Bug 1252955 - 'dnf updateinfo info' doesn't always show advisories for all available updates
'dnf updateinfo info' doesn't always show advisories for all available updates
Product: Fedora
Classification: Fedora
Component: dnf (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: rpm-software-management
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2015-08-12 11:20 EDT by Chris Siebenmann
Modified: 2016-07-19 13:29 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-07-19 13:29:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
*-updateinfo.xml.gz (544.14 KB, application/octet-stream)
2015-08-20 15:11 EDT, Chris Siebenmann
no flags Details
'dnf update procps-ng' output (1.81 KB, text/plain)
2015-08-20 15:13 EDT, Chris Siebenmann
no flags Details
/var/cache/dnf/updates-d28e3be95240972f/*-updateinfo.xml.xz from my system (544.14 KB, application/x-xz)
2015-08-21 03:49 EDT, "FeRD" (Frank Dana)
no flags Details

  None (edit)
Description Chris Siebenmann 2015-08-12 11:20:24 EDT
Description of problem:

Some of the time, 'dnf updateinfo info' doesn't show the advisories for
all of the available updates, even though advisories are available for
them. For example, right now for me:

# rpm -q pyOpenSSL
# dnf check-update
pyOpenSSL.noarch                          0.15.1-1.fc22                  updates
# dnf updateinfo info
[... various advisories for other packages, but no mention of pyOpenSSL ...]
# dnf updateinfo info pyOpenSSL
Last metadata expiration check performed 0:11:53 ago on Wed Aug 12 10:40:58 2015.
  Update ID : FEDORA-2015-13008
       Type : bugfix
    Updated : 2015-08-07 17:58:14
       Bugs : 1247733 - Fix regressions in support for bytes / unicode in certain APIs
Description : New upstream version fixing Python 3 conversion regressions.

This is extremely irritating for people who want to use 'dnf updateinfo
info' to see and keep track of what sort of things are changing on their
system. It's also dangerous if you're using plain 'dnf updateinfo info'
so that you always see the advisory for packages that are important to
you, such as your desktop.

On a spot check, this is also happening right now for me with the
realmd update from realmd-0.16.1-1.fc22.x86_64 to realmd-0.16.2-1.fc22.
Purging all metadata with 'dnf clean metadata' did nothing to change
this situation.

(Note that this is *not* the sometimes-confusing situation where a
binary package is built from a different source package and the source
package is listed in 'dnf updateinfo info'. Both pyOpenSSL and realmd
are built from their own source packages.)

This is not an issue of un-updateable packages that 'dnf updateinfo info'
is excluding because 'dnf update' would. 'dnf update' is perfectly happy
to install the pyOpenSSL and realmd updates.

Version-Release number of selected component (if applicable):


How reproducible:

This appears to be only erratically reproduceable, but I haven't
been carefully checking 'dnf check-update' / 'dnf update' against the
advisories listed in 'dnf updateinfo info'.

Steps to Reproduce:

1. dnf clean metadata
2. dnf check-update
3. dnf updateinfo info
4. Look for packages in #2 that are not covered in #3
5. Optionally do 'dnf upgrade' to verify that the listed updates were
   real and could really be applied.
Comment 1 Honza Silhan 2015-08-19 07:16:43 EDT
Can you please attach the whole output of `dnf update` and `/var/cache/dnf/x86_64/21/updates/repodata/*-updateinfo.xml.gz`?
Comment 2 Chris Siebenmann 2015-08-19 10:50:20 EDT
Unfortunately this is only erratically reproducible and I can't reproduce it
right now. I'll carefully watch for this to happen again and when it does I'll
attach everything, but it may take a while before it happens to me again on any
of my machines.
Comment 3 Chris Siebenmann 2015-08-20 15:10:09 EDT
What I see right now is:

# rpm -q procps-ng
# dnf updateinfo info procps-ng
Last metadata expiration check performed 0:18:06 ago on Thu Aug 20 14:46:49 2015.
# dnf updateinfo info all procps-ng
Last metadata expiration check performed 0:18:55 ago on Thu Aug 20 14:46:49 2015.
  Update ID : FEDORA-2015-13248
       Type : bugfix
    Updated : 2015-08-20 08:42:47
       Bugs : 1153642 - top crashed
Description : * Fixing 'top' crash when a high level of forking appears
  Installed : true

I will attach the current *-updateinfo.xml.gz files (from *before* I
do a 'dnf update') and then the output of 'dnf update procps-ng'.
Right now the only updateinfo.xml file I have is from
/var/dnf/cache/updates-d28e3be95240972f/repodata/, not the path
you listed, but I'm going to assume that that's okay and not a sign
of weirdness.
Comment 4 Chris Siebenmann 2015-08-20 15:11:54 EDT
Created attachment 1065360 [details]

Current (pre-'dnf upgrade') updateinfo.xml.gz
Comment 5 Chris Siebenmann 2015-08-20 15:13:36 EDT
Created attachment 1065361 [details]
'dnf update procps-ng' output
Comment 6 "FeRD" (Frank Dana) 2015-08-21 03:47:54 EDT
I'm currently seeing this as well, with 'updateinfo info' missing many of the packages that 'dnf upgrade' is flagging to be installed. As with Chris' experience, 'dnf updateinfo info <specific_package>' will display SOME of the advisories that 'dnf updateinfo info' is skipping, though interestingly it's unable to display others — even though I can see those advisories in the <linenoise>-updateinfo.xml.xz file.

When I run a 'sudo dnf upgrade' on my system right now, this is the output (through committing to the download/update):

Last metadata expiration check performed 0:27:28 ago on Fri Aug 21 02:59:51 2015.
Dependencies resolved.
 Package                 Arch   Version            Repository              Size
 kernel                  x86_64 4.1.5-200.fc22     updates                 68 k
 kernel-core             x86_64 4.1.5-200.fc22     updates                 19 M
 kernel-debug-devel      x86_64 4.1.5-200.fc22     updates                9.6 M
 kernel-modules          x86_64 4.1.5-200.fc22     updates                 18 M
 audit                   x86_64 2.4.4-1.fc22       updates                241 k
 audit-libs              x86_64 2.4.4-1.fc22       updates                 94 k
 audit-libs-python       x86_64 2.4.4-1.fc22       updates                 96 k
 check                   x86_64 0.10.0-1.fc22      updates                152 k
 gedit                   x86_64 2:3.16.3-1.fc22    updates                2.5 M
 gfbgraph                x86_64 0.2.3-1.fc22       updates                 39 k
 gnupg2                  x86_64 2.1.7-1.fc22       updates                1.8 M
 google-chrome-stable    x86_64 44.0.2403.157-1    google-chrome           46 M
 kernel-headers          x86_64 4.1.5-200.fc22     updates                1.0 M
 libblkid                x86_64 2.26.2-3.fc22      updates                180 k
 liberation-fonts-common noarch 1:1.07.4-6.fc22    updates                 32 k
 liberation-mono-fonts   noarch 1:1.07.4-6.fc22    updates                233 k
 liberation-sans-fonts   noarch 1:1.07.4-6.fc22    updates                286 k
 liberation-serif-fonts  noarch 1:1.07.4-6.fc22    updates                305 k
 libfdisk                x86_64 2.26.2-3.fc22      updates                217 k
 libmount                x86_64 2.26.2-3.fc22      updates                196 k
 libsmartcols            x86_64 2.26.2-3.fc22      updates                138 k
 libuuid                 x86_64 2.26.2-3.fc22      updates                 79 k
 mariadb-common          x86_64 1:10.0.21-1.fc22   updates                 74 k
 mariadb-config          x86_64 1:10.0.21-1.fc22   updates                 25 k
 mariadb-libs            x86_64 1:10.0.21-1.fc22   updates                637 k
 openCOLLADA             x86_64 0-24.git3335ac1.fc22
                                                   updates                1.4 M
 openssh                 x86_64 6.9p1-5.fc22       updates                444 k
 openssh-clients         x86_64 6.9p1-5.fc22       updates                644 k
 openssh-server          x86_64 6.9p1-5.fc22       updates                467 k
 perl-Log-Dispatch       noarch 2.48-1.fc22        updates                 79 k
 procps-ng               x86_64 3.3.10-8.fc22      updates                383 k
 python-idna             noarch 2.0-1.fc22         updates                 96 k
 selinux-policy          noarch 3.13.1-128.10.fc22 updates                417 k
 selinux-policy-devel    noarch 3.13.1-128.10.fc22 updates                3.3 M
 selinux-policy-targeted noarch 3.13.1-128.10.fc22 updates                4.0 M
 tzdata                  noarch 2015f-1.fc22       updates                421 k
 tzdata-java             noarch 2015f-1.fc22       updates                180 k
 util-linux              x86_64 2.26.2-3.fc22      updates                2.0 M
 yum-plugin-changelog    noarch 1.1.31-508.fc22    updates                 32 k
 yum-utils               noarch 1.1.31-508.fc22    updates                117 k
 kernel                  x86_64 4.1.2-200.fc22     @System                  0  
 kernel-core             x86_64 4.1.2-200.fc22     @System                 42 M
 kernel-debug-devel      x86_64 4.1.2-200.fc22     @System                 36 M
 kernel-modules          x86_64 4.1.2-200.fc22     @System                 17 M
Skipping packages with broken dependencies:
 akmods                  noarch 0.5.4-1.fc22       rpmfusion-free-updates  25 k

Transaction Summary
Install   4 Packages
Upgrade  36 Packages
Remove    4 Packages

Total download size: 115 M

However, if I run 'sudo dnf updateinfo info', I get only this output:

Last metadata expiration check performed 0:19:00 ago on Fri Aug 21 02:59:51 2015.
  Update ID : FEDORA-2015-13526
       Type : security
    Updated : 2015-08-14 19:23:21
Description : This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data.

  Update ID : FEDORA-2015-13090
       Type : enhancement
    Updated : 2015-08-10 03:08:53
Description : Changes in check 0.10.0:
            : - CMake on MinGW and MSVC was unable to find time related types because time.h was not included. This header is now included for the checks.  Patch #53.
            : - If the test runner process catches a SIGTERM or SIGINT signal the running tests are now also killed.  Patch #52.
            : - If Check is compiled without support for fork(), the behavior of functions which require fork() to be useful have been changed.  Functions that attempt to set CK_FORK mode are no-ops, check_fork() returns in failure, and check_waitpid_and_exit() exits in failure.
            : - Add space around operators in assert messages for readability.  Bug #102.
            : - Use mkstemp() if available instead of tmpfile() or tempnam().  Patch #51.
            : - Fix issue with string formatting in ck_assert(), where using the % operator would be interpreted as a string formatter.  Bug #96.
            : - In nofork mode, the location of a failed assertion within a test case was lost if that test case has a checked teardown fixture (even if that fixture function is empty). This is now fixed.  Bug #99.

  Update ID : FEDORA-2015-13419
       Type : security
    Updated : 2015-08-20 08:42:47
Description : Update to 10.0.21

  Update ID : FEDORA-2015-13123
       Type : bugfix
    Updated : 2015-08-10 03:10:57
Description :  

  Update ID : FEDORA-2015-13393
       Type : bugfix
    Updated : 2015-08-13 10:43:34
       Bugs : 1252645 - tzdata-2015f is available
Description : - Rebase to 2015f
            :   - North Korea switches to +0830 on 2015-08-15.
            :     The abbreviation remains "KST".
            :   - Uruguay no longer observes DST.

Running the following:

% dnf updateinfo info gedit gfbgraph gnupg2 libblkid liberation-fonts-common libfdisk libmount libsmartcols libuuid openCOLLADA openssh procps-ng python-idna selinux-policy util-linux yum-utils

in an attempt to view the advisories for the remaining packages gets me this:

Last metadata expiration check performed 0:35:13 ago on Fri Aug 21 02:59:51 2015.
  Update ID : FEDORA-2015-13590
       Type : bugfix
    Updated : 2015-08-17 22:26:19
Description : Update to 3.16.3

  Update ID : FEDORA-2015-12533
       Type : bugfix
    Updated : 2015-07-31 20:09:58
Description : Updated the Facebook Graph API to version 2.3 due to deprecation of 1.0

  Update ID : FEDORA-2015-13444
       Type : bugfix
    Updated : 2015-08-14 19:13:14
       Bugs : 1242652 - gpg2 hang when encrypting to a sign-only key (?)
Description : Minor update from upstream fixing some problems with upgrades from older gnupg2 versions and other minor bugs.

  Update ID : FEDORA-2015-13533
       Type : enhancement
    Updated : 2015-08-14 19:25:24
Description : Update to 2.0 which is required by python-cryptography

...But if I manually view the *-updateinfo.xml.xz file with 'less', I can see the advisory for e.g. openssh in the file, despite the fact that 'sudo dnf updateinfo info openssh' and 'sudo dnf updateinfo info FEDORA-2015-13520' (the advisory ID for the openssh-6.9p1-5.fc22 update) produce no output.
Comment 7 "FeRD" (Frank Dana) 2015-08-21 03:49:57 EDT
Created attachment 1065473 [details]
/var/cache/dnf/updates-d28e3be95240972f/*-updateinfo.xml.xz from my system
Comment 8 "FeRD" (Frank Dana) 2015-08-21 03:54:14 EDT
Oh, I neglected to mention that my results are with dnf-1.1.0-2.fc22.noarch, a newer build than the one Chris originally reported this against.
Comment 9 Chris Siebenmann 2015-08-21 10:39:39 EDT
Comment #8 has reminded me to note this: my latest report is with the
current dnf, dnf-1.1.0-2.fc22.noarch. I've been updating dnf versions as
Fedora has been releasing updates.
Comment 10 Fedora Admin XMLRPC Client 2016-07-08 05:30:02 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 11 Fedora End Of Life 2016-07-19 13:29:15 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.