Bug 1746562 - dnf-automatic (and dnf list) ignores versionlock
Summary: dnf-automatic (and dnf list) ignores versionlock
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnf
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Marek Blaha
QA Contact: Luca Berton
Depends On:
Blocks: 1868567
TreeView+ depends on / blocked
Reported: 2019-08-28 18:52 UTC by Daniel Henninger
Modified: 2020-08-13 07:12 UTC (History)
9 users (show)

Fixed In Version: dnf-4.2.11-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1868567 (view as bug list)
Last Closed: 2020-04-28 16:48:13 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:1823 0 None None None 2020-04-28 16:48:54 UTC

Description Daniel Henninger 2019-08-28 18:52:11 UTC
Description of problem:
Any locks set with dnf versionlock are ignored when dnf-automatic triggers.  The interesting debug log entry is:
DEBUG Excludes from versionlock plugin were not applied
This traces to (and I don't know if this is current code):

        if self.cli is None:
            pass  # loaded via the api, not called by cli
        elif not self.cli.demands.resolving:

Interestingly, dnf list triggers the same behavior.  While I can't dnf update a module past it's locked version -- dnf list will show all the versions (maybe this is by design).  However, dnf-automatic definitely shouldn't be ignoring versionlocks.  =)

Version-Release number of selected component (if applicable):

How reproducible:
Trivially, ever time dnf-automatic runs.

Steps to Reproduce:
1. dnf install dnf-automatic
2. dnf install python3-dnf-plugin-versionlock
3. dnf install https://yum.puppet.com/puppet6-release-el-8.noarch.rpm
4. dnf install puppet-agent-6.7.2
5. dnf versionlock add puppet-agent
6. dnf update puppet-agent (should show nothing to update, even though 6.8.* is out)
7. systemctl start dnf-automatic   (wait for it to complete but you should see it actually update puppet-agent to the latest despite the versionlock, and if you have debug enabled, can see /var/log/dnf.log explicitly say it's not using versionlock)

Actual results:
Updates puppet-agent to newer version than 6.7.2

Expected results:
Updates puppet-agent to whatever the latest is at the time

Additional info:
Obviously you don't have to pull in puppet-agent for this -- it was just the most obvious one to test with for me at the moment.

Comment 1 Marek Blaha 2019-09-06 13:21:47 UTC
The dnf-automatic behaviour is definitely wrong and should be fixed by PR https://github.com/rpm-software-management/dnf/pull/1477

As far as dnf list is concerned - this behaviour is by design. Versionlock should not completely hide a package (if this is desired, use excludepkgs config option instead, see https://dnf.readthedocs.io/en/latest/conf_ref.html#exclude-label) but only makes sure that the package got installed only in particular version. So versionlock is not applied on any of non-transactional dnf command.

Comment 2 Daniel Henninger 2019-09-06 13:31:56 UTC
Howdy!  No problem re: dnf list, I only mentioned it because it was an example of something that changed since yum 3.  I have no use case where this would be a bad thing.  =)


Comment 5 Carl George 🤠 2020-01-23 22:41:10 UTC
This backport has been released in CentOS 8 Stream.


Please test this and provide feedback if you're able.

Comment 6 Daniel Henninger 2020-01-27 21:05:11 UTC
Tested on RHEL8 using the CentOS 8 built RPMs and it's working fantastically!  Thanks!

Comment 11 errata-xmlrpc 2020-04-28 16:48:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.