Description of problem: An icon (question mark) is always displayed in the right part of the task bar (boite à miniatures). If I pass the mouse pointer over it, a message (my translation of french message) "No repository has been found. You should add one with the software manager". If I click the icon, I open the media manager that displays the list of repositories already configured. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. open a desktop session 2. 3. Reproducible: Steps to Reproduce:
"urpmq --list-media active" show what ?
# urpmq --list-media active Core Release (distrib1) Core Updates (distrib3) Nonfree Release (distrib11) Nonfree Updates (distrib13) Tainted Release (distrib21) Tainted Updates (distrib23)
The same problem occurs on Mga-3 : # urpmq --list-media active Core Release (distrib1) Core Updates (distrib3) Nonfree Release (distrib11) Nonfree Updates (distrib13) Tainted Release (distrib21) Tainted Updates (distrib23)
This message is a reminder that Mageia 2 is nearing its end of life. Approximately one month from now Mageia will stop maintaining and issuing updates for Mageia 2. At that time this bug will be closed as WONTFIX (EOL) if it remains open with a Mageia 'version' of '2'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version prior to Mageia 2's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Mageia 2 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. -- The Mageia Bugsquad
This bug is still present in mga-4
Mageia 4 changed to end-of-life (EOL) status on 2015-09-19. It is is no longer maintained, which means that it will not receive any further security or bug fix updates. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Mageia version. Bug Reporter: Thank you for reporting this issue and we are sorry that we weren't able to fix it before Mageia 4's end of life. If you are able to reproduce it against a later version of Mageia, you are encouraged to click on "Version" and change it against that version of Mageia. If it's valid in several versions, select the highest and add MGAxTOO in whiteboard for each other valid release. Example: it's valid in cauldron and Mageia 5, set to cauldron and add MGA5TOO. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Mageia release includes newer upstream software that fixes bugs or makes them obsolete. If you would like to help fixing bugs in the future, don't hesitate to join the packager team via our mentoring program [1] or join the teams that fit you most [2]. [1] https://wiki.mageia.org/en/Becoming_a_Mageia_Packager [2] http://www.mageia.org/contribute/
This bug is still present in mga-5
Thierry, do you know what could trigger this issue, or what debug info could be useful to investigate?
Hi Christian I have never seen this, would you please give some more details. What desktop are you using? What is the applet?
I use KDE. I don't know what is the applet. I have 2 PCs under mga-5 x86_64 that show this same problem. I have 1 PC under mga-5 i586 that works correctly.
Created attachment 7390 [details] The task bar with the message sometimes, a little box displays and says that there's no update repository configured and I have to add one
(In reply to Christian CHEVALIER from comment #11) > Created attachment 7390 [details] > The task bar with the message > > sometimes, a little box displays and says that there's no update repository > configured and I have to add one So you _never_ see the red round icon with white ! in it, to tell you that there are updates available? If indeed never, then please attach /etc/urpmi/urpmi.cfg (You might in that case also want to check this MCC screen: http://doc.mageia.org/mcc/5/fr/content/drakrpm-edit-media.html The following sources need have a tick in the Updates (Mise à jour, M.à .j.) column: Core Updates Nonfree Updates Tainted Updates ) However, if you do sometimes see the orange icon with question mark, and other times the red icon with exclamation mark, then please attach red.txt and orange.txt that are the result of (as root) when you see the orange icon: journalctl -b > orange. txt when you see the red icon: journalctl -b > red.txt
Created attachment 7469 [details] /etc/urpmi/urpmi.cfg no, I never see the red round icon with white ! in it
Created attachment 7470 [details] My MCC configuration
urpmi.cfg shows you have 32bit medias disabled on the 64bit system. If this was done post-installation then it's possible you have some 32bit libraries installed which require them to be enabled to be able to update.
To show your active medias in a terminal use.. $ urpmq --list-media active eg. $ urpmq --list-media active Core Release Core Updates Nonfree Release Nonfree Updates Tainted Release Tainted Updates Core 32bit Release Core 32bit Updates Nonfree 32bit Release Nonfree 32bit Updates Tainted 32bit Release Tainted 32bit Updates
# urpmq --list-media active Core Release (distrib1) Core Updates (distrib3) Nonfree Release (distrib11) Nonfree Updates (distrib13) Tainted Release (distrib21) Tainted Updates (distrib23) I have wine 32bit installed. So I added the updates repositories and now : # urpmq --list-media active Core Release (distrib1) Core Updates (distrib3) Nonfree Release (distrib11) Nonfree Updates (distrib13) Tainted Release (distrib21) Tainted Updates (distrib23) Core 32bit Updates (distrib32) Nonfree 32bit Updates (distrib37) Tainted 32bit Updates (distrib42)
Assuming enabling 32bit repos did indeed the problem, so that the icon was correct to ask to add a repository. Closing. Feel free to reopen if my assumption is wrong.
I disabled 32bit repos and the problem is still here.
Created attachment 7732 [details] The box that open periodically Moreover, when I click the button add (Ajouter) on this box, nothing happens and the button disappear.
(In reply to Marja van Waes from comment #18) > Assuming enabling 32bit repos did indeed the problem, so that the icon was > correct to ask to add a repository. Sorry, Christian, for the confusion, I forgot a word there, it should have been: Assuming enabling 32bit repos did indeed _solve_ the problem, so that the icon was correct to ask to add a repository. 32bit repos need to be enabled, because you have 32bits packages installed. Again closing. (In reply to Christian CHEVALIER from comment #20) > > Moreover, when I click the button add (Ajouter) on this box, nothing happens > and the button disappear. Thanks, that's another symptom of bug 15341 I added your information to it
Well, I thought I had posted a message but it isn't here. I enabled the 32 bit repository : # urpmq --list-media active Core Release (distrib1) Core Updates (distrib3) Nonfree Release (distrib11) Nonfree Updates (distrib13) Tainted Release (distrib21) Tainted Updates (distrib23) Core 32bit Release (distrib31) Core 32bit Updates (distrib32) Nonfree 32bit Release (distrib36) Nonfree 32bit Updates (distrib37) Tainted 32bit Release (distrib41) Tainted 32bit Updates (distrib42) and the problem is still there. Otherwise, as I said before, when I click the button add on this box, nothing happens and the button disappear. this is rather strange for a button supposed adding a repository ! So the problem is not resolved and I have to reopen it.
(In reply to Christian CHEVALIER from comment #22) > Well, I thought I had posted a message but it isn't here. > I enabled the 32 bit repository : > > # urpmq --list-media active > Core Release (distrib1) > Core Updates (distrib3) > Nonfree Release (distrib11) > Nonfree Updates (distrib13) > Tainted Release (distrib21) > Tainted Updates (distrib23) > Core 32bit Release (distrib31) > Core 32bit Updates (distrib32) > Nonfree 32bit Release (distrib36) > Nonfree 32bit Updates (distrib37) > Tainted 32bit Release (distrib41) > Tainted 32bit Updates (distrib42) > > and the problem is still there. @ Christian For this problem, can you please _attach_ your /etc/urpmi/urpmi.cfg > > Otherwise, as I said before, when I click the button add on this box, > nothing happens and the button disappear. this is rather strange for a > button supposed adding a repository ! As said before, that is bug 15341 It is very unlikely that the two problems are related, so they need to be handled in two different bug reports.
Created attachment 7735 [details] my /etc/urpmi/urpmi.cfg # cat /etc/urpmi/urpmi.cfg { } Core\ Release cdrom://x86_64/media/core { ignore key-ids: 80420f66 } Nonfree\ Release cdrom://x86_64/media/nonfree { ignore key-ids: 80420f66 } Core\ Release\ (distrib1) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/core/release } Core\ Release\ Debug\ (distrib2) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/core/release } Core\ Updates\ (distrib3) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/core/updates } Core\ Updates\ Debug\ (distrib4) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/core/updates } Core\ Updates\ Testing\ (distrib5) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/core/updates_testing } Core\ Updates\ Testing\ Debug\ (distrib6) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/core/updates_testing } Core\ Backports\ (distrib7) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/core/backports } Core\ Backports\ Debug\ (distrib8) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/core/backports } Core\ Backports\ Testing\ (distrib9) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/core/backports_testing } Core\ Backports\ Testing\ Debug\ (distrib10) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/core/backports_testing } Nonfree\ Release\ (distrib11) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/nonfree/release } Nonfree\ Release\ Debug\ (distrib12) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/nonfree/release } Nonfree\ Updates\ (distrib13) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/nonfree/updates } Nonfree\ Updates\ Debug\ (distrib14) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/nonfree/updates } Nonfree\ Updates\ Testing\ (distrib15) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/nonfree/updates_testing } Nonfree\ Updates\ Testing\ Debug\ (distrib16) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/nonfree/updates_testing } Nonfree\ Backports\ (distrib17) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/nonfree/backports } Nonfree\ Backports\ Debug\ (distrib18) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/nonfree/backports } Nonfree\ Backports\ Testing\ (distrib19) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/nonfree/backports_testing } Nonfree\ Backports\ Testing\ Debug\ (distrib20) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/nonfree/backports_testing } Tainted\ Release\ (distrib21) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/tainted/release } Tainted\ Release\ Debug\ (distrib22) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/tainted/release } Tainted\ Updates\ (distrib23) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/tainted/updates } Tainted\ Updates\ Debug\ (distrib24) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/tainted/updates } Tainted\ Updates\ Testing\ (distrib25) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/tainted/updates_testing } Tainted\ Updates\ Testing\ Debug\ (distrib26) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/tainted/updates_testing } Tainted\ Backports\ (distrib27) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/tainted/backports } Tainted\ Backports\ Debug\ (distrib28) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/tainted/backports } Tainted\ Backports\ Testing\ (distrib29) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/tainted/backports_testing } Tainted\ Backports\ Testing\ Debug\ (distrib30) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/debug/tainted/backports_testing } Core\ 32bit\ Release\ (distrib31) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/core/release } Core\ 32bit\ Updates\ (distrib32) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/../../i586/media/core/updates } Core\ 32bit\ Updates\ Testing\ (distrib33) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/core/updates_testing } Core\ 32bit\ Backports\ (distrib34) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/core/backports } Core\ 32bit\ Backports\ Testing\ (distrib35) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/core/backports_testing } Nonfree\ 32bit\ Release\ (distrib36) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/nonfree/release } Nonfree\ 32bit\ Updates\ (distrib37) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/../../i586/media/nonfree/updates } Nonfree\ 32bit\ Updates\ Testing\ (distrib38) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/nonfree/updates_testing } Nonfree\ 32bit\ Backports\ (distrib39) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/nonfree/backports } Nonfree\ 32bit\ Backports\ Testing\ (distrib40) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/nonfree/backports_testing } Tainted\ 32bit\ Release\ (distrib41) { key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/tainted/release } Tainted\ 32bit\ Updates\ (distrib42) { key-ids: 80420f66 mirrorlist: $MIRRORLIST update with-dir: media/../../i586/media/tainted/updates } Tainted\ 32bit\ Updates\ Testing\ (distrib43) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/tainted/updates_testing } Tainted\ 32bit\ Backports\ (distrib44) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/tainted/backports } Tainted\ 32bit\ Backports\ Testing\ (distrib45) { ignore key-ids: 80420f66 mirrorlist: $MIRRORLIST with-dir: media/../../i586/media/tainted/backports_testing }
I looked into the code called by mgaapplet and mgaapplet-update-checker and found several locations where the program fails. It is always a problem of read permissions by mgaapplet and mgaapplet-update-checker processes. The concerned files were : /etc/urpmi/urpmi.cfg which was -rw------- /var/lib/urpmi/* which was drwx------ or -rw------- /etc/urpmi/proxy.cfg which was -rw------- /var/cache/urpmi/mirrors.cache which was -rw------- After restoring the permissions -rw-r--r-- on files and drwxr-xr-x on directories, the applet runs correctly, finds the repositories and displays the red icon in the task bar when updates are available. But when the MCC is run and "Configure media sources for install and update" is opened and closed, /etc/urpmi/urpmi.cfg is reset at -rw-------. If a new media list is loaded, /var/lib/urpmi/* is reset at drwx------ or -rw-------
Christian, when you run this command from a console, what's the output? perl -wE 'say sprintf("%03o", umask())'
Please run this command from your own account and as root, for comparison. If you get 077, then you have your explanation.
$ perl -wE 'say sprintf("%03o", umask())' 077 # perl -wE 'say sprintf("%03o", umask())' 022 I think a root umask=077 could have been responsible of the wrong permissions of urpmi files but it is not the case. However, when the MCC is run from a konsole, it inherits its umask=022. But when it is started from the taskbar, after root authentication, the umask displayed by drakconf is 077 !
type: umask 022 from your account and the problem should go away.
It is not a solution. Any user should have the possibility to set his umask to any value without interfering with the administration tools. I think it's a bug that should be fixed ! Moreover, the umask policy setting is not clear when drakconf is started from the taskbar. Its value tested at line 44 of /usr/libexec/drakconf gives : user umask=077 -> drakconf umask=077 but user umask=022 -> drakconf umask=002 Who has modified it ?
(In reply to Christian CHEVALIER from comment #30) > It is not a solution. > Any user should have the possibility to set his umask to any value without > interfering with the administration tools. > I think it's a bug that should be fixed ! Yes, sure. I didn't mean this wasn't a bug which should be fixed. My comment 29 was rather a proposal to make sure this fixed your problem. If yes, then I can properly fix this bug.
Ok. /etc/urpmi/urpmi.cfg is effectively set at : -rw-rw-r-- 1 root root 7016 mars 23 17:18 urpmi.cfg when drakconf is started with a user umask=022 (and MCC->"Configure media sources for install and update" is used). -rw------- 1 root root 7016 mars 24 12:39 urpmi.cfg when drakconf is started with a user umask=077
The problem is easily reproducible when the msec security level is set to 'secure'. This level enforces umask = 077.
Created attachment 9150 [details] fix file permissions Tested in Cauldron.
Thierry, WDYT of the patch?
commit f27b8d7a11f261d0b15ca1a7871a497936bd1ee9 Author: Frédéric Buclin <LpSolit@...> Date: Fri Mar 24 20:06:01 2017 +0100 Make sure that urpmi.cfg is world-readable so that mgaapplet can read it (mga#9386) --- Commit Link: http://gitweb.mageia.org/software/rpm/urpmi/commit/?id=f27b8d7a11f261d0b15ca1a7871a497936bd1ee9
Fixed in git.
Frederic, I tested your patch (attachment 9150 [details]) and it does not resolve completely the problem. /etc/urpmi/urpmi.cfg is readable but when I add an new set of repositories, they are not world readable : # ll total 868 drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Backports (distrib34)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Backports Testing (distrib35)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Release (distrib31)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Updates (distrib32)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Updates Testing (distrib33)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Debug (distrib8)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports (distrib7)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Testing Debug (distrib10)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Testing (distrib9)/ drwx------ 2 root root 4096 avril 3 19:10 Core Release Debug (distrib2)/ drwx------ 2 root root 4096 avril 3 19:10 Core Release (distrib1)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Debug (distrib4)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates (distrib3)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Testing Debug (distrib6)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Testing (distrib5)/ drwxr-xr-x 2 root root 4096 mai 12 2016 Dr.Web Installer Temporary Repo/ -r--r--r-- 1 root root 98 nov. 22 14:37 MD5SUM.Core Release -r--r--r-- 1 root root 98 nov. 22 14:37 MD5SUM.Nonfree Release -rw-r--r-- 1 root root 61556 mars 6 16:57 names.Core Release -rw-r--r-- 1 root root 441 mai 14 2016 names.Dr.Web Installer Temporary Repo -rw-r--r-- 1 root root 721 mars 6 16:57 names.Nonfree Release drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Backports (distrib39)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Backports Testing (distrib40)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Release (distrib36)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Updates (distrib37)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Updates Testing (distrib38)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Debug (distrib18)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports (distrib17)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Testing Debug (distrib20)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Testing (distrib19)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Release Debug (distrib12)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Release (distrib11)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Debug (distrib14)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates (distrib13)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Testing Debug (distrib16)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Testing (distrib15)/ -r--r--r-- 1 root root 605336 nov. 22 14:37 synthesis.hdlist.Core Release.cz -r--r--r-- 1 root root 3891 nov. 22 14:37 synthesis.hdlist.Nonfree Release.cz drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Backports (distrib44)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Backports Testing (distrib45)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Release (distrib41)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Updates (distrib42)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Updates Testing (distrib43)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Debug (distrib28)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports (distrib27)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Testing Debug (distrib30)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Testing (distrib29)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Release Debug (distrib22)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Release (distrib21)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Debug (distrib24)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates (distrib23)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Testing Debug (distrib26)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Testing (distrib25)/ [root@station urpmi]# ll /var/lib/urpmi total 868 drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Backports (distrib34)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Backports Testing (distrib35)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Release (distrib31)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Updates (distrib32)/ drwx------ 2 root root 4096 avril 3 19:11 Core 32bit Updates Testing (distrib33)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Debug (distrib8)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports (distrib7)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Testing Debug (distrib10)/ drwx------ 2 root root 4096 avril 3 19:11 Core Backports Testing (distrib9)/ drwx------ 2 root root 4096 avril 3 19:10 Core Release Debug (distrib2)/ drwx------ 2 root root 4096 avril 3 19:10 Core Release (distrib1)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Debug (distrib4)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates (distrib3)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Testing Debug (distrib6)/ drwx------ 2 root root 4096 avril 3 19:11 Core Updates Testing (distrib5)/ drwxr-xr-x 2 root root 4096 mai 12 2016 Dr.Web Installer Temporary Repo/ -r--r--r-- 1 root root 98 nov. 22 14:37 MD5SUM.Core Release -r--r--r-- 1 root root 98 nov. 22 14:37 MD5SUM.Nonfree Release -rw-r--r-- 1 root root 61556 mars 6 16:57 names.Core Release -rw-r--r-- 1 root root 441 mai 14 2016 names.Dr.Web Installer Temporary Repo -rw-r--r-- 1 root root 721 mars 6 16:57 names.Nonfree Release drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Backports (distrib39)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Backports Testing (distrib40)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Release (distrib36)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Updates (distrib37)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree 32bit Updates Testing (distrib38)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Debug (distrib18)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports (distrib17)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Testing Debug (distrib20)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Backports Testing (distrib19)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Release Debug (distrib12)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Release (distrib11)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Debug (distrib14)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates (distrib13)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Testing Debug (distrib16)/ drwx------ 2 root root 4096 avril 3 19:11 Nonfree Updates Testing (distrib15)/ -r--r--r-- 1 root root 605336 nov. 22 14:37 synthesis.hdlist.Core Release.cz -r--r--r-- 1 root root 3891 nov. 22 14:37 synthesis.hdlist.Nonfree Release.cz drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Backports (distrib44)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Backports Testing (distrib45)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Release (distrib41)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Updates (distrib42)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted 32bit Updates Testing (distrib43)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Debug (distrib28)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports (distrib27)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Testing Debug (distrib30)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Backports Testing (distrib29)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Release Debug (distrib22)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Release (distrib21)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Debug (distrib24)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates (distrib23)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Testing Debug (distrib26)/ drwx------ 2 root root 4096 avril 3 19:11 Tainted Updates Testing (distrib25)/ moreover, /var/cache/urpmi/mirrors.cache is no more world readable. So (as I noticed in https://bugs.mageia.org/show_bug.cgi?id=9386#c30), I tried to include at line 44 of /usr/libexec/drakconf : umask 0022; and it seems to resolve the problem for all the files I have tested. But, I'd like to understand why the umask is propagated rather strangely as I say in https://bugs.mageia.org/show_bug.cgi?id=9386#c30 IMHO, this is the reason of the problem.
So, what are your answer and your solution ?
After some more consideration, I think that mgaapplet should require the root password to manage repositories and updates if msec level = "secure" (i.e. umask = 077). The job of this security level is to restrict what users can do, and so this means that mgaapplet should not try to change files and folders permissions, because this could be seen as a policy violation. This means that my previous commit should be reverted. I will try to work on this next week.
What you say may be true for msec level = "secure" but in my case, I have just redefined the umask to 077 in my .bashrc. So the umask is not the best filter for identifying the "secure" level. Anyway, as I said in https://bugs.mageia.org/show_bug.cgi?id=9386#c38, your patch does not resolve completely the problem.
I do not plan to look at umask to identify the msec level. I will look at msec directly. I will then set umask accordingly, if needed, ignoring your setting in .bashrc.