|
|
Log in / Subscribe / Register

Instructions from Fedora on fixing the dbus problem

[Posted December 12, 2008 by corbet]

From:  "Paul W. Frields" <stickster-AT-gmail.com>
To:  fedora-announce-list-AT-redhat.com
Subject:  Package updating problem and solutions
Date:  Fri, 12 Dec 2008 12:26:24 -0500
Message-ID:  <20081212172624.GB13488@localhost.localdomain>

Recently, an update of D-Bus software package in Fedora 10 caused the
substantial breakage of some applications, including PackageKit.  This
change left people using the distribution's default set of graphical
tools unable to update their systems properly to fix the problem.  The
update was issued after being tagged as a security update, and was not
sufficiently tested before it was made available to all users through
our update repositories.

We apologize for the problem, which we realize has caused an annoyance
for many users.  If your machine was affected by this problem and you
are unable to run a normal system update using PackageKit, you can
restore your system to full working order by doing the following:

1.  Open a terminal.  From the main menu, choose Applications, System
Tools, Terminal.

2.  Use the following command to update the system from one of our
repository mirrors.  The system prompts you for the root password.

        $ su -c 'yum update'

3.  Restart your computer, to ensure the system message bus is reset
appropriately.

Using our open mailing lists, the community is currently discussing
ways to improve Fedora's update processes, to minimize the chances of
this sort of situation recurring.  Feel free to follow the
conversation on the list:

https://www.redhat.com/mailman/listinfo/fedora-devel-list

-- 
Paul W. Frields                                http://paul.frields.org/
  gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233  5906 ACDB C937 BD11 3717
  http://redhat.com/   -  -  -  -   http://pfrields.fedorapeople.org/
  irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

to post comments

Ubuntu had same problem in 2006

Posted Dec 12, 2008 18:06 UTC (Fri) by dwheeler (guest, #1216) [Link] (3 responses)

Ubuntu had the same problem with updates in 2006. In that, an X-windows update botch caused X to fail, requiring people to run the update from the terminal (and many didn't know how to do that). Microsoft has had update problems too (see same article).

Fedora has a lot of company :-).

Ubuntu had same problem in 2006

Posted Dec 12, 2008 18:12 UTC (Fri) by thyrsus (subscriber, #21004) [Link]

Even the terminal update was failing for several hours yesterday: several mirror sites were missing mandatory dependencies. I manually forced my system to look at other mirrors by editing the /etc/yum.repos.d/fedora-updates.repo; this was definitely not a "consumer-grade" update.

'Safe mode' needed?

Posted Dec 13, 2008 13:35 UTC (Sat) by epa (subscriber, #39769) [Link] (1 responses)

Perhaps as a precaution distributions should include a 'safe boot' option that loads a basic kernel, with just enough hardware support for network and disk access, and brings up the system in text mode letting the user install updates. Of course this is already possible with any Linux system, but we are seeing less technically capable users who don't understand boot parameters or how to use the shell. They would benefit from a minimal but still friendly interface that installs updates and reboots.

Ideally, this safe mode boot would never be needed.

'Safe mode' needed?

Posted Dec 13, 2008 19:44 UTC (Sat) by bluss (guest, #47454) [Link]

There is no perfect system, there will always be complex enough computer programs that they will need human input especially when something goes wrong. In this case, linux distributions should have a stronger, more coherent and more definitive way to go wrong and tell the user about it!

So if d-bus, X, or something else is missing, tell the user and give it the control., Recommending upgrading the system in such cases is not a bad idea (since that's how large-scale breakages are fixed).

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 18:50 UTC (Fri) by ciol (guest, #52160) [Link] (1 responses)

I wonder how a distro can work when its update policy does not exist. It's the first thing to write (along with its goals and commitment to free software).

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 21:18 UTC (Fri) by dowdle (subscriber, #659) [Link]

The page you link to at the very top says:

The current policy is at https://fedoraproject.org/wiki/PackageMaintainers/MaintainerResponsibility. This is just a brain storming legacy page and is not in effect currently. Don't rely on information here."

The link mentioned works and seems to be more informative.

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 19:04 UTC (Fri) by kragil (guest, #34373) [Link] (4 responses)

I got hit too .. I worked around the issue, but it definitely sucked that this happened with stable updates.

But everything is fine again. Thanks.

A distro with experimental, unstable, testing, proposed, security and stable update repos would be something!

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 21:40 UTC (Fri) by ballombe (subscriber, #9523) [Link] (1 responses)

> A distro with experimental, unstable, testing, proposed, security and stable update repos would be something!

You mean Debian ?

Debian

Posted Dec 12, 2008 22:48 UTC (Fri) by mmcgrath (guest, #44906) [Link]

I love Debian. No matter how long I wait between installs, it always seems to stay the same :)

Instructions from Fedora on fixing the dbus problem

Posted Dec 13, 2008 5:12 UTC (Sat) by nevyn (guest, #33129) [Link]

Fedora has (in roughly descending order of firehose velocity):

  • rawhide
  • updates-testing
  • updates
  • updates --bugfixes --security
  • updates --security
  • updates --bz 123
  • updates pkg-foo

Lack of choice is not the problem, IMNSHO, and thus. more choice is not the solution.

Instructions from Fedora on fixing the dbus problem

Posted Dec 14, 2008 21:56 UTC (Sun) by spiro (guest, #54657) [Link]

www.distrowatch.org has plenty of other distros to choose from. CentOS and, as mentioned, Debian are two popular ones that are stable and don't use experimental or untested code.

the whole point of fedora is that it's bleeding edge and it's where all the stability testing for Red Hat Enterprise Linux (and subsequently CentOS) comes from.

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 21:46 UTC (Fri) by syntropy (guest, #54409) [Link] (5 responses)

Instructions for fixing the dbus problem?

Remove it. The bloated piece of crap it is, it should never have existed in the first place.

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 23:11 UTC (Fri) by nix (subscriber, #2304) [Link]

dbus doesn't strike me as being especially bloated, given how much it
does. Certainly compared to, e.g. CORBA ORBs, it's downright trim.

Instructions from Fedora on fixing the dbus problem

Posted Dec 12, 2008 23:50 UTC (Fri) by tuna (guest, #44480) [Link] (3 responses)

This is a very insightful but quite short comment. Perhaps you could expand on where dbus is "bloated" and "crap" we all can follow your example and remove dbus with good conscience?

Instructions from Fedora on fixing the dbus problem

Posted Dec 13, 2008 18:27 UTC (Sat) by nix (subscriber, #2304) [Link] (2 responses)

Well, I don't like its XML-happiness very much at all, and one thing this
fiasco does indicate is that the XML that sysadmins are expected to modify
(e.g. in system.conf) isn't documented well enough.

(The very thought of requiring sysadmins to modify XML to configure
anything makes me break out in hives: XML isn't meant for humans to write
and is way too easy to make mistakes in. But fontconfig lost me *that*
argument long ago, and in a sense so did Apache, although at least an
HTML-like syntax makes some sense in a web server's configuration file.)

Instructions from Fedora on fixing the dbus problem

Posted Dec 14, 2008 5:04 UTC (Sun) by Ze (guest, #54182) [Link]

(The very thought of requiring sysadmins to modify XML to configure anything makes me break out in hives: XML isn't meant for humans to write and is way too easy to make mistakes in. But fontconfig lost me *that* argument long ago, and in a sense so did Apache, although at least an HTML-like syntax makes some sense in a web server's configuration file.)

Whilst I'm not a huge fan of XML either. It's not that hard to edit an existing XML file. I've edited HAL files recently and done web stuff (XHTML,HTML,JSP,XSLT,DTD's,VRML) in the past from scratch without any hassles.

Yes often documentation is sadly lacking in them but that is common in most projects whether they be open source or not.

Honestly though I'd like to see something better , ideally a config fs module that stores everything in a common format/back end but can export it in a wide variety of different formats with rules deciding which format it's exported in. So the format you edit it in isn't necessarily the file format your program reads it in. That should satisfy most people and result in projects not having to change much code.

Instructions from Fedora on fixing the dbus problem

Posted Dec 14, 2008 5:05 UTC (Sun) by drag (guest, #31333) [Link]

If it's well documented then it's pretty do-able.

When I get tired of Metacity's crack-headness I usually retreat to the warm embrace of OpenBox.

Openbox's configuration, while rather intense, is actually quite easy to deal with. Every aspect of the WM's interaction with the mouse or keyboard is configurable. Each field is independently configured.. like title bar vs decorations vs window vs desktop etc etc.

A example entry would be like this:
<keybind key="W-d">
<action name="ToggleShowDesktop"/>
</keybind>

And it would be in the 'keyboard' section that is simply bracketed by this:
<keyboard>
blahblahblahblah
etc etc etc
</keyboard>

As far as the keywords and such the combination of the examples included in the default configuration and the good documentation on Openbox's website means that if I want to find out how to do something I can usually figure it out and have it working in a couple minutes rather then fumbling around in the dark for a half hour or more google'ng around and hoping somebody has some working snippets posted to some mailing list somewhere.

See:
http://icculus.org/openbox/index.php/Help:Contents

Then you can find what the 'ToggleShowDesktop' does at:
http://icculus.org/openbox/index.php/Help:Actions

> Hides all windows so that the desktop is visible, and gives focus to the desktop window if one exists (such as in GNOME and KDE). You can also use the action again to show the windows again, if no windows have become visible yet.

And gives a example on it's usage.

---------------------------

the only thing that sucks about it is that XML is wordy and all that, but that's something that can be worked around with a good text editor.

I suppose I am just saying that a decent text configuration file with good documentation and usable syntax is good while a text configuration with bad syntax and no documentation is a nightmare no matter if it's XML or what.

Instructions from Fedora on fixing the dbus problem

Posted Dec 13, 2008 8:52 UTC (Sat) by muwlgr (guest, #35359) [Link] (6 responses)

Fedora still uses root account with password. I think I like Ubuntu approach better (disabled password for root, and sudo rights for the first non-root user created on the system).

Instructions from Fedora on fixing the dbus problem

Posted Dec 13, 2008 10:10 UTC (Sat) by luya (subscriber, #50741) [Link]

Root name is deceiving because Fedora restricts its privilege with SELinux and its policies. Consolekit and Policykit are other tools replacing sudo.

Instructions from Fedora on fixing the dbus problem

Posted Dec 18, 2008 8:30 UTC (Thu) by pcampe (guest, #28223) [Link]

I think that Ubuntu approach is rather disturbing. It hides the existence of root for normal users (who in a vast majority probably think that "sudo" is the linux equivalent of "ehm" or "well") and allows every user to do everything as "well"... "sudo" is a prefix everyone could type in.

sudo = 1st account can subvert whole system

Posted Dec 18, 2008 16:17 UTC (Thu) by dwheeler (guest, #1216) [Link] (3 responses)

A big problem with the "sudo" approach is that any program you run - including, say, an attacker script sent via a browser - can use 'sudo' and overwrite ANYTHING, such as /bin/sh or the kernel.

With the "log in as root" approach, attacking programs don't get automatic access to the whole system.

sudo = 1st account can subvert whole system

Posted Dec 18, 2008 18:32 UTC (Thu) by dlang (guest, #313) [Link] (2 responses)

hmm,

when linspire has the user login as root everyone screamed about how stupid it was, that they should have setup sudo instead

now ubuntu (among other distros) setup sudo instead and people scream about it not being safe.

what exactly should a distro do? force every user to logout and login as root? we know that that's not a good idea, windows tried the equivalent and the result was that everyone ran as 'administrator' (root equivalent) all the time.

sudo = 1st account can subvert whole system

Posted Dec 18, 2008 19:41 UTC (Thu) by jspaleta (subscriber, #50639) [Link] (1 responses)

I believe PolicyKit is meant to be the 'right' answer for this space:
http://hal.freedesktop.org/docs/PolicyKit/introduction.html

There are a set of cmdline tools which let you set authorizations manually:
http://hal.freedesktop.org/docs/PolicyKit/tools-fileforma...

There is a gui for gnome called polkit-gnome-authorization which lets you administer defined actions from the gnome desktop.

Discussion reference:
https://listman.redhat.com/archives/rhl-devel-list/2008-A...

I dont use KDE, so I don't know the state of the kde equivalent for an authorization gui.

-jef

sudo = 1st account can subvert whole system

Posted Dec 18, 2008 21:02 UTC (Thu) by dlang (guest, #313) [Link]

reading the policy kit link, it doesn't look like that comes close to solving the problem.

it is a toolkit to allow GUI programs to be segmented into privilaged and unprivilaged parts and standardize the communication between them.

this approach only works if someone re-writes everything that needs to be done as a privilaged user into a client-server GUI tool.

when you need to fix the GUI stuff, or do things not covered by it, you still need to go back and use sudo (or equivalent) to run the commands.

besides which, even if you have PolicyKit fully implmented, if the user is allowed to do everything then you have the same problem as sudo, if they aren't you still need some other way to do the stuff, so what do you do?


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds