Red Hat Bugzilla – Bug 1234930
[RFE] Add yum-security functionality to DNF
Last modified: 2017-05-19 11:39:43 EDT
Description of problem:
I find it useful to sometimes only apply security errata. Something akin to what yum-plugin-security did.
With other words, I would like to see a feature where it was possible to run
dnf update --security
which would apply only security-related updates.
Worarounds suggesed by Jan Silhan
* search the packages from "dnf updateinfo list security" and
then update them. Note: you will do it manually.
* run "dnf-automatic" with "upgrade_type = security", "download_updates = yes"
and "apply_updates = yes" options set in /etc/dnf/automatic.conf
(dnf-automatic can run as a cron job too)
The original requirements can be found in bug 234646.
I'm not speaking via any authoritative role here, but I can confidently say that this will have to be worked out in the next couple years before RHEL8 drops.
The DNF security plugin should do this or it will be in dnf itself.
*** Bug 1262572 has been marked as a duplicate of this bug. ***
See the bug 1262572 for a closely related request of an --advisory option.
Those bugs are not really the same. They ask for different features, which were both once implemented by yum-security and merged into core yum(-deprecated) at the same time:
* --security = install only updates from (all) update groups tagged as security
* --advisory=FEDORA-2015-nnnnn = install only updates from the specific update group FEDORA-2015-nnnnn – whether that was actually a security update group or some other type does not actually matter
IMHO, --advisory is the much more useful option. It can be used to test a specific update group from updates-testing. --security is a global flag that works very poorly in practice, because security updates can depend on prior non-security updates.
--advisory is also something we document on Common Bugs pages. We have this wiki template:
which explicitly instructs you to use 'yum --enablerepo=updates-testing update --advisory=ADVISORY' to test a specific update. I can't in fact see any good replacement for this quite important function in DNF. I agree with Kevin that these are two separate requests; --security does not fulfil the use case of --advisory.
Note that --advisory is somewhat inaccurately named in a Fedora context, because it really operates on *update IDs*. The significance of this is it is not applicable only to security updates, you can use it on *any* update.
I'm probably going to have to adjust the template to use yum-deprecated for now, as I just can't see any other option.
OK, you probably did not understand me. Comment #5 was primarily dedicated to the future assignee. Since I have closed the request for --advisory as a duplicate of this bug because we handle this report as a request to port the Yum's security plugin (see comment #3), I just wanted to make sure that the assignee won't forget to implement the --advisory option as well. Sorry for the pure wording.
I mean "poor wording", ehm...
*** Bug 1275138 has been marked as a duplicate of this bug. ***
Cool RFE is already open, It looks like easy do an implementation is just manipulate dnf updateinfo command ! 
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
Thank you for reporting this bug and we are sorry it could not be fixed.
There is a first PR that should solve the problem: https://github.com/rpm-software-management/dnf/pull/649
Will this be only a DNF 2 feature or which Fedora releases will get this?
Unfortunately it will be available only for Fedora 26+. But we have a testing repository with dnf-2.0 for Fedora 24+ (dnf copr enable rpmsoftwaremanagement/dnf-nightly)
I installed from the COPR and the man page section on updateinfo does not seem to match the tool itself. (Like, there seems to be no --list.) Is the command I want
dnf updateinfo --security
I am sorry but I didn't get note about --list. Please can you provide output from:
1. rpm -q dnf
2. dnf updateinfo --security
3. yum-deprecated updateinfo --security
First of all you have to upgrade dnf to latest version. If you use rawhide just from rawhide repo, but for fc24+ you have to use our testing repository (dnf copr enable rpmsoftwaremanagement/dnf-nightly). In my case the latest dnf is dnf-2.0.0_1-74g8fe8683.fc25.noarch .
Then --security option should work as with yum.
Please if you have another problem, or --security is not working like expected, please try to report it, or probably open new bugzilla.