[GTALUG] Fedora 27 packagekit reboot and install glitch

D. Hugh Redelmeier hugh at mimosa.com
Thu May 17 08:46:25 EDT 2018 

I'm on Fedora 28.  I'm replying somewhat carelessly: I'm not checking
things.

| From: Russell via talk <talk at gtalug.org>

| On May 16, 2018 8:24:52 PM EDT, Howard Gibson <hgibson at eol.ca> wrote:
| >On Wed, 16 May 2018 19:48:31 -0400
| >Russell via talk <talk at gtalug.org> wrote:
| >
| >> After installing some recent F27 updates using the gnome software
| >centre, the package kit watchdog has stopped exiting gracefully on an
| >install routine. This happened after I chose to enable the recommended
| >updates.

[quoting (by Howard) got somewhat mucked up (by Russell's MUA) due to long 
lines.  At least I think that that is what happened.]

I don't knowingly use packagekit.  But of course it runs on my systems.  I 
use dnf.

I wish I'd removed packagekit a while back because a (now fixed) bug
caused a lot of space to be wasted on my machines.  Perhaps even
double-downloading of packages (I don't know).
<https://bugzilla.redhat.com/show_bug.cgi?id=1306992>

I built my own work-around: a script to prune the cache.  I no longer
need it.

Maybe you can remove packagekit.  Or just disable it.

| >I am having problems with dnf too.  I have upgraded my two primary
| >computers to Fedora_27.  Overall, I am happy with it, but I find that
| >install orders to dnf fail a lot.  Usually, they work when I run them
| >again.  This is not much help when my cron job tries to do an update.

I don't have unexpected dnf failures.  I do get expected ones:

- (not recently) if packagekit is refreshing its cache, dnf gets
  delayed or even locked out.

- the filesystem with /var/cache fills up and dnf balks

Why or how does dnf fail for you?

| I don't generally do updates except for those security issues which I 
| find out about, either from this list or other feeds. Once I have 
| something that I do rely on daily for workflow, I try not to upset the 
| applecart.

In this day and age, I do updates fairly regularly.  And with Fedora,
it is kind of like a Niagara.  I guess it's a little slower when one
is one version back.

I don't find applecarts are upset, but it is a worry.

With your philosophy, you should consider CentOS.  Its main fault is
that the packages are so far behind the times.

Ubuntu LTS seems to be somewhere in the middle.  But I don't have much
experience with it.  Debian gives you choices too but I don't have any
first-hand experience (something I regret).

| This year is a bit of an exception, I do all recommended updates, as so 
| many core utilities are affected by all the recent cache mitigations.

Do you know about the dnf flag --security?  I've never tried it, but
it seems to be what you want.  There is also --sec-severity.  They
look like great shortcuts for your policy.

| In 
| addition Fedora 28, has aligned itself more completely with the 
| principles of the company's more robustly secured enterprise solutions. 

I don't understand.  Fedora is kind of a pathfinder for RHEL.  Some
initiatives are deemed failures but most others get into the next version of
RHEL (up to five years later!).

RHEL is more secure partly because it is more conservative about
adopting upstream updates.  This takes a lot of work and backporting
-- there are a lot of Red Hat employees doing this.  They also do a
lot of testing, including formal testing such as FIPS auditing.

| Now libnsl is prised out of glibc and stands on its own as libnsl2.
| 
| Ostensibly this provides enhanced support for Transport Independant RPC 
| on IPv6 networks. However my first attempt to revert back to libnsl for 
| portmapping, as others using sane backends on Fedora have recommended 
| trying, borked the socket completely. Clearly I missed something, which 
| thusfar appears to be above my pay grade.

I've not had any problems and have been blissfully ignorant of this
issue.  I do use SANE.

I feel (but don't know for sure) that glibc is way too big and should
be modularized.  Changing this kind of thing is hard because it
ripples down to the many many clients of glibc.

| Currently my reading suggests I should be looking to how memory 
| allocation is being managed in F28 to provide for better dynamic 
| linking.

Why?  Is this connected to problems that you are experiencing?

| I remember a Tlug presentation from quite a number of years ago 
| titled, "Better Living Through Dynamic Linking."
| 
| Now I wish I'd kept better notes, you never know when this sort of 
| esoteric stuff will come in handy.

David Collier-Brown's talk was interesting.  But the mechanism is very
powerful and easy to get wrong.  What problem do you have that it
might solve?

More information about the talk mailing list