Bug 1234930 - [RFE] Add yum-security functionality to DNF
Summary: [RFE] Add yum-security functionality to DNF
Alias: None
Product: Fedora
Classification: Fedora
Component: dnf
Version: rawhide
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: rpm-software-management
QA Contact: Fedora Extras Quality Assurance
: 1262572 1275138 (view as bug list)
Depends On:
Blocks: 1318312
TreeView+ depends on / blocked
Reported: 2015-06-23 14:06 UTC by David Juran
Modified: 2017-05-19 15:39 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-12-02 15:20:00 UTC
Type: Bug

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1294315 None CLOSED [RFE] dnf changes [package] ... 2019-06-03 04:12:13 UTC

Internal Links: 1294315

Description David Juran 2015-06-23 14:06:58 UTC
Description of problem:
I find it useful to sometimes only apply security errata. Something akin to what yum-plugin-security did.
With other words, I would like to see a feature where it was possible to run
dnf update --security
which would apply only security-related updates.

Additional info:
Worarounds suggesed by Jan Silhan

* search the packages from "dnf updateinfo list security" and
then update them. Note: you will do it manually.
* run "dnf-automatic" with "upgrade_type = security", "download_updates = yes"
and "apply_updates = yes" options set in /etc/dnf/automatic.conf
(dnf-automatic can run as a cron job too)

Comment 1 Steve Grubb 2015-06-23 14:15:25 UTC
The original requirements can be found in bug 234646.

Comment 2 Ryan Sawhill 2015-06-23 14:50:23 UTC
I'm not speaking via any authoritative role here, but I can confidently say that this will have to be worked out in the next couple years before RHEL8 drops.

Comment 3 Honza Silhan 2015-07-29 11:45:07 UTC
The DNF security plugin should do this or it will be in dnf itself.

Comment 4 Radek Holy 2015-09-16 14:26:58 UTC
*** Bug 1262572 has been marked as a duplicate of this bug. ***

Comment 5 Radek Holy 2015-09-16 14:27:49 UTC
See the bug 1262572 for a closely related request of an --advisory option.

Comment 6 Kevin Kofler 2015-09-16 23:56:34 UTC
Those bugs are not really the same. They ask for different features, which were both once implemented by yum-security and merged into core yum(-deprecated) at the same time:
* --security = install only updates from (all) update groups tagged as security
* --advisory=FEDORA-2015-nnnnn = install only updates from the specific update group FEDORA-2015-nnnnn – whether that was actually a security update group or some other type does not actually matter

IMHO, --advisory is the much more useful option. It can be used to test a specific update group from updates-testing. --security is a global flag that works very poorly in practice, because security updates can depend on prior non-security updates.

Comment 7 Adam Williamson 2015-09-23 19:47:29 UTC
--advisory is also something we document on Common Bugs pages. We have this wiki template:


which explicitly instructs you to use 'yum --enablerepo=updates-testing update --advisory=ADVISORY' to test a specific update. I can't in fact see any good replacement for this quite important function in DNF. I agree with Kevin that these are two separate requests; --security does not fulfil the use case of --advisory.

Note that --advisory is somewhat inaccurately named in a Fedora context, because it really operates on *update IDs*. The significance of this is it is not applicable only to security updates, you can use it on *any* update.

I'm probably going to have to adjust the template to use yum-deprecated for now, as I just can't see any other option.

Comment 8 Radek Holy 2015-09-24 09:21:07 UTC
OK, you probably did not understand me. Comment #5 was primarily dedicated to the future assignee. Since I have closed the request for --advisory as a duplicate of this bug because we handle this report as a request to port the Yum's security plugin (see comment #3), I just wanted to make sure that the assignee won't forget to implement the --advisory option as well. Sorry for the pure wording.

Comment 9 Radek Holy 2015-09-24 09:22:01 UTC
I mean "poor wording", ehm...

Comment 10 Honza Silhan 2015-10-26 13:29:18 UTC
*** Bug 1275138 has been marked as a duplicate of this bug. ***

Comment 11 Sergio Basto 2015-12-21 05:35:19 UTC
Cool RFE is already open, It looks like easy do an implementation is just manipulate dnf updateinfo command ! [1] 

[1] http://unix.stackexchange.com/a/234116/32478

Comment 12 Fedora Admin XMLRPC Client 2016-07-08 09:33:18 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 13 Fedora End Of Life 2016-07-19 14:59:30 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 14 Jaroslav Mracek 2016-11-16 07:29:40 UTC
There is a first PR that should solve the problem: https://github.com/rpm-software-management/dnf/pull/649

Comment 15 Samuel Sieb 2016-12-20 18:33:12 UTC
Will this be only a DNF 2 feature or which Fedora releases will get this?

Comment 16 Jaroslav Mracek 2016-12-20 18:44:15 UTC
Unfortunately it will be available only for Fedora 26+. But we have a testing repository with dnf-2.0 for Fedora 24+ (dnf copr enable rpmsoftwaremanagement/dnf-nightly)

Comment 17 Matthew Miller 2017-01-25 13:39:07 UTC
I installed from the COPR and the man page section on updateinfo does not seem to match the tool itself. (Like, there seems to be no --list.) Is the command I want

 dnf updateinfo --security


Comment 18 Jaroslav Mracek 2017-01-26 20:18:40 UTC
I am sorry but I didn't get note about --list. Please can you provide output from: 
1. rpm -q dnf
2. dnf updateinfo --security
3. yum-deprecated updateinfo --security

First of all you have to upgrade dnf to latest version. If you use rawhide just from rawhide repo, but for fc24+ you have to use our testing repository (dnf copr enable rpmsoftwaremanagement/dnf-nightly). In my case the latest dnf is dnf-2.0.0_1-74g8fe8683.fc25.noarch .
Then --security option should work as with yum.

Please if you have another problem, or --security is not working like expected, please try to report it, or probably open new bugzilla.

Note You need to log in before you can comment on or make changes to this bug.