.The `dnf-automatic` command now correctly reports the exit status of transactions
Previously, the `dnf-automatic` command returned a successful exit code of a transaction even if some actions during this transaction were not successfully completed. This could cause a security risk on machines that use `dnf-automatic` for automatic deployment of errata. With this update, the issue has been fixed, and `dnf-automatic` now reports every problem with packages during the transaction.
Description of problem:
dnf-automatic returns "success" ( zero exit status returned ) even if the called dnf command returns error
Version-Release number of selected component (if applicable):
dnf-4.7.0-11.el8.noarch
dnf-automatic-4.7.0-11.el8.noarch
How reproducible:
Steps to Reproduce:
1. Added an immutable bit to /usr/sbin/httpd to cause a package update failure.
2. With the "dnf" command, we see that the "httpd" update failed and an exit status of "1" indicates that the command was not successful.
---------------------------------------------------------------------------
[root@rhel8 ~]# dnf -v update httpd; echo $?
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, uploadprofile, versionlock
Updating Subscription Management repositories.
DNF version: 4.7.0
cachedir: /var/cache/dnf
User-Agent: constructed: 'libdnf (Red Hat Enterprise Linux 8.7; generic; Linux.x86_64)'
--> Starting dependency resolution
---> Package httpd.x86_64 2.4.37-47.module+el8.6.0+15654+427eba2e.2 will be upgraded
---> Package httpd.x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e will be an upgrade
--> Finished dependency resolution
Dependencies resolved.
===================================================================================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================================================================================
Upgrading:
httpd x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e rhel-8-for-x86_64-appstream-rpms 1.4 M
Transaction Summary
===================================================================================================================================================================================================================
Upgrade 1 Package
Total download size: 1.4 M
Is this ok [y/N]: y
Downloading Packages:
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm 3.6 MB/s | 1.4 MB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 3.6 MB/s | 1.4 MB 00:00
Using rpmkeys executable at /usr/bin/rpmkeys to verify signatures
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/1
Upgrading : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/2
Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Errors occurred during transaction.
Verifying : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/2
Verifying : httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 2/2
Completion plugin: Generating completion cache...
Installed products updated.
Failed: httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
Failed: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Failed:
httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Error: Transaction failed
1
---------------------------------------------------------------------------
3. With the "dnf-automatic" command, we see that the "httpd" update failed and the exit status returned was 0.
---------------------------------------------------------------------------
# dnf-automatic --installupdates ; echo $?
Updating Subscription Management repositories.
Last metadata expiration check: 0:03:42 ago on Wed 15 Feb 2023 10:30:55 AM EST.
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Installed products updated.
The following updates have been applied on 'rhel8':
===================================================================================================================================================================================================================
Package
Arch Version Repository Size
===================================================================================================================================================================================================================
Upgrading:
httpd x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e
rhel-8-for-x86_64-appstream-rpms 1.4 M
Transaction Summary
===================================================================================================================================================================================================================
Upgrade 1 Package
Updates completed at Wed 15 Feb 2023 10:34:41 AM EST
0
---------------------------------------------------------------------------
Actual results:
With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed.
With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed. .
Expected results:
With dnf-automatic command, if update failed is failed then echo $? should return correct exit status.
Additional info:
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (dnf bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2023:7122
Description of problem: dnf-automatic returns "success" ( zero exit status returned ) even if the called dnf command returns error Version-Release number of selected component (if applicable): dnf-4.7.0-11.el8.noarch dnf-automatic-4.7.0-11.el8.noarch How reproducible: Steps to Reproduce: 1. Added an immutable bit to /usr/sbin/httpd to cause a package update failure. 2. With the "dnf" command, we see that the "httpd" update failed and an exit status of "1" indicates that the command was not successful. --------------------------------------------------------------------------- [root@rhel8 ~]# dnf -v update httpd; echo $? Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, uploadprofile, versionlock Updating Subscription Management repositories. DNF version: 4.7.0 cachedir: /var/cache/dnf User-Agent: constructed: 'libdnf (Red Hat Enterprise Linux 8.7; generic; Linux.x86_64)' --> Starting dependency resolution ---> Package httpd.x86_64 2.4.37-47.module+el8.6.0+15654+427eba2e.2 will be upgraded ---> Package httpd.x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e will be an upgrade --> Finished dependency resolution Dependencies resolved. =================================================================================================================================================================================================================== Package Architecture Version Repository Size =================================================================================================================================================================================================================== Upgrading: httpd x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e rhel-8-for-x86_64-appstream-rpms 1.4 M Transaction Summary =================================================================================================================================================================================================================== Upgrade 1 Package Total download size: 1.4 M Is this ok [y/N]: y Downloading Packages: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm 3.6 MB/s | 1.4 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 3.6 MB/s | 1.4 MB 00:00 Using rpmkeys executable at /usr/bin/rpmkeys to verify signatures Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/1 Upgrading : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/2 Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 Errors occurred during transaction. Verifying : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 1/2 Verifying : httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 2/2 Completion plugin: Generating completion cache... Installed products updated. Failed: httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 Failed: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 Failed: httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64 httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 Error: Transaction failed 1 --------------------------------------------------------------------------- 3. With the "dnf-automatic" command, we see that the "httpd" update failed and the exit status returned was 0. --------------------------------------------------------------------------- # dnf-automatic --installupdates ; echo $? Updating Subscription Management repositories. Last metadata expiration check: 0:03:42 ago on Wed 15 Feb 2023 10:30:55 AM EST. Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64 Installed products updated. The following updates have been applied on 'rhel8': =================================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================================== Upgrading: httpd x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e rhel-8-for-x86_64-appstream-rpms 1.4 M Transaction Summary =================================================================================================================================================================================================================== Upgrade 1 Package Updates completed at Wed 15 Feb 2023 10:34:41 AM EST 0 --------------------------------------------------------------------------- Actual results: With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed. With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed. . Expected results: With dnf-automatic command, if update failed is failed then echo $? should return correct exit status. Additional info: