Bug 1455318 - package-cleanup removes dependencies of duplicates which can leave systems unable to boot or unable to start important services.
Summary: package-cleanup removes dependencies of duplicates which can leave systems un...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: yum-utils
Version: 7.3
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Michal Domonkos
QA Contact: Eva Mrakova
Adam Kvitek
URL:
Whiteboard:
Depends On:
Blocks: 1420851 1465896 1466368 1473733 1546225
TreeView+ depends on / blocked
 
Reported: 2017-05-24 18:52 UTC by jcastran
Modified: 2020-12-14 08:44 UTC (History)
12 users (show)

Fixed In Version: yum-utils-1.1.31-43.el7
Doc Type: Bug Fix
Doc Text:
The "package-cleanup" script no longer removes package dependencies of non-duplicates Previously, running the "package-cleanup" script with the "--cleandupes" option also removed packages that depended on duplicates. Consequently, some packages were removed unintentionally. With this update, the "package-cleanup" script has been fixed to skip package dependencies of non-duplicates. Instead, the "package-cleanup" script prints a warning with a suggestion of a workaround.
Clone Of:
: 1496340 1546225 (view as bug list)
Environment:
Last Closed: 2018-04-10 16:50:32 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0919 0 None None None 2018-04-10 16:51:59 UTC

Description jcastran 2017-05-24 18:52:19 UTC 
Description of problem:
# package-cleanup --cleandupes
This command will remove the lower version for each pair of duplicates that it finds. When it removes the lower version, it can also remove dependencies of those packages. That happens when the dependency isn't a duplicate.

Version-Release number of selected component (if applicable):
   package-cleanup
   yum-utils


How reproducible:
   Everytime a duplicate package is a requirement of a non-duplicate package.

Steps to Reproduce:  
####This is just an example with NetworkManager. 
####It can happen with any packages that depend on each other.

1. # rpm -qa NetworkManager-libnm
        NetworkManager-libnm-1.0.0-14.git20150121.b4ea599c.el7.x86_64
2. # rpm -ivh --force --justdb NetworkManager-libnm-1.4.0-19.el7_3.x86_64.rpm 
3. # package-cleanup --dupes
      Loaded plugins: langpacks, product-id
      NetworkManager-libnm-1.4.0-19.el7_3.x86_64
      NetworkManager-libnm-1.0.0-14.git20150121.b4ea599c.el7.x86_64

4. # package-cleanup --cleandupes
  

Actual results:
Removing:
 NetworkManager-libnm   x86_64   1:1.0.0-14.git20150121.b4ea599c.el7    @anaconda/7.1   1.4 M
Removing for dependencies:
 NetworkManager         x86_64   1:1.0.0-14.git20150121.b4ea599c.el7    @anaconda/7.1   8.8 M
 NetworkManager-team    x86_64   1:1.0.0-14.git20150121.b4ea599c.el7    @anaconda/7.1    32 k
 NetworkManager-tui     x86_64   1:1.0.0-14.git20150121.b4ea599c.el7    @anaconda/7.1   258 k


Expected results:
package-cleanup verifies if it should remove the lower or the higher version duplicate. Potentially it would judge which version would cause the least amount of damage to the system. Verifying the files against both duplicates to see which package is actually installed.

Or if it could have a flag to affect only the rpm database, or ignore package dependencies.

Additional info:
cleandupes has no warnings to customers. Especially customers who have duplicates and GNOME installed, the issue becomes much much worst and removes majority of the system. 

The only thing that forces it to stop, is if it tries to remove yum.
Comment 15 errata-xmlrpc 2018-04-10 16:50:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0919
Note You need to log in before you can comment on or make changes to this bug.