Johnny Hughes wrote on Sun, 07 May 2006 16:13:47 -0500:
I read man yum and came to the conclusion that it is not a problem between
update and check-update. These *can* be different. check-update doesn't do
dependency processing. It also mentions that the difference between update
and upgrade is --obsoletes, but I don't see a difference in output at the
moment.
> Because ... that is a second set of calculations
>
> In the first set of calculations, all the packages where the names match
> up are done .. hmmm, a new package named clamav-db is needed (and there
> is nothing protected to prevent that). In a second set of
> calculations ... clamav-db obsoletes something else.
So, what protectbase does is calculate a merged list of the repos and if
any package is on that list any updates from unprotected repos for it will
be ignored. However, then clamav-update gets processed and checked for
dependencies and that reveals the obsoleting package clamav-db (but how?
see below). That's not on the list, so it gets installed. That's then at
least a shortcoming of the way that protectbase works.
Nevertheless, it's not really clear to me how the clamav-db package comes
into play. When dependencies are checked it should just check what's in the
spec file of the clamav-update package. But additionally it seems to query
all repos for packages updating/obsoleting this update?
> If you try to install it doesn't do it
I didn't try that. I thought I can rely on what update tells me before the
update.
.. NOW ... if the names were
> the
> same (with or without the obsoletes) this would not happen.
I agree. But this means that any repo can even overwrite the base repo just
because it obsoletes some package that is named the same as in the base
repo. This shouldn't be able to happen if I take "protectbase" literally.
Kai
--
Kai Sch?tzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
