Bug 1746562 - dnf-automatic (and dnf list) ignores versionlock
Summary: dnf-automatic (and dnf list) ignores versionlock
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnf
Version: 8.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: 8.0
Assignee: Marek Blaha
QA Contact: Luca Berton
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-28 18:52 UTC by Daniel Henninger
Modified: 2020-03-16 09:04 UTC (History)
7 users (show)

Fixed In Version: dnf-4.2.11-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Henninger 2019-08-28 18:52:11 UTC 
Description of problem:
Any locks set with dnf versionlock are ignored when dnf-automatic triggers.  The interesting debug log entry is:
DEBUG Excludes from versionlock plugin were not applied
This traces to (and I don't know if this is current code):
https://github.com/rpm-software-management/dnf-plugins-core/blob/master/plugins/versionlock.py#L66

        if self.cli is None:
            pass  # loaded via the api, not called by cli
        elif not self.cli.demands.resolving:
            logger.debug(NO_VERSIONLOCK)
            return

Interestingly, dnf list triggers the same behavior.  While I can't dnf update a module past it's locked version -- dnf list will show all the versions (maybe this is by design).  However, dnf-automatic definitely shouldn't be ignoring versionlocks.  =)


Version-Release number of selected component (if applicable):
dnf 4.0.9.2-5.el8
dnf-automatic 4.0.9.2-5.el8
python3-dnf-plugin-versionlock 4.0.2.2-3


How reproducible:
Trivially, ever time dnf-automatic runs.


Steps to Reproduce:
1. dnf install dnf-automatic
2. dnf install python3-dnf-plugin-versionlock
3. dnf install https://yum.puppet.com/puppet6-release-el-8.noarch.rpm
4. dnf install puppet-agent-6.7.2
5. dnf versionlock add puppet-agent
6. dnf update puppet-agent (should show nothing to update, even though 6.8.* is out)
7. systemctl start dnf-automatic   (wait for it to complete but you should see it actually update puppet-agent to the latest despite the versionlock, and if you have debug enabled, can see /var/log/dnf.log explicitly say it's not using versionlock)


Actual results:
Updates puppet-agent to newer version than 6.7.2


Expected results:
Updates puppet-agent to whatever the latest is at the time


Additional info:
Obviously you don't have to pull in puppet-agent for this -- it was just the most obvious one to test with for me at the moment.
Comment 1 Marek Blaha 2019-09-06 13:21:47 UTC 
The dnf-automatic behaviour is definitely wrong and should be fixed by PR https://github.com/rpm-software-management/dnf/pull/1477

As far as dnf list is concerned - this behaviour is by design. Versionlock should not completely hide a package (if this is desired, use excludepkgs config option instead, see https://dnf.readthedocs.io/en/latest/conf_ref.html#exclude-label) but only makes sure that the package got installed only in particular version. So versionlock is not applied on any of non-transactional dnf command.
Comment 2 Daniel Henninger 2019-09-06 13:31:56 UTC 
Howdy!  No problem re: dnf list, I only mentioned it because it was an example of something that changed since yum 3.  I have no use case where this would be a bad thing.  =)

Thanks!
Comment 5 Carl George 2020-01-23 22:41:10 UTC 
This backport has been released in CentOS 8 Stream.

https://lists.centos.org/pipermail/centos-devel/2020-January/036500.html

Please test this and provide feedback if you're able.
Comment 6 Daniel Henninger 2020-01-27 21:05:11 UTC 
Tested on RHEL8 using the CentOS 8 built RPMs and it's working fantastically!  Thanks!
Note You need to log in before you can comment on or make changes to this bug.