Bug 1804234

Summary: yum false positive advisory if module enabled
Product: Red Hat Enterprise Linux 8 Reporter: Jan Jansky <jjansky>
Component: yumAssignee: Jaroslav Mracek <jmracek>
Status: CLOSED ERRATA QA Contact: Jan Blazek <jblazek>
Severity: unspecified Docs Contact:
Priority: high    
Version: 8.1CC: amkulkar, bvassova, dstreit, fblinuxos, gary.ballantine, james.antill, jcastran, ktordeur, kupadhya, kwalker, lberton, lilhuang, mdomonko, mmraka, mwhitake, myoder, pdwyer, phess, pkratoch, plawate, ppisar, psegedy, sumit.srivastava, tlestach
Target Milestone: rcKeywords: Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libdnf-0.63.0-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1873006 (view as bug list) Environment:
Last Closed: 2021-11-09 19:52:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1951409    
Bug Blocks: 1654708, 1825061, 1873006    

Description Jan Jansky 2020-02-18 14:03:37 UTC 
Description of problem: If i will enable module 'perl-DBD-SQLite' there is always in 'yum list-sec' multiple times 'RHBA-2019:3337' which is not applicable.


Version-Release number of selected component (if applicable):
# rpm -qa | grep -e yum -e dnf
python3-dnf-4.2.7-7.el8_1.noarch
python3-dnf-plugins-core-4.0.8-3.el8.noarch
dnf-plugins-core-4.0.8-3.el8.noarch
dnf-data-4.2.7-7.el8_1.noarch
dnf-4.2.7-7.el8_1.noarch
dnf-plugin-subscription-manager-1.25.17-1.el8.x86_64
dnf-plugin-spacewalk-2.8.5-11.module+el8.1.0+3455+3ddf2832.noarch
yum-4.2.7-7.el8_1.noarch
python3-dnf-plugin-spacewalk-2.8.5-11.module+el8.1.0+3455+3ddf2832.noarch
libdnf-0.35.1-9.el8_1.x86_64
python3-libdnf-0.35.1-9.el8_1.x86_64


How reproducible: Always


Steps to Reproduce:
1. yum module enable perl-DBD-SQLite
2. yum list-sec
3. yum update --advisory=RHBA-2019:3337

Actual results:
# yum update --advisory=RHBA-2019:3337
Failed to set locale, defaulting to C.UTF-8
Updating Subscription Management repositories.
Red Hat Satellite Tools 6.5 for RHEL 8 x86_64 (RPMs)                                                                                                                                                           13 kB/s | 2.1 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)                                                                                                                                                       11 kB/s | 2.8 kB     00:00    
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)                                                                                                                                                          13 kB/s | 2.4 kB     00:00    
No security updates needed, but 50 updates available
Dependencies resolved.
Nothing to do.            <<<<<<<<<<<<<<<<<<<<
Complete!


Expected results:
Apply errata or even better not show it in list-sec


Additional info:
If i disable module this errata disappear again.
Comment 2 Jaroslav Mracek 2020-02-27 08:53:55 UTC 
The problem is triggered by unique structure of RHBA-2019:3337 advisory.In past all advisories have a single section <pkglist> with only one <collection> inside. With modules in section <collection> information about modules <module> appeared to specify if advissory is applicable.
 
But from 77 modular advisories 3 advisories have a different structure. They have multiple <collection> (RHBA-2019:3337 with 15 collections, RHBA-2020:0347 with 2 collections, RHBA-2019:3416 with 2 collections) in <pkglist> and each collection have different modules there. It means that we are not talking about applicability of advisory but about applicability of collection and only packages described in that collection.

The present structure in libsolv puts all packages from advisory into a single list and all modules described in advisory also in list. Then there is no relation between modules and collection and package and collection.

There are only two ways how to resolve the issue and both are very painful. Make new structure inside libsolv => incompatible change or change generation of advisory.

Additionally - even after resolvement of this issue false positive detection of advisory will be still present in multicontext modules due data redundancy in advisory.
Comment 5 Jaroslav Mracek 2020-04-06 06:45:10 UTC 
I created two simplified reproducers - https://github.com/j-mracek/module_repos/tree/master/advisories.
Comment 6 Jaroslav Mracek 2020-04-29 07:30:39 UTC 
*** Bug 1791843 has been marked as a duplicate of this bug. ***
Comment 12 amatej 2020-09-14 10:15:00 UTC 
*** Bug 1870131 has been marked as a duplicate of this bug. ***
Comment 14 amatej 2020-10-06 09:51:01 UTC 
*** Bug 1884169 has been marked as a duplicate of this bug. ***
Comment 17 Jaroslav Mracek 2021-03-03 14:14:43 UTC 
I created a patch https://github.com/rpm-software-management/libdnf/pull/1151 that will resolve the final part of the issue.

To resolve the issue it requires libdolv-0.7.17 and https://github.com/rpm-software-management/libdnf/pull/1082, 

First part of tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/909
Comment 18 Jaroslav Mracek 2021-03-04 12:40:47 UTC 
The second part of CI tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/968
Comment 21 smcdowel 2021-04-22 14:43:18 UTC 
*** Bug 1926342 has been marked as a duplicate of this bug. ***
Comment 28 Jaroslav Mracek 2021-09-21 06:54:43 UTC 
*** Bug 2004748 has been marked as a duplicate of this bug. ***
Comment 30 errata-xmlrpc 2021-11-09 19:52:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: dnf security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4464