Bug 1777819
| Summary: | yum/dnf downgrades packages to resolv dependencies | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | adam winberg <adam.winberg> | |
| Component: | yum | Assignee: | Jaroslav Mracek <jmracek> | |
| Status: | CLOSED CANTFIX | QA Contact: | swm-qe | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 8.1 | CC: | dmach, james.antill, jcastran | |
| Target Milestone: | rc | Keywords: | FutureFeature, Triaged | |
| Target Release: | 8.0 | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1783238 1783244 (view as bug list) | Environment: | ||
| Last Closed: | 2020-01-23 10:09:12 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1783238, 1783244 | |||
| Bug Blocks: | ||||
|
Description
adam winberg
2019-11-28 11:44:44 UTC
Typo correction - i _do_ want yum to fail if dependencies are not fulfilled Anyone? On an enterprise distro you hardly want to downgrade packages and risk end up in a vulnerable state, just to satisfy dependencies. Is there really no way to make yum/dnf fail instead? Thank you very much for the report. Please could you provide an additional information about your system? It is needed to properly decide what we can do for you. Please could you provide outputs form following commands? yum repolist yum repoquery --info --installed --available libreoffice-ure inkscape yum module list Thanks a lot. We're using local yum mirrors so the repolist is not so useful to you I think. In the example with inkscape there is only one repo involved (tfolinux-rhel-appstream), which is a copy of the AppStream repo from Red Hat. The repo is copied nightly from Red Hats CDN using Pulp. ------------------------------------------- $ yum repoquery --info --installed --available libreoffice-ure inkscape Name : inkscape Version : 0.92.3 Release : 11.module+el8+2446+0a10e1ae Architecture : x86_64 Size : 17 M Source : inkscape-0.92.3-11.module+el8+2446+0a10e1ae.src.rpm Repository : tfolinux-rhel-appstream Summary : Vector-based drawing program using SVG URL : http://inkscape.sourceforge.net/ License : GPLv2+ and CC-BY Description : Inkscape is a vector graphics editor, with capabilities similar to : Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector : Graphics (SVG) file format. It is therefore a very useful tool for web : designers and as an interchange format for desktop publishing. : : Inkscape supports many advanced SVG features (markers, clones, alpha : blending, etc.) and great care is taken in designing a streamlined : interface. It is very easy to edit nodes, perform complex path operations, : trace bitmaps and much more. Name : inkscape Version : 0.92.3 Release : 11.module+el8.1.0+3666+f1394dd4 Architecture : x86_64 Size : 17 M Source : inkscape-0.92.3-11.module+el8.1.0+3666+f1394dd4.src.rpm Repository : tfolinux-rhel-appstream Summary : Vector-based drawing program using SVG URL : http://inkscape.sourceforge.net/ License : GPLv2+ and CC-BY Description : Inkscape is a vector graphics editor, with capabilities similar to : Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector : Graphics (SVG) file format. It is therefore a very useful tool for web : designers and as an interchange format for desktop publishing. : : Inkscape supports many advanced SVG features (markers, clones, alpha : blending, etc.) and great care is taken in designing a streamlined : interface. It is very easy to edit nodes, perform complex path operations, : trace bitmaps and much more. Name : libreoffice-ure Epoch : 1 Version : 6.0.6.1 Release : 13.el8 Architecture : x86_64 Size : 2.3 M Source : libreoffice-6.0.6.1-13.el8.src.rpm Repository : tfolinux-rhel-appstream Summary : UNO Runtime Environment URL : http://www.libreoffice.org/ License : (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 Description : UNO is the component model of LibreOffice. UNO offers interoperability between : programming languages, other components models and hardware architectures, : either in process or over process boundaries, in the Intranet as well as in the : Internet. UNO components may be implemented in and accessed from any : programming language for which a UNO implementation (AKA language binding) and : an appropriate bridge or adapter exists Name : libreoffice-ure Epoch : 1 Version : 6.0.6.1 Release : 19.el8 Architecture : x86_64 Size : 2.3 M Source : libreoffice-6.0.6.1-19.el8.src.rpm Repository : tfolinux-rhel-appstream Summary : UNO Runtime Environment URL : http://www.libreoffice.org/ License : (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 Description : UNO is the component model of LibreOffice. UNO offers interoperability between : programming languages, other components models and hardware architectures, : either in process or over process boundaries, in the Intranet as well as in the : Internet. UNO components may be implemented in and accessed from any : programming language for which a UNO implementation (AKA language binding) and : an appropriate bridge or adapter exists Name : libreoffice-ure Epoch : 1 Version : 6.0.6.1 Release : 19.el8 Architecture : x86_64 Size : 8.5 M Source : libreoffice-6.0.6.1-19.el8.src.rpm Repository : @System From repo : tfolinux-rhel-appstream Summary : UNO Runtime Environment URL : http://www.libreoffice.org/ License : (MPLv1.1 or LGPLv3+) and LGPLv3 and LGPLv2+ and BSD and (MPLv1.1 or GPLv2 or LGPLv2 or Netscape) and Public Domain and ASL 2.0 and MPLv2.0 and CC0 Description : UNO is the component model of LibreOffice. UNO offers interoperability between : programming languages, other components models and hardware architectures, : either in process or over process boundaries, in the Intranet as well as in the : Internet. UNO components may be implemented in and accessed from any : programming language for which a UNO implementation (AKA language binding) and : an appropriate bridge or adapter exists ------------------------------------------- $ yum module list RHEL8 AppStream Name Stream Profiles Summary 389-ds 1.4 389 Directory Server (base) ant 1.10 [d] common [d] Java build tool container-tools rhel8 [d][e] common [d] Common tools and dependencies for container runtimes container-tools 1.0 common [d] Common tools and dependencies for container runtimes freeradius 3.0 [d] server [d] High-performance and highly configurable free RADIUS server gimp 2.8 [d][e] common [d], devel gimp module go-toolset rhel8 [d] common [d] Go httpd 2.4 [d] common [d], devel, minimal Apache HTTP Server idm DL1 common [d], adtrust, client, dns, server The Red Hat Enterprise Linux Identity Management system module idm client [d] common [d] RHEL IdM long term support client module inkscape 0.92.3 [d] common [d] Vector-based drawing program using SVG javapackages-runtime 201801 [d][e] common [d] Basic runtime utilities to support Java applications libselinux-python 2.8 common Python 2 bindings for libselinux llvm-toolset rhel8 [d][e] common [d] LLVM mailman 2.1 [d] common [d] Electronic mail discussion and e-newsletter lists managing software mariadb 10.3 [d] client, server [d], galera MariaDB Module maven 3.5 [d] common [d] Java project management and project comprehension tool mercurial 4.8 [d] common [d] Mercurial -- a distributed SCM mod_auth_openidc 2.3 Apache module suporting OpenID Connect authentication mysql 8.0 [d] client, server [d] MySQL Module nginx 1.14 [d] common [d] nginx webserver nginx 1.16 common [d] nginx webserver nodejs 10 [d] common [d], development, minimal, s2i Javascript runtime nodejs 12 common [d], development, minimal, s2i Javascript runtime parfait 0.5 common Parfait Module perl 5.24 common [d], minimal Practical Extraction and Report Language perl 5.26 [d] common [d], minimal Practical Extraction and Report Language perl-App-cpanminus 1.7044 [d] common [d] Get, unpack, build and install CPAN modules perl-DBD-MySQL 4.046 [d] common [d] A MySQL interface for Perl perl-DBD-Pg 3.7 [d] common [d] A PostgreSQL interface for Perl perl-DBD-SQLite 1.58 [d] common [d] SQLite DBI driver perl-DBI 1.641 [d] common [d] A database access API for Perl perl-FCGI 0.78 [d] common [d] FastCGI Perl bindings perl-YAML 1.24 [d][e] common [d] Perl parser for YAML php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language pki-core 10.6 PKI Core module for PKI 10.6 or later pki-deps 10.6 PKI Dependencies module for PKI 10.6 or later postgresql 9.6 [x] client, server [d] PostgreSQL server and client module postgresql 10 [d][x] client, server [d] PostgreSQL server and client module python27 2.7 [d][e] common [d] Python programming language, version 2.7 python36 3.6 [d][e] common [d], build Python programming language, version 3.6 redis 5 [d] common [d] Redis persistent key-value database rhn-tools 1.0 [d] common [d] Red Hat Satellite 5 tools for RHEL ruby 2.5 [d][e] common [d] An interpreter of object-oriented scripting language ruby 2.6 common [d] An interpreter of object-oriented scripting language rust-toolset rhel8 [d] common [d] Rust satellite-5-client 1.0 [d] common [d], gui Red Hat Satellite 5 client packages scala 2.10 [d] common [d] A hybrid functional/object-oriented language for the JVM squid 4 [d] common [d] Squid - Optimising Web Delivery subversion 1.10 [d] common [d], server Apache Subversion swig 3.0 [d] common [d], complete Connects C/C++/Objective C to some high-level programming languages varnish 6 [d] common [d] Varnish HTTP cache virt rhel [d] common [d] Virtualization module RHEL8 CodeReady-builder Name Stream Profiles Summary javapackages-tools 201801 common Tools and macros for Java packaging support mariadb-devel 10.3 MariaDB Module virt-devel rhel Virtualization module Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled ------------------------------------------- Thanks a lot for cooperation. It looks like that the problem is in the latest inkscape build (the issue will be resolved by different bugzilla). The downgrade must be not required to install inkscape. In reported issue YUM allows to install inkscape even if downgrade of other packages is required. But next upgrade operation will fail because DNF cannot upgrade into the latest packages. With install operation YUM newer knows if downgrade is intended or not. Or be more general to install/downgrade not the latest dependencies. The upgrade operation is quite clear what is intended and YUM in RHEL will fail if upgrade cannot be performed completely. I can only propose to use the upgrade/check-update command as an indicator for your system if there are any upgrades available and probably not applicable. Could you accept the upgrade command as a sufficient workaround to resolve the issue? I'm not sure I understand - in this case, if a user wants to install inkscape, how would 'yum upgrade' help us from preventing that the install operation downgrades packages? I am sorry for my confusing comment 5. The issue with inkscape is that the rebuild of inkscape with latest dependencies provided older packages (broken upgrade path). The issue will be fixed by rebuild of inkskape then you will not experience (https://bugzilla.redhat.com/show_bug.cgi?id=1783238). (In reply to adam winberg from comment #2) > Anyone? On an enterprise distro you hardly want to downgrade packages and > risk end up in a vulnerable state, just to satisfy dependencies. > > Is there really no way to make yum/dnf fail instead? At the present time there is no way how to change the behaviour of the install command to use only the latest packages for dependencies. But the upgrade command fails when a single package cannot be upgraded into the latest version (requires best=True in /etc/dnf/dnf.conf or --best in commandline). > At the present time there is no way how to change the behaviour of the install command to use only the latest packages for dependencies. Since yum/dnf is clearly aware that it is in fact downgrading packages in order to be able to install the desired package it feels like it should be possible to switch that behaviour off. > But the upgrade command fails when a single package cannot be upgraded into the latest version (requires best=True in /etc/dnf/dnf.conf or --best in commandline). In cases such as the one with inkscape using '--best' will not make any difference I believe? And according to documentation the '--best' parameter is only relevant to upgrades? I will create patches that will add a configuration option (`solverflags`) that will allow modification of behaviour by removing of default values. It also requires changes in behaviour of libdnf API therefore I have to consider the bug as a RFE. I create a patch for dnf/libdnf (https://github.com/rpm-software-management/libdnf/pull/880), but discussion revealed that adding possibility to disable downgrades will brake modular content in RHEL8. After considering all information I have to close the bug as cannot fix. Your issue will be resolved by a new release of inkscape (See: https://bugzilla.redhat.com/show_bug.cgi?id=1783238) |