Bug 2024430

Summary: dnf system-upgrade with --downloaddir uses rm -rf and will destroy user data
Product: [Fedora] Fedora Reporter: Linuxguy123 <linuxguy123>
Component: dnf-plugins-extrasAssignee: amatej
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: high    
Version: 35CC: amatej, daniel.mach, gordon.messmer, jkadlcik, jmracek, martin.bukatovic, mblaha, pkratoch, rpm-software-management, samuel-rhbugs, vmukhame
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dnf-plugins-extras-4.0.16-1.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-14 13:09:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The source file with the offending code. none

Description Linuxguy123 2021-11-18 04:50:34 UTC 
Created attachment 1842485 [details]
The source file with the offending code.

Created attachment 1842485 [details]
The source file with the offending code.

Description of problem:

Using --downloaddir with system-upgrade will destroy all other data in the provided directory.

dnf system-upgrade download --downloaddir=/home will destroy all home directories on the computer with no warning.  This is unacceptable.


Version-Release number of selected component (if applicable):

$ dnf list dnf\*
Last metadata expiration check: 0:01:10 ago on Wed 17 Nov 2021 09:40:44 PM MST.
Installed Packages
dnf.noarch                                                                  4.9.0-1.fc35                                                   @fedora 
dnf-data.noarch                                                             4.9.0-1.fc35                                                   @fedora 
dnf-plugins-core.noarch                                                     4.0.24-1.fc35                                                  @updates
dnfdaemon.noarch                                                            0.3.20-7.fc35                                                  @fedora 
dnfdaemon-selinux.noarch                                                    0.3.20-7.fc35                                                  @fedora 
dnfdragora.noarch                                                           2.1.0-5.fc35    


How reproducible:

Will do it every time.  See source code.


Steps to Reproduce:
1. dnf system-upgrade download --downloaddir=/home --releasever=35

Actual results:

upgrade goes fine, but home directories are all deleted !


Expected results:

dnf should not delete any user data


Additional info:

git clone https://github.com/rpm-software-management/dnf-plugins-extras.git 

From dnf-plugins-extras/plugins/system_upgrade.py:  (See attachment) 

def clear_dir(path):
    if not os.path.isdir(path):
        return

    for entry in os.listdir(path):
        fullpath = os.path.join(path, entry)
        try:
            if os.path.isdir(fullpath):
                dnf.util.rm_rf(fullpath)

The developer appears to use #rm -rf on the directory provided.  When I used /home as the download directory, it wiped out all the user data in the home directories on my computer !

Furthermore, there is no warning of this behavior to the user on the command line or on the man page.

I lost months of work just because I used --downloaddir=/home
Comment 1 Gordon Messmer 2021-11-18 07:33:12 UTC 
> dnf system-upgrade download --downloaddir=/home --releasever=35

Because dnf removes the downloaddir on completion, I'd like to suggest that it should check downloaddir before it begins and refuse to accept a directory that is not empty.
Comment 2 Samuel Sieb 2021-11-18 07:44:37 UTC 
It does not remove the directory.  Look at /var/lib/dnf/system-upgrade on a system that you've done an upgrade on.
Comment 3 Linuxguy123 2021-11-18 16:14:57 UTC 
It removes *everything* within that directory, recursively, ie including sub directories.
Comment 4 Linuxguy123 2021-11-18 16:17:49 UTC 
I shared this with the dnf developers on github.   https://github.com/rpm-software-management/dnf-plugins-extras/issues/200
Comment 5 Gordon Messmer 2021-11-18 16:53:08 UTC 
> It does not remove the directory.  Look at /var/lib/dnf/system-upgrade on a system that you've done an upgrade on.

I don't think that's adequate as contrary evidence.  The system-upgrade plugin code looks like it'll remove the cachedir and, if it was specified, the "destdir" (which is set by --downloaddir).  As far as I can tell, /var/lib/dnf/system-upgrade is not either of those things when --downloaddir isn't specified.
Comment 6 Linuxguy123 2021-11-18 23:29:28 UTC 
As the code points out, dnf system-upgrade does a rm -rf on "fullpath".   It appears that if --downloaddir isn't used, fullpath is /var/lib/dnf/system-upgrade.   If you use --downloaddir, then it is whatever dir you give it.
Comment 7 amatej 2021-11-24 09:19:45 UTC 
Yes it unfortunately cleans everything in the destdir (can be specified by --destdir or --downloaddir).

I made a PR to fix this: https://github.com/rpm-software-management/dnf-plugins-extras/pull/201
and also tests for it: https://github.com/rpm-software-management/ci-dnf-stack/pull/1056
Comment 8 Fedora Update System 2022-03-14 13:07:14 UTC 
FEDORA-2022-e119fcc7d5 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-e119fcc7d5
Comment 9 Fedora Update System 2022-03-14 13:09:41 UTC 
FEDORA-2022-e119fcc7d5 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.