Bugzilla – Bug 1217192
zypp services setting default value for zypp variable in repoindex file is not processed correctly
Last modified: 2024-04-18 10:50:37 UTC
Created attachment 870774 [details] example repoindex lkocman@localhost:~/Downloads> grep DISTURL /usr/share/zypp/local/service/openSUSE/repo/opensuse-leap-repoindex.xml disturl="${OPENSUSE_DISTURL:-http://cdn.opensuse.org}" Example repoindex (also attached to the bug) https://github.com/lkocman/openSUSE-repos/blob/616df469398bbb946f15abf480463f738be7dfe9/opensuse-leap-repoindex.xml lkocman@localhost:~/Downloads> sudo zypper ref -s Refreshing service 'NVIDIA'. Refreshing service 'openSUSE'. Removing repository 'repo-non-oss (15.6)' .....................................................................................................................................[done] ... Problem retrieving the repository index file for service 'openSUSE': [|] Invalid Url scheme '${OPENSUSE_DISTURL' History: - Invalid Url scheme '${OPENSUSE_DISTURL'
Related PR https://github.com/openSUSE/openSUSE-repos/pull/42
Also few more issues, there seems to be a hard check to have scheme (http:// https://) prior expanding the variable in $disturl. Also variable filename has to be lowercase (my bad for not catching it before). So this works $ grep DISTURL /usr/share/zypp/local/service/openSUSE/repo/opensuse-leap-repoindex.xml disturl="http://${OPENSUSE_DISTURL}" $ cat /etc/zypp/vars.d/opensuse_disturl cdn.opensuse.org This doesn't $ grep DISTURL /usr/share/zypp/local/service/openSUSE/repo/opensuse-leap-repoindex.xml disturl="${OPENSUSE_DISTURL}" $ cat /etc/zypp/vars.d/opensuse_disturl http://cdn.opensuse.org lkocman@localhost:~> sudo zypper ref -s Refreshing service 'NVIDIA'. Refreshing service 'openSUSE'. Problem retrieving the repository index file for service 'openSUSE': [|] Url scheme is a required component History: - Url scheme is a required component
And if you use e.g. http:// scheme in the record, then the :- is recognized as a port definition and complains about invalid port.
Hard to fix because internally even the unexpanded values are shipped as type URL (i.e. the unexpanded string must form a valid URL). It also has security implications. The string parsed from the repo or service info is immediately wrapped into class Url, because Url guarantees that a known password embedded in the URL is not printed to the screen or log if a Url is dumped. If we teach Url to ship unexpanded strings we're in danger not to detect passwords exposed in the visible URl fragments. Unfortunately yast-pkg-bindings seems to consume the `repoInfo().rawUrl()` (the not expanded URL). So we can not simply hide the raw strings inside libzypp. Needs careful thinking. Maybe Url needs to be enabled to detect embedded repo variables and then creates a valid URL with some schema zyppraw:... and with the raw string as payload. This way unexpanded URLs can be shipped safely in class Url. Some care needs to be taken when writing zyppraw: back to a repo file. Preferably the original string should be restored, rather than the translated zyppraw: from.
https://github.com/openSUSE/libzypp/pull/497