Bug 1234930 - [RFE] Add yum-security functionality to DNF
[RFE] Add yum-security functionality to DNF
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: dnf (Show other bugs)
rawhide
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: rpm-software-management
Fedora Extras Quality Assurance
: FutureFeature, Reopened, Triaged
: 1262572 1275138 (view as bug list)
Depends On:
Blocks: 1318312
  Show dependency treegraph
 
Reported: 2015-06-23 10:06 EDT by David Juran
Modified: 2017-02-09 19:15 EST (History)
26 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-02 10:20:00 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Juran 2015-06-23 10:06:58 EDT
Description of problem:
I find it useful to sometimes only apply security errata. Something akin to what yum-plugin-security did.
With other words, I would like to see a feature where it was possible to run
dnf update --security
which would apply only security-related updates.


Additional info:
Worarounds suggesed by Jan Silhan

* search the packages from "dnf updateinfo list security" and
then update them. Note: you will do it manually.
* run "dnf-automatic" with "upgrade_type = security", "download_updates = yes"
and "apply_updates = yes" options set in /etc/dnf/automatic.conf
(dnf-automatic can run as a cron job too)
Comment 1 Steve Grubb 2015-06-23 10:15:25 EDT
The original requirements can be found in bug 234646.
Comment 2 Ryan Sawhill 2015-06-23 10:50:23 EDT
I'm not speaking via any authoritative role here, but I can confidently say that this will have to be worked out in the next couple years before RHEL8 drops.
Comment 3 Honza Silhan 2015-07-29 07:45:07 EDT
The DNF security plugin should do this or it will be in dnf itself.
Comment 4 Radek Holy 2015-09-16 10:26:58 EDT
*** Bug 1262572 has been marked as a duplicate of this bug. ***
Comment 5 Radek Holy 2015-09-16 10:27:49 EDT
See the bug 1262572 for a closely related request of an --advisory option.
Comment 6 Kevin Kofler 2015-09-16 19:56:34 EDT
Those bugs are not really the same. They ask for different features, which were both once implemented by yum-security and merged into core yum(-deprecated) at the same time:
* --security = install only updates from (all) update groups tagged as security
* --advisory=FEDORA-2015-nnnnn = install only updates from the specific update group FEDORA-2015-nnnnn – whether that was actually a security update group or some other type does not actually matter

IMHO, --advisory is the much more useful option. It can be used to test a specific update group from updates-testing. --security is a global flag that works very poorly in practice, because security updates can depend on prior non-security updates.
Comment 7 Adam Williamson 2015-09-23 15:47:29 EDT
--advisory is also something we document on Common Bugs pages. We have this wiki template:

https://fedoraproject.org/wiki/Template:Common_bugs_update_testing

which explicitly instructs you to use 'yum --enablerepo=updates-testing update --advisory=ADVISORY' to test a specific update. I can't in fact see any good replacement for this quite important function in DNF. I agree with Kevin that these are two separate requests; --security does not fulfil the use case of --advisory.

Note that --advisory is somewhat inaccurately named in a Fedora context, because it really operates on *update IDs*. The significance of this is it is not applicable only to security updates, you can use it on *any* update.

I'm probably going to have to adjust the template to use yum-deprecated for now, as I just can't see any other option.
Comment 8 Radek Holy 2015-09-24 05:21:07 EDT
OK, you probably did not understand me. Comment #5 was primarily dedicated to the future assignee. Since I have closed the request for --advisory as a duplicate of this bug because we handle this report as a request to port the Yum's security plugin (see comment #3), I just wanted to make sure that the assignee won't forget to implement the --advisory option as well. Sorry for the pure wording.
Comment 9 Radek Holy 2015-09-24 05:22:01 EDT
I mean "poor wording", ehm...
Comment 10 Honza Silhan 2015-10-26 09:29:18 EDT
*** Bug 1275138 has been marked as a duplicate of this bug. ***
Comment 11 Sergio Monteiro Basto 2015-12-21 00:35:19 EST
Cool RFE is already open, It looks like easy do an implementation is just manipulate dnf updateinfo command ! [1] 

[1] http://unix.stackexchange.com/a/234116/32478
Comment 12 Fedora Admin XMLRPC Client 2016-07-08 05:33:18 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 13 Fedora End Of Life 2016-07-19 10:59:30 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 14 Jaroslav Mracek 2016-11-16 02:29:40 EST
There is a first PR that should solve the problem: https://github.com/rpm-software-management/dnf/pull/649
Comment 15 Samuel Sieb 2016-12-20 13:33:12 EST
Will this be only a DNF 2 feature or which Fedora releases will get this?
Comment 16 Jaroslav Mracek 2016-12-20 13:44:15 EST
Unfortunately it will be available only for Fedora 26+. But we have a testing repository with dnf-2.0 for Fedora 24+ (dnf copr enable rpmsoftwaremanagement/dnf-nightly)
Comment 17 Matthew Miller 2017-01-25 08:39:07 EST
I installed from the COPR and the man page section on updateinfo does not seem to match the tool itself. (Like, there seems to be no --list.) Is the command I want

 dnf updateinfo --security

?
Comment 18 Jaroslav Mracek 2017-01-26 15:18:40 EST
I am sorry but I didn't get note about --list. Please can you provide output from: 
1. rpm -q dnf
2. dnf updateinfo --security
3. yum-deprecated updateinfo --security

First of all you have to upgrade dnf to latest version. If you use rawhide just from rawhide repo, but for fc24+ you have to use our testing repository (dnf copr enable rpmsoftwaremanagement/dnf-nightly). In my case the latest dnf is dnf-2.0.0_1-74g8fe8683.fc25.noarch .
Then --security option should work as with yum.

Please if you have another problem, or --security is not working like expected, please try to report it, or probably open new bugzilla.

Note You need to log in before you can comment on or make changes to this bug.