So here we are, the second installment of my openSUSE+Ruby mini-series. See this link for the first article covering installation and configuration. In this post, I’ll give you a fast introduction to Ruby and a sample system script on openSUSE.
Archive for the ‘Software Management’ Category
Webpin search in YaST for openSUSE 11.1
January 9th, 2009 by Stanislav VisnovskyThis is just a short reminder that in openSUSE 11.1, it is possible to search online for packages in YaST as described in this blog (thanks to Lukas and Bubli for making this reality!).
In short, just type on command line:
/sbin/yast2 webpin_package_search
and you will get this UI for an online search and install of packages:
Enjoy!
Developing with libyui/libzypp & python – part4
November 11th, 2008 by Jan-Simon MöllerLet’s extend the application to make it even more useful!
* add support for YaST-Repositories
* add Support for different architectures
* use always a random temporary directory
Now, it looks like this:
You can grab it out of my home: in the openSUSE Build Service (for openSUSE 11.0).
Start it with “repoviewer”, add the repository’s url, select the type, the architecture and hit “Go!” .
You can choose the architectures only for the “highest” type of the family as they list the “lower” types, too.
So to see “ppc” packages. use “ppc64” in the combobox and later “ppc” in the “Arch” column.
For big repos (like factory) it takes some time to download and parse the metadata.
Also try in a console-window:
unset DISPLAY; repoviewer
😉 thanks to libyui, that just works !
Update: You can access also local directories (like mounted CDs/DVDs).
Just use “file:///” and the full path ! E.g.: “file:///media/SU1100.001/”
How survive zypper dup on system with bad internet connection
October 30th, 2008 by Josef ReidingerMaybe someday you try zypper dup to actualize your distribution and in middle of process it fail, because you are disconnected or some packages is actualized before you download it (especially on factory this can happen). It is more safety download packages at first and then install from this local files.
How todo this is little tricky, at first you must enable caching downloaded files (I do it only for remote connection):
zypper mr –keep-packages –remote
So now you cache all downloaded files and now try testing run of dup. Trick is that all packages download for that test is cached.
zypper dup –dry-run
Now if you have slow connection I reccomend also disable autorefresh for all repositories, because if repository is refreshed before dup, you can easily find that some packages is newer than package in cache and you must download it.
zypper mr –all –no-refresh
Now is everything prepared for zypper dup, which use files from cache. Cache can take quite lot of disk space, so after dup you can clean it.
zypper clean
And thats all. This features work from OpenSuse 11 and you can also use this trick for zypper update or zypper install.
Parralel processing in zypper
October 6th, 2008 by Johan KotzeI have been on leave for a couple of days and today when I booted my laptop the openSUSE updater notified me of 4 security updates. While I was watching zypper updating the system (I prefer the command line client) I wondered if it would be possible for zypper to download and install patches/programs/etc asynchronously. To explain better: instead of downloading a patch and then installing it, why can’t zypper download the patch and then start a process/tread to install it while it immediately starts to download the next file ? I have no knowledge of the internals of zypper or yast, so I don’t know it it even feasible, but it would decrease the time needed to patch the system.
zypper best feature
October 6th, 2008 by k0daIm impressed how many users don’t know new zypper features.
Users asks for ability to cache downloaded package with tracked dependencies. Somebody recommends use smart, somebody setup squid between ISP and home pc.
None of that methods are valid anymore.
Now zypper have caching feature. Ok, let me explain how to enable it.
First of all we need to determine for which repo we want to enable caching.
k0da@laptop:~> zypper sl
# | Alias | Name | Enabled | Refresh
--+-----------------------+-----------------------+---------+--------
1 | debug | debug | Yes | No
2 | repo-non-oss | openSUSE-11.0-Non-Oss | Yes | No
3 | home:Eri_zaq | home:Eri_zaq | Yes | Yes
4 | openSUSE-11.0-Updates | Updates for 11.0 | Yes | Yes
5 | OBS | OBS | Yes | Yes
6 | Packman | Packman | Yes | Yes
7 | repo-oss | openSUSE-11.0-Oss | Yes | No
In this example output we can get repo # or its name.
Now we are ready to enable cache
sudo zypper mr -k <repo name>| #
Thats all. Now install some packages from repo.
All cached packages now stored in cache dir (described in /etc/zypp/zypp.conf).
By default it stored in /var/cache/zypp
Next really wanted feature we are waiting for is resume download package, if internet connection lost 😉
Developing with libyui/libzypp & python – part3
October 3rd, 2008 by Jan-Simon MöllerIn part 1 we installed and tested libyui and its python binding and part 2 was about constructing the GUI. Now its time for the libzypp-bindings – of course for python ;). So far the GUI looks like:
We will import a repository’s metadata and list its content. But let’s move on …
I assume you have already installed the software from part 1. Then we’ll just donwload the missing parts.
zypper in prefix-opt-python-zypp prefix-opt-libzypp
Software Management as a Service
September 24th, 2008 by Stefan HaasA couple of days ago I finished my thesis with the topic mentioned above.
It describes the currently used package formats and software management systems within the Linux as also the proprietary world of Microsoft respectively Apple plus the possibilities to reduce those systems and tools to a common denominator.
The prototype of this service, which emerged within the scope of the thesis, consists of the following three parts:
- PackageKit, which acts as broker between CIM and the local software management system
- CIM, which provides the standardized data model and communication and a
- Web-UI, which is more or less only a proof of concept
As the Common Information Model (CIM) is a widespread and well used standard (even Microsoft occupies it with its WMI stuff), its models are used for a common data structure as also for the operating system independent communication.
For implementing a usable service, classes (data structures) for Package, Update and Repository was needed.
These classes are based, out of compatibility reasons, on the already existing WMI implementation of Microsoft. Hence, it is possible with one and the same client to list packages (products in Microsoft speech) and Updates of Linux as also Windows computers.
To connect this CIM-classes to the local software management system it was necessary to develop so called CIM-providers.
The implemented providers communicate with PackageKit and not with the available software management systems (like ZYpp in case of openSUSE) itself. This is beneficial as there is no need anymore to develop a provider for every single software management system. As soon as there is a backend for PackageKit of the specific software management system this service is automatically usable.
The prototype of the service is fully usable to list, install and remove packages and patches as also to list, disable and enable repositories for all Linux distributions provided by PackageKit.
So, if you are interested and the thesis is accepted and marked (hopefully good) by my examiners, let me know and you’ll get a copy of it (90 pages, english).
Package Management Security on openSUSE
July 16th, 2008 by Andreas JaegerThere has been a report (with further information at this page and at the FAQ) looking at package management security on various distributions that IMO was rather condensed in its summary report and therefore raised some false alarms for various distributions including openSUSE.
Ludwig, one of our security experts, sent out a mail with a reaction to the report and I’d like to point out some of the things from the report and how it’s handled in the openSUSE 11.0 distribution.
Let me state first the major lines of defense that openSUSE uses:
- Package downgrade is not possible, YaST will not do this automatically and therefore many of the attacks (installing an old and vulnerable package) are not possible.
- The openSUSE download redirector serves the metadata from a known and trusted source. I advise everybody to use the download redirector via http://download.opensuse.org.
- The openSUSE updates have both cryptographically signed packages and cryptographically signed meta data – and YaST check these signatures and reject files that do not match the signature.
The described attacks are:
- “Replay Attack: Metadata Replay”: Not possible since the openSUSE download redirector serves the metadata from a central location. The only chance here would be a man-in-the-middle attack but this would not help since YaST will not do a package downgrade.
- “Replay Attack:Mirror Control”: Yes, it’s easy to become an openSUSE mirror but this will not degrade your security since the metadata comes from the download redirector and we only redirect to mirrors that contain the right version of a package – and the redirector monitors that the mirrors contain the right files. YaST is designed with mirrors going out of date or getting corrupted in mind.
- Attacks called “Extraneous Dependencies”, “Unsatisfiable Dependencies”, “Provides Everything” on the other attacks page: Let me cite the page where it mentions protection against these attack: “The easiest way is to use a package manager that signs the repository metadata (like APT or YaST)”.
- “Endless Data Attack”: This is basically a denial of service attack which the admin will soon notice and can then take appropriate action. It cannot happen for metadata since those come from the download redirector but it could happen with openSUSE for packages since we do download the complete file and do not use the file size information contained in the metadata yet. This is something we plan to address for our next release.
Note that when I speak about YaST I mean everything that uses the openSUSE package management library libzypp which includes YaST, zypper and the updater applets.
Note also that the FAQ has a question about the download redirector: “Q: What about OpenSUSE’s download redirector? Does it increase or decrease my security? A: OpenSUSE’s download redirector increases the user’s security…”. I’d like to thank Christoph Thiel, Marcus Rückert and Peter Pöml for their work over the years on the redirector. Peter is the current maintainer and did the last rewrite including the serving of metadata.
Note: if you use SUSE Linux enterprise products, then only servers owned by Novell are used via secure https connections which avoid all these attacks.
Our package management and security experts have been reviewing and improving the security aspects of the package management stack continuously – and the report shows that they were successfull.
Showing package dependencies
June 27th, 2008 by Stefan SchubertIn order to give an answer about “Why this package will be installed and who needs it?” I have added a new Dialog in the QT single package selector:
Select one item (pattern, package) in the single selection frame, use the right mouse button and select “Show solver information”. A solverrun will be made for this item and the result will be shown with this dialog.
- Black arrow : This item will be required by….
- Green arrow: This item will be recommended by…
- Green boxes: This package is already installed
- Grey boxes: This package will be installed
- Blue boxes: Patterns
You can navigate through the tree via the overview frame:
After you have selected one item in the tree you can see more information about:
e.G. this item will install two further patterns due to the shown dependencies.
In order to decrease the complexity of the tree you can blind out:
- already installed packages
- recommended packages/patterns
So you will get a shrinked tree:
Technical Background:
This is a simple Qt Dialog widget which can be used in other programs too. ( Package libqdialogsolver1)
YaST uses this widget as a YaST plugin. So if this package is not available you will get a popup in single selection only.
Advertisement
-
Lizards
Adrian Schröter (12)
Agustin Chavarria (6)
Alessandro de Oliveira Faria (13)
Alex Barrios (12)
Alexander Naumov (10)
Alexander Orlovskyy (3)
Alin M Elena (5)
Andrea Florio (27)
Andreas Jaeger (70)
Andreas Stieger (12)
Andrew Wafaa (31)
Arvin Schnell (9)
Atri Bhattacharya (3)
Bernhard Wiedemann (31)
Bonnie Kurniawan (1)
Bruno Friedmann (98)
Calumma Brevicorne (29)
Carl Fletcher (1)
Christopher Hobbs (17)
Ciaran Farrell (3)
Stephan Kulow (17)
craig gardner (2)
Stephan Barth (2)
Thomas Schmidt (2)
Dinar Valeev (1)
Dirk Mueller (2)
Dmitry Serpokryl (7)
Efstathios Iosifidis (21)
Fabio Mucciante (5)
Federico Lucifredi (9)
Greg Freemyer (1)
Holger Sickenberg (2)
Hubert Mantel (1)
Ilya Chernykh (5)
Ismail Donmez (1)
J. Daniel Schmidt (2)
James Tremblay (7)
Jan Blunck (4)
Jan Loeser (3)
Jan Madsen (1)
Jan-Christoph Bornschlegel (3)
Jan-Simon Möller (20)
Javier Llorente (12)
Jigish Gohil (85)
Jiri Srain (1)
Jiří Suchomel (3)
Johan Kotze (5)
José Oramas M. (6)
Josef Reidinger (16)
Juergen Weigert (1)
Julio Vannini (9)
Dinar Valeev (5)
Kevin "Yeaux" Dupuy (11)
Klaas Freitag (55)
Lars Vogdt (11)
Ludwig Nussel (13)
M. Edwin Zakaria (4)
Marcus Hüwe (39)
Marcus Meissner (2)
Marcus Moeller (3)
Marcus Schaefer (4)
Martin Lasarsch (8)
Martin Mohring (11)
Masim "Vavai" Sugianto (20)
Michael Andres (1)
Michael Löffler (7)
Michal Marek (7)
Michal Vyskocil (12)
Miguel Angel Barajas Hernandez (2)
P Linnell (2)
Nelson Marques (55)
Nenad Latinović (1)
Nikanth Karthikesan (2)
Przemyslaw Bojczuk (1)
Peter Pöml (4)
Petr Gajdos (2)
Petr Mladek (60)
Petr Uzel (5)
Ray Wang (1)
Raymond Wooninck (1)
Ricardo Chung (7)
Ricardo Varas Santana (7)
Richard Bos (11)
Robert Schweikert (16)
Rossana Motta (1)
Rupert Horstkötter (10)
Sascha Manns (66)
saydul akram (3)
Sebastian Siebert (6)
Shawn Dunn (2)
Stanislav Visnovsky (7)
Stefan Haas (1)
Stefan Hundhammer (5)
Stefan Schubert (7)
Steffen Winterfeldt (8)
Suresh Jayaraman (3)
Susanne Oberhauser (3)
Thomas Göttlicher (6)
Thomas Schraitle (26)
Togan Muftuoglu (3)
Tuukka Pasanen (36)
Will Stephenson (22)
YaST Team (90)