFO

Comment 10 Christian CHEVALIER 2016-01-29 12:17:06 CET
I use KDE.
I don't know what is the applet.
I have 2 PCs under mga-5 x86_64 that show this same problem.
I have 1 PC under mga-5 i586 that works correctly.
Comment 11 Christian CHEVALIER 2016-01-29 12:22:54 CET
Created attachment 7390 [details]
The task bar with the message

sometimes, a little box displays and says that there's no update repository configured and I have to add one
Comment 12 Marja van Waes 2016-02-17 19:42:00 CET
(In reply to Christian CHEVALIER from comment #11)
> Created attachment 7390 [details]
> The task bar with the message
> 
> sometimes, a little box displays and says that there's no update repository
> configured and I have to add one

So you _never_ see the red round icon with white ! in it, to tell you that there are updates available?

If indeed never, then please attach 

    /etc/urpmi/urpmi.cfg


(You might in that case also want to check this MCC screen:
http://doc.mageia.org/mcc/5/fr/content/drakrpm-edit-media.html

The following sources need have a tick in the Updates (Mise à jour, M.à.j.) column:

Core Updates
Nonfree Updates
Tainted Updates )


However, if you do sometimes see the orange icon with question mark, and other times the red icon with exclamation mark, then please attach red.txt and orange.txt that are the result of (as root)
when you see the orange icon:

   journalctl -b > orange. txt

when you see the red icon:

   journalctl -b > red.txt

CC: (none) => marja11

Comment 13 Christian CHEVALIER 2016-02-18 10:59:58 CET
Created attachment 7469 [details]
/etc/urpmi/urpmi.cfg

no, I never see the red round icon with white ! in it
Comment 14 Christian CHEVALIER 2016-02-18 11:04:12 CET
Created attachment 7470 [details]
My MCC configuration
Comment 15 claire robinson 2016-02-18 12:19:18 CET
urpmi.cfg shows you have 32bit medias disabled on the 64bit system. If this was done post-installation then it's possible you have some 32bit libraries installed which require them to be enabled to be able to update.

CC: (none) => eeeemail

Comment 16 claire robinson 2016-02-18 12:22:17 CET
To show your active medias in a terminal use..

$ urpmq --list-media active


eg.
$ urpmq --list-media active
Core Release
Core Updates
Nonfree Release
Nonfree Updates
Tainted Release
Tainted Updates
Core 32bit Release
Core 32bit Updates
Nonfree 32bit Release
Nonfree 32bit Updates
Tainted 32bit Release
Tainted 32bit Updates
Comment 17 Christian CHEVALIER 2016-02-18 17:48:51 CET
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)

I have wine 32bit installed. So I added the updates repositories and now :
# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Core 32bit Updates (distrib32)
Nonfree 32bit Updates (distrib37)
Tainted 32bit Updates (distrib42)
Comment 18 Marja van Waes 2016-05-01 10:10:10 CEST
Assuming enabling 32bit repos did indeed the problem, so that the icon was correct to ask to add a repository.

Closing.

Feel free to reopen if my assumption is wrong.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Comment 19 Christian CHEVALIER 2016-05-02 17:51:47 CEST
I disabled 32bit repos and the problem is still here.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

Comment 20 Christian CHEVALIER 2016-05-02 18:19:58 CEST
Created attachment 7732 [details]
The box that open periodically

Moreover, when I click the button add (Ajouter) on this box, nothing happens and the button disappear.
Comment 21 Marja van Waes 2016-05-02 19:10:58 CEST
(In reply to Marja van Waes from comment #18)
> Assuming enabling 32bit repos did indeed the problem, so that the icon was
> correct to ask to add a repository.

Sorry, Christian, for the confusion, I forgot a word there, it should have been:

Assuming enabling 32bit repos did indeed _solve_ the problem, so that the icon was correct to ask to add a repository.

32bit repos need to be enabled, because you have 32bits packages installed.

Again closing. 


(In reply to Christian CHEVALIER from comment #20)

> 
> Moreover, when I click the button add (Ajouter) on this box, nothing happens
> and the button disappear.

Thanks, that's another symptom of bug 15341
I added your information to it

Status: REOPENED => RESOLVED
Resolution: (none) => INVALID

Comment 22 Christian CHEVALIER 2016-05-02 19:53:41 CEST
Well, I thought I had posted a message but it isn't here.
I enabled the 32 bit repository :

# urpmq --list-media active
Core Release (distrib1)
Core Updates (distrib3)
Nonfree Release (distrib11)
Nonfree Updates (distrib13)
Tainted Release (distrib21)
Tainted Updates (distrib23)
Core 32bit Release (distrib31)
Core 32bit Updates (distrib32)
Nonfree 32bit Release (distrib36)
Nonfree 32bit Updates (distrib37)
Tainted 32bit Release (distrib41)
Tainted 32bit Updates (distrib42)

and the problem is still there.

Otherwise, as I said before, when I click the button add on this box, nothing happens and the button disappear. this is rather strange for a button supposed adding a repository !

So the problem is not resolved and I have to reopen it.

Status: RESOLVED => REOPENED
Resolution: INVALID => (none)

Comment 23 Marja van Waes 2016-05-02 22:09:32 CEST

(In reply to Christian CHEVALIER from comment #22)
> Well, I thought I had posted a message but it isn't here.
> I enabled the 32 bit repository :
> 
> # urpmq --list-media active
> Core Release (distrib1)
> Core Updates (distrib3)
> Nonfree Release (distrib11)
> Nonfree Updates (distrib13)
> Tainted Release (distrib21)
> Tainted Updates (distrib23)
> Core 32bit Release (distrib31)
> Core 32bit Updates (distrib32)
> Nonfree 32bit Release (distrib36)
> Nonfree 32bit Updates (distrib37)
> Tainted 32bit Release (distrib41)
> Tainted 32bit Updates (distrib42)
> 
> and the problem is still there.

@ Christian

For this problem, can you please _attach_ your

  /etc/urpmi/urpmi.cfg

> 
> Otherwise, as I said before, when I click the button add on this box,
> nothing happens and the button disappear. this is rather strange for a
> button supposed adding a repository !

As said before, that is bug 15341

It is very unlikely that the two problems are related, so they need to be handled in two different bug reports.

Assignee: bugsquad => thierry.vignaud

Comment 24 Christian CHEVALIER 2016-05-02 22:27:30 CEST
Created attachment 7735 [details]
my /etc/urpmi/urpmi.cfg

# cat /etc/urpmi/urpmi.cfg
{
}

Core\ Release cdrom://x86_64/media/core {
  ignore
  key-ids: 80420f66
}

Nonfree\ Release cdrom://x86_64/media/nonfree {
  ignore
  key-ids: 80420f66
}

Core\ Release\ (distrib1)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/release
}

Core\ Release\ Debug\ (distrib2)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/release
}

Core\ Updates\ (distrib3)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/core/updates
}

Core\ Updates\ Debug\ (distrib4)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/updates
}

Core\ Updates\ Testing\ (distrib5)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/updates_testing
}

Core\ Updates\ Testing\ Debug\ (distrib6)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/updates_testing
}

Core\ Backports\ (distrib7)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/backports
}

Core\ Backports\ Debug\ (distrib8)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/backports
}

Core\ Backports\ Testing\ (distrib9)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/core/backports_testing
}

Core\ Backports\ Testing\ Debug\ (distrib10)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/core/backports_testing
}

Nonfree\ Release\ (distrib11)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/release
}

Nonfree\ Release\ Debug\ (distrib12)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/release
}

Nonfree\ Updates\ (distrib13)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/nonfree/updates
}

Nonfree\ Updates\ Debug\ (distrib14)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/updates
}

Nonfree\ Updates\ Testing\ (distrib15)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/updates_testing
}

Nonfree\ Updates\ Testing\ Debug\ (distrib16)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/updates_testing
}

Nonfree\ Backports\ (distrib17)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/backports
}

Nonfree\ Backports\ Debug\ (distrib18)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/backports
}

Nonfree\ Backports\ Testing\ (distrib19)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/nonfree/backports_testing
}

Nonfree\ Backports\ Testing\ Debug\ (distrib20)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/nonfree/backports_testing
}

Tainted\ Release\ (distrib21)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/release
}

Tainted\ Release\ Debug\ (distrib22)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/release
}

Tainted\ Updates\ (distrib23)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/tainted/updates
}

Tainted\ Updates\ Debug\ (distrib24)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/updates
}

Tainted\ Updates\ Testing\ (distrib25)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/updates_testing
}

Tainted\ Updates\ Testing\ Debug\ (distrib26)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/updates_testing
}

Tainted\ Backports\ (distrib27)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/backports
}

Tainted\ Backports\ Debug\ (distrib28)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/backports
}

Tainted\ Backports\ Testing\ (distrib29)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/tainted/backports_testing
}

Tainted\ Backports\ Testing\ Debug\ (distrib30)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/debug/tainted/backports_testing
}

Core\ 32bit\ Release\ (distrib31)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/release
}

Core\ 32bit\ Updates\ (distrib32)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/core/updates
}

Core\ 32bit\ Updates\ Testing\ (distrib33)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/updates_testing
}

Core\ 32bit\ Backports\ (distrib34)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/backports
}

Core\ 32bit\ Backports\ Testing\ (distrib35)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/core/backports_testing
}

Nonfree\ 32bit\ Release\ (distrib36)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/release
}

Nonfree\ 32bit\ Updates\ (distrib37)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/nonfree/updates
}

Nonfree\ 32bit\ Updates\ Testing\ (distrib38)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/updates_testing
}

Nonfree\ 32bit\ Backports\ (distrib39)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/backports
}

Nonfree\ 32bit\ Backports\ Testing\ (distrib40)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/nonfree/backports_testing
}

Tainted\ 32bit\ Release\ (distrib41)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/release
}

Tainted\ 32bit\ Updates\ (distrib42)  {
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  update
  with-dir: media/../../i586/media/tainted/updates
}

Tainted\ 32bit\ Updates\ Testing\ (distrib43)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/updates_testing
}

Tainted\ 32bit\ Backports\ (distrib44)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/backports
}

Tainted\ 32bit\ Backports\ Testing\ (distrib45)  {
  ignore
  key-ids: 80420f66
  mirrorlist: $MIRRORLIST
  with-dir: media/../../i586/media/tainted/backports_testing
}
Marja van Waes 2016-05-02 23:04:47 CEST

Keywords: NEEDINFO => (none)

Comment 25 Christian CHEVALIER 2017-03-21 17:17:14 CET
I looked into the code called by mgaapplet and mgaapplet-update-checker and found several locations where the program fails.
It is always a problem of read permissions by mgaapplet and mgaapplet-update-checker processes.
The concerned files were :
/etc/urpmi/urpmi.cfg which was -rw-------
/var/lib/urpmi/* which was drwx------ or -rw-------
/etc/urpmi/proxy.cfg which was -rw-------
/var/cache/urpmi/mirrors.cache which was -rw-------

After restoring the permissions -rw-r--r-- on files and drwxr-xr-x on directories, the applet runs correctly, finds the repositories and displays the red icon in the task bar when updates are available.

But when the MCC is run and "Configure media sources for install and update" is opened and closed, /etc/urpmi/urpmi.cfg is reset at -rw-------.
If a new media list is loaded, /var/lib/urpmi/* is reset at drwx------ or -rw-------
Rémi Verschelde 2017-03-22 08:33:14 CET

CC: (none) => LpSolit
Assignee: thierry.vignaud => mageiatools

Comment 26 Frédéric Buclin 2017-03-22 15:20:49 CET
Christian, when you run this command from a console, what's the output?

perl -wE 'say sprintf("%03o", umask())'
Comment 27 Frédéric Buclin 2017-03-22 15:31:12 CET
Please run this command from your own account and as root, for comparison. If you get 077, then you have your explanation.
Comment 28 Christian CHEVALIER 2017-03-22 18:54:23 CET
$ perl -wE 'say sprintf("%03o", umask())'
077
# perl -wE 'say sprintf("%03o", umask())'
022

I think a root umask=077 could have been responsible of the wrong permissions of urpmi files but it is not the case.

However, when the MCC is run from a konsole, it inherits its umask=022.
But when it is started from the taskbar, after root authentication, the umask displayed by drakconf is 077 !
Comment 29 Frédéric Buclin 2017-03-22 18:58:12 CET
type: umask 022 from your account and the problem should go away.
Comment 30 Christian CHEVALIER 2017-03-23 18:39:19 CET
It is not a solution.
Any user should have the possibility to set his umask to any value without interfering with the administration tools.
I think it's a bug that should be fixed !

Moreover, the umask policy setting is not clear when drakconf is started from the taskbar. Its value tested at line 44 of /usr/libexec/drakconf gives :
user umask=077 -> drakconf umask=077
but
user umask=022 -> drakconf umask=002

Who has modified it ?
Comment 31 Frédéric Buclin 2017-03-23 20:23:23 CET
(In reply to Christian CHEVALIER from comment #30)
> It is not a solution.
> Any user should have the possibility to set his umask to any value without
> interfering with the administration tools.
> I think it's a bug that should be fixed !

Yes, sure. I didn't mean this wasn't a bug which should be fixed. My comment 29 was rather a proposal to make sure this fixed your problem. If yes, then I can properly fix this bug.
Comment 32 Christian CHEVALIER 2017-03-24 12:51:44 CET
Ok.
/etc/urpmi/urpmi.cfg is effectively set at :

-rw-rw-r-- 1 root root 7016 mars  23 17:18 urpmi.cfg
when drakconf is started with a user umask=022 (and MCC->"Configure media sources for install and update" is used).

-rw------- 1 root root 7016 mars  24 12:39 urpmi.cfg
when drakconf is started with a user umask=077
Comment 33 Frédéric Buclin 2017-03-24 20:15:18 CET
The problem is easily reproducible when the msec security level is set to 'secure'. This level enforces umask = 077.

Target Milestone: --- => Mageia 6
Status: REOPENED => ASSIGNED
Assignee: mageiatools => LpSolit
Summary: An icon in the task bar always asks to add a repository (even if a repository is already configured) => mgaapplet always asks to add a repository when urpmi.cfg is not readable

Comment 34 Frédéric Buclin 2017-03-24 20:16:48 CET
Created attachment 9150 [details]
fix file permissions

Tested in Cauldron.

Attachment 7470 is obsolete: 0 => 1
Attachment 7390 is obsolete: 0 => 1
Attachment 7469 is obsolete: 0 => 1
Attachment 7735 is obsolete: 0 => 1

Frédéric Buclin 2017-03-24 20:18:48 CET

Source RPM: mgaonline => urpmi

Comment 35 Rémi Verschelde 2017-03-24 20:29:01 CET
Thierry, WDYT of the patch?

Keywords: (none) => PATCH

Comment 36 Mageia Robot 2017-04-03 19:13:24 CEST
commit f27b8d7a11f261d0b15ca1a7871a497936bd1ee9
Author: Frédéric Buclin <LpSolit@...>
Date:   Fri Mar 24 20:06:01 2017 +0100

    Make sure that urpmi.cfg is world-readable so that mgaapplet can read it (mga#9386)
---
 Commit Link:
   http://gitweb.mageia.org/software/rpm/urpmi/commit/?id=f27b8d7a11f261d0b15ca1a7871a497936bd1ee9
Comment 37 Rémi Verschelde 2017-04-03 19:13:40 CEST
Fixed in git.

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Version: 5 => Cauldron
Whiteboard: (none) => MGA5TOO

Comment 38 Christian CHEVALIER 2017-04-03 21:51:02 CEST
Frederic,

I tested your patch (attachment 9150 [details]) and it does not resolve completely the problem.
/etc/urpmi/urpmi.cfg is readable but when I add an new set of repositories, they are not world readable :
# ll
total 868
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports (distrib34)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports Testing (distrib35)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Release (distrib31)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates (distrib32)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates Testing (distrib33)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Debug (distrib8)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports (distrib7)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing Debug (distrib10)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing (distrib9)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release Debug (distrib2)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release (distrib1)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Debug (distrib4)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates (distrib3)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing Debug (distrib6)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing (distrib5)/
drwxr-xr-x 2 root root   4096 mai   12  2016 Dr.Web Installer Temporary Repo/
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Core Release
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Nonfree Release
-rw-r--r-- 1 root root  61556 mars   6 16:57 names.Core Release
-rw-r--r-- 1 root root    441 mai   14  2016 names.Dr.Web Installer Temporary Repo
-rw-r--r-- 1 root root    721 mars   6 16:57 names.Nonfree Release
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports (distrib39)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports Testing (distrib40)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Release (distrib36)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates (distrib37)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates Testing (distrib38)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Debug (distrib18)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports (distrib17)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing Debug (distrib20)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing (distrib19)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release Debug (distrib12)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release (distrib11)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Debug (distrib14)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates (distrib13)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing Debug (distrib16)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing (distrib15)/
-r--r--r-- 1 root root 605336 nov.  22 14:37 synthesis.hdlist.Core Release.cz
-r--r--r-- 1 root root   3891 nov.  22 14:37 synthesis.hdlist.Nonfree Release.cz
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports (distrib44)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports Testing (distrib45)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Release (distrib41)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates (distrib42)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates Testing (distrib43)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Debug (distrib28)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports (distrib27)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing Debug (distrib30)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing (distrib29)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release Debug (distrib22)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release (distrib21)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Debug (distrib24)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates (distrib23)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing Debug (distrib26)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing (distrib25)/
[root@station urpmi]# ll /var/lib/urpmi
total 868
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports (distrib34)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Backports Testing (distrib35)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Release (distrib31)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates (distrib32)/
drwx------ 2 root root   4096 avril  3 19:11 Core 32bit Updates Testing (distrib33)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Debug (distrib8)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports (distrib7)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing Debug (distrib10)/
drwx------ 2 root root   4096 avril  3 19:11 Core Backports Testing (distrib9)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release Debug (distrib2)/
drwx------ 2 root root   4096 avril  3 19:10 Core Release (distrib1)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Debug (distrib4)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates (distrib3)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing Debug (distrib6)/
drwx------ 2 root root   4096 avril  3 19:11 Core Updates Testing (distrib5)/
drwxr-xr-x 2 root root   4096 mai   12  2016 Dr.Web Installer Temporary Repo/
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Core Release
-r--r--r-- 1 root root     98 nov.  22 14:37 MD5SUM.Nonfree Release
-rw-r--r-- 1 root root  61556 mars   6 16:57 names.Core Release
-rw-r--r-- 1 root root    441 mai   14  2016 names.Dr.Web Installer Temporary Repo
-rw-r--r-- 1 root root    721 mars   6 16:57 names.Nonfree Release
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports (distrib39)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Backports Testing (distrib40)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Release (distrib36)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates (distrib37)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree 32bit Updates Testing (distrib38)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Debug (distrib18)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports (distrib17)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing Debug (distrib20)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Backports Testing (distrib19)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release Debug (distrib12)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Release (distrib11)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Debug (distrib14)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates (distrib13)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing Debug (distrib16)/
drwx------ 2 root root   4096 avril  3 19:11 Nonfree Updates Testing (distrib15)/
-r--r--r-- 1 root root 605336 nov.  22 14:37 synthesis.hdlist.Core Release.cz
-r--r--r-- 1 root root   3891 nov.  22 14:37 synthesis.hdlist.Nonfree Release.cz
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports (distrib44)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Backports Testing (distrib45)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Release (distrib41)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates (distrib42)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted 32bit Updates Testing (distrib43)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Debug (distrib28)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports (distrib27)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing Debug (distrib30)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Backports Testing (distrib29)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release Debug (distrib22)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Release (distrib21)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Debug (distrib24)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates (distrib23)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing Debug (distrib26)/
drwx------ 2 root root   4096 avril  3 19:11 Tainted Updates Testing (distrib25)/

moreover, /var/cache/urpmi/mirrors.cache is no more world readable.

So (as I noticed in https://bugs.mageia.org/show_bug.cgi?id=9386#c30), I tried to include at line 44 of /usr/libexec/drakconf : 
umask 0022;
and it seems to resolve the problem for all the files I have tested.

But, I'd like to understand why the umask is propagated rather strangely as I say in https://bugs.mageia.org/show_bug.cgi?id=9386#c30

IMHO, this is the reason of the problem.
Christian CHEVALIER 2017-04-04 12:33:45 CEST

Resolution: FIXED => (none)
Status: RESOLVED => REOPENED

Comment 39 Christian CHEVALIER 2017-04-25 15:32:53 CEST
So, what are your answer and your solution ?
Comment 40 Frédéric Buclin 2017-05-06 18:28:31 CEST
After some more consideration, I think that mgaapplet should require the root password to manage repositories and updates if msec level = "secure" (i.e. umask = 077). The job of this security level is to restrict what users can do, and so this means that mgaapplet should not try to change files and folders permissions, because this could be seen as a policy violation. This means that my previous commit should be reverted.

I will try to work on this next week.
Comment 41 Christian CHEVALIER 2017-05-06 18:49:51 CEST
What you say may be true for msec level = "secure" but in my case, I have just redefined the umask to 077 in my .bashrc. So the umask is not the best filter for identifying the "secure" level.

Anyway, as I said in https://bugs.mageia.org/show_bug.cgi?id=9386#c38, your patch does not resolve completely the problem.
Comment 42 Frédéric Buclin 2017-05-06 18:56:27 CEST
I do not plan to look at umask to identify the msec level. I will look at msec directly. I will then set umask accordingly, if needed, ignoring your setting in .bashrc.

Keywords: PATCH => (none)


Note You need to log in before you can comment on or make changes to this bug.