Red Hat Bugzilla – Bug 1273097
Upgrade from F22 to F23 fails because F23 version is older
Last modified: 2015-12-02 13:03:41 EST
Description of problem:
The version of pki-core in Fedora 23's stable repositories (pki-core-10.2.6-7.fc23) is older than the version in the Fedora 22 stable repositories (pki-core-10.2.6-9.fc22). Because of this, when upgrading, DNF skips this package and it causes other packages (like FreeIPA) to fail to upgrade as well.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install Fedora 22 Server. Deploy FreeIPA on it.
2. Install dnf-plugin-system-upgrade
3. Run `dnf system-upgrade download --releasever=23`
Skipping packages with broken dependencies:
freeipa-admintools x86_64 4.2.2-1.fc23 fedora 55 k
freeipa-client x86_64 4.2.2-1.fc23 fedora 193 k
freeipa-python x86_64 4.2.2-1.fc23 fedora 1.3 M
freeipa-server x86_64 4.2.2-1.fc23 fedora 1.3 M
freeipa-server-trust-ad x86_64 4.2.2-1.fc23 fedora 130 k
tomcat noarch 1:8.0.26-1.fc23 fedora 91 k
tomcat-lib noarch 1:8.0.26-1.fc23 fedora 4.1 M
Packages should upgrade successfully.
This may become less of an issue once 'dnf system-upgrade' starts doing distro-sync instead of upgrade, but right now it's causing breakage.
Proposed as a Freeze Exception for 23-final by Fedora user sgallagh using the blocker tracking app because:
Currently, upgrades of systems running FreeIPA will be broken unless they use --enablerepo=updates-testing or --distro-sync to upgrade.
Discussed at 2015-10-19 freeze exception review meeting: https://meetbot.fedoraproject.org/fedora-blocker-review/2015-10-19/f23-blocker-review.2015-10-19-16.00.html . Rejected as a freeze exception issue: firstly the use of `--distro-sync` mode by default for upgrades (which is already required, as a release blocking issue, in #1263677) should address this, and in any case, it can be sufficiently addressed with an update, as upgrades will almost always use the 'updates' repository.
(In reply to Stephen Gallagher from comment #0)
> Description of problem:
> The version of pki-core in Fedora 23's stable repositories
> (pki-core-10.2.6-7.fc23) is older than the version in the Fedora 22 stable
> repositories (pki-core-10.2.6-9.fc22). Because of this, when upgrading, DNF
> skips this package and it causes other packages (like FreeIPA) to fail to
> upgrade as well.
> Version-Release number of selected component (if applicable):
> How reproducible:
> Every time
> Steps to Reproduce:
> 1. Install Fedora 22 Server. Deploy FreeIPA on it.
> 2. Install dnf-plugin-system-upgrade
> 3. Run `dnf system-upgrade download --releasever=23`
> Actual results:
> Skipping packages with broken dependencies:
> freeipa-admintools x86_64 4.2.2-1.fc23
> fedora 55 k
> freeipa-client x86_64 4.2.2-1.fc23
> fedora 193 k
> freeipa-python x86_64 4.2.2-1.fc23
> fedora 1.3 M
> freeipa-server x86_64 4.2.2-1.fc23
> fedora 1.3 M
> freeipa-server-trust-ad x86_64 4.2.2-1.fc23
> fedora 130 k
> tomcat noarch
> 1:8.0.26-1.fc23 fedora 91 k
> tomcat-lib noarch
> 1:8.0.26-1.fc23 fedora 4.1 M
> Expected results:
> Packages should upgrade successfully.
> Additional info:
> This may become less of an issue once 'dnf system-upgrade' starts doing
> distro-sync instead of upgrade, but right now it's causing breakage.
Not sure that I understand what is going on since the latest stable version of pki-core for Fedora 23 is 'fedora-10.2.6-10.fc23' -- see https://bodhi.fedoraproject.org/updates/FEDORA-2015-cea85c052a.
Maybe the Fedora 23 repo freeze happened before Bodhi pushed 'pki-core-10.2.6-10.fc23' to stable?
Yes. This is in fact shown in Bodhi, though it's not obvious if you don't know how things work: the update's 'Status' is still listed as 'testing' (not stable), and there is a message "submitted for stable" but not a message "pushed to stable". Only updates that get a message "pushed to stable" and their status changed to 'stable' have actually been released as stable.
What will happen next, since we didn't grant this a freeze exception, is that the update will be pushed to stable soon after we sign off on F23 Final (and before it actually gets released). It will go to the 'updates' repository, making it a part of the '0-day updates' set - the set of updates that is pushed stable between sign-off and release and thus is available immediately upon release (0-day).