Hide Forgot
Description of problem: Any locks set with dnf versionlock are ignored when dnf-automatic triggers. The interesting debug log entry is: DEBUG Excludes from versionlock plugin were not applied This traces to (and I don't know if this is current code): https://github.com/rpm-software-management/dnf-plugins-core/blob/master/plugins/versionlock.py#L66 if self.cli is None: pass # loaded via the api, not called by cli elif not self.cli.demands.resolving: logger.debug(NO_VERSIONLOCK) return Interestingly, dnf list triggers the same behavior. While I can't dnf update a module past it's locked version -- dnf list will show all the versions (maybe this is by design). However, dnf-automatic definitely shouldn't be ignoring versionlocks. =) Version-Release number of selected component (if applicable): dnf 4.0.9.2-5.el8 dnf-automatic 4.0.9.2-5.el8 python3-dnf-plugin-versionlock 4.0.2.2-3 How reproducible: Trivially, ever time dnf-automatic runs. Steps to Reproduce: 1. dnf install dnf-automatic 2. dnf install python3-dnf-plugin-versionlock 3. dnf install https://yum.puppet.com/puppet6-release-el-8.noarch.rpm 4. dnf install puppet-agent-6.7.2 5. dnf versionlock add puppet-agent 6. dnf update puppet-agent (should show nothing to update, even though 6.8.* is out) 7. systemctl start dnf-automatic (wait for it to complete but you should see it actually update puppet-agent to the latest despite the versionlock, and if you have debug enabled, can see /var/log/dnf.log explicitly say it's not using versionlock) Actual results: Updates puppet-agent to newer version than 6.7.2 Expected results: Updates puppet-agent to whatever the latest is at the time Additional info: Obviously you don't have to pull in puppet-agent for this -- it was just the most obvious one to test with for me at the moment.
The dnf-automatic behaviour is definitely wrong and should be fixed by PR https://github.com/rpm-software-management/dnf/pull/1477 As far as dnf list is concerned - this behaviour is by design. Versionlock should not completely hide a package (if this is desired, use excludepkgs config option instead, see https://dnf.readthedocs.io/en/latest/conf_ref.html#exclude-label) but only makes sure that the package got installed only in particular version. So versionlock is not applied on any of non-transactional dnf command.
Howdy! No problem re: dnf list, I only mentioned it because it was an example of something that changed since yum 3. I have no use case where this would be a bad thing. =) Thanks!
This backport has been released in CentOS 8 Stream. https://lists.centos.org/pipermail/centos-devel/2020-January/036500.html Please test this and provide feedback if you're able.
Tested on RHEL8 using the CentOS 8 built RPMs and it's working fantastically! Thanks!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1823