Description of problem:
Any locks set with dnf versionlock are ignored when dnf-automatic triggers. The interesting debug log entry is:
DEBUG Excludes from versionlock plugin were not applied
This traces to (and I don't know if this is current code):
if self.cli is None:
pass # loaded via the api, not called by cli
elif not self.cli.demands.resolving:
Interestingly, dnf list triggers the same behavior. While I can't dnf update a module past it's locked version -- dnf list will show all the versions (maybe this is by design). However, dnf-automatic definitely shouldn't be ignoring versionlocks. =)
Version-Release number of selected component (if applicable):
Trivially, ever time dnf-automatic runs.
Steps to Reproduce:
1. dnf install dnf-automatic
2. dnf install python3-dnf-plugin-versionlock
3. dnf install https://yum.puppet.com/puppet6-release-el-8.noarch.rpm
4. dnf install puppet-agent-6.7.2
5. dnf versionlock add puppet-agent
6. dnf update puppet-agent (should show nothing to update, even though 6.8.* is out)
7. systemctl start dnf-automatic (wait for it to complete but you should see it actually update puppet-agent to the latest despite the versionlock, and if you have debug enabled, can see /var/log/dnf.log explicitly say it's not using versionlock)
Updates puppet-agent to newer version than 6.7.2
Updates puppet-agent to whatever the latest is at the time
Obviously you don't have to pull in puppet-agent for this -- it was just the most obvious one to test with for me at the moment.
The dnf-automatic behaviour is definitely wrong and should be fixed by PR https://github.com/rpm-software-management/dnf/pull/1477
As far as dnf list is concerned - this behaviour is by design. Versionlock should not completely hide a package (if this is desired, use excludepkgs config option instead, see https://dnf.readthedocs.io/en/latest/conf_ref.html#exclude-label) but only makes sure that the package got installed only in particular version. So versionlock is not applied on any of non-transactional dnf command.
Howdy! No problem re: dnf list, I only mentioned it because it was an example of something that changed since yum 3. I have no use case where this would be a bad thing. =)
This backport has been released in CentOS 8 Stream.
Please test this and provide feedback if you're able.
Tested on RHEL8 using the CentOS 8 built RPMs and it's working fantastically! Thanks!
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.