Bug 1568903 - [RFE] ensure users don't update packages to unsupported (upstream, EPEL) versions
Summary: [RFE] ensure users don't update packages to unsupported (upstream, EPEL) vers...
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Packaging
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-18 12:04 UTC by Evgeni Golov
Modified: 2019-08-12 16:09 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-12-14 16:32:51 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Evgeni Golov 2018-04-18 12:04:18 UTC
Description of problem:
When running a Satellite, a user *can* add external yum repos, like yum.theforeman.org or EPEL to the system. However, installing packages from those repos will quite often break Satellite.

I think we should try yum-plugin-protectbase or yum-plugin-versionlock and enforce installation of *our* packages on the system.

Version-Release number of selected component (if applicable):

How reproducible:
always (if you select the right breaking package)

Steps to Reproduce:
1. install satellite
2. install qpid from EPEL

Actual results:
qpid is upgraded to the version from EPEL and stops working

Expected results:
qpid is not upgraded and is still working

Additional info:

Comment 1 Rich Jerrido 2018-04-18 12:29:00 UTC
When implementing this bug, we might need to take into account two separate, but related use-cases, which are documented in https://bugzilla.redhat.com/show_bug.cgi?id=1459358 and https://bugzilla.redhat.com/show_bug.cgi?id=1512600

Use Case 1:

Prevent the user from installing packages from repositories that we don't support.
An example of this is the use-case from comment #0, where a user installs qpid from EPEL, and breaks Satellite. While we explicitly tell the user to NOT use other repos in the Install Guide, we really can't prevent them. However, we should take steps to ensure that the application isn't inadvertently broken. 

Use Case 2:

Prevent the user from running 'yum update -y' and NOT also re-running the installer. 

Many support issues can be traced to users running 'yum -y update' and not also running the installer with the --upgrade switch. 

I mention both because any solution should take into account both problems.

Note You need to log in before you can comment on or make changes to this bug.