# pkg version -R as non-root?



## Simon Wagner (Jun 15, 2021)

Dear forum,

What I would like to achieve:
Allow a non-root user to see if there are upgradable packages (without using sudo) on a remote repository. Of course, the actual upgrade would need root.

From my point of view:
Checking local version numbers against remote version numbers should not require a write to a local file, these should be simple read operations.

pkg version -U says "Suppress the automatic update of the local copy of the repository catalogue from remote." sounds like exactly like what I want, especially when this is implied when running as non-root.

What I get:
pkg version -RU needs a previous pkg update by root to show upgradeables ("<"), otherwise it will only show an old status. 

Does pkg version really need to write a local file first before it can compare remote versions?
Am I just missing another parameter, or is there really no way to achieve this?

Thanks a lot
Simon


----------



## SirDice (Jun 15, 2021)

You'll need to update the locally cached catalog first with `pkg update`, this information gets written to /var/db/pkg/repo-FreeBSD.sqlite (with the default repository). If that cached information is too old pkg-version(8) is fairly useless.


----------



## Deleted member 30996 (Jun 15, 2021)

Simon Wagner said:


> What I would like to achieve:
> Allow a non-root user to see if there are upgradable packages (without using sudo) on a remote repository. Of course, the actual upgrade would need root.
> 
> From my point of view:
> Checking local version numbers against remote version numbers should not require a write to a local file, these should be simple read operations.


If they can run a command to see what version program it is they're using they can do so easily at freshports.org.

If I want to see if there's a new vulnerability without becoming root to run `pkg audit -F` that's where I'll look. They can do the same thing to see if there's a new port update, which will not reach pkg as soon as it will the ports tree.


----------



## covacat (Jun 15, 2021)

here comes the ... well...

```
(pkg query "%n,%v" && echo "!" && curl -s  'http://pkg.freebsd.org/FreeBSD:13:amd64/latest/packagesite.txz'|xzcat|tar xf - -O packagesite.yaml|cut -d, -f1,3|sed -E -e 's/\{"name":|"version"://g' -e 's/"//g')  | awk -F, '{ if(phase2 && B[$1]) print $1 " "  B[$1] ($2   > B[$1] ? " < " : " = ")  $2; else if($1=="!") phase2=1;else B[$1]=$2}
```

probably works with fetch instead of curl so it has no dependencies
BUGS
if the json in yaml changes order of keys will break
tar and xzcat can be condensend in tar j
cut,sed,awk could be done with awk only


----------



## Simon Wagner (Jun 15, 2021)

Thank you all for your answers.

So pkg needs to write a local file with the remote versions before it can compare local versions with the local copy... sure there is logic behind that which makes sense..

covacat: excellent solution. Your line seems to be missing a ' at the end, but I was able to extend that to what I need:


```
( pkg query "%n,%v" && echo "!" && curl -s 'http://pkg.freebsd.org/FreeBSD:13:amd64/latest/packagesite.txz' | xzcat | tar xf - -O packagesite.yaml | cut -d, -f1,3 | sed -E -e 's/\{"name":|"version"://g' -e 's/"//g' ) | awk -F, '{ if(phase2 && B[$1]) print $1 " "  B[$1] ($2   > B[$1] ? " < " : " = ")  $2; else if($1=="!") phase2=1;else B[$1]=$2}' | grep -v = | cut -d" " -f1
```

I'll keep your caveats in mind should this break in the future!

edit: hmm no, it doesn't at the moment, because of the nested ' and " because I need to embed that in an ssh command because all this is scripted. But it's already more than I had a few hours ago, happy tinkering!


----------



## covacat (Jun 15, 2021)

You can create a shell script out of it and use it remotely. And if you don't want to upload it first then create the shell script on your box.
Then `cat pkg-ver-script.sh |ssh user@remote 'cat|$SHELL'`


----------



## Simon Wagner (Jun 16, 2021)

a) thank you for that hint with piping into ssh, this might be useful also for other parts of my automation ideas

b) stupid me forgot that I am running my own repo, so comparing to freebsd.org will not do any good. I tried to re-hack the curl URL to my own 12.2 packagesite.txz, but it barfs at the moment. A good exercise to dissect your script to understand what each part does

THANKS!

c) still stupefied that pkg version needs to write locally ;-)


----------



## SirDice (Jun 16, 2021)

Simon Wagner said:


> still stupefied that pkg version needs to write locally


It doesn't. But if it finds the cached catalog is too old it will want to run pkg-update(8). If you turn that off (the `-U` option) then it's going to complain about the cached catalog being too old.


```
dice@molly:~ % pkg version -vRL=
dice@molly:~ %
```
(everything is up to date, so this shouldn't output anything, my locally cached catalog is also fairly recent, thus it doesn't complain about it either)

Maybe there's a cause of confusion on the difference between pkg-update(8) and pkg-upgrade(8). The first command (pkg-update(8)) only updates that locally cached catalog, and it needs to have write permission in /var/db/pkg to do that.


----------

