1947844 – Ugly stderr output when 'dnf repoquery' executed by non-root

Bug 1947844 - Ugly stderr output when 'dnf repoquery' executed by non-root

Summary: Ugly stderr output when 'dnf repoquery' executed by non-root

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	subscription-manager
Sub Component:
Version:	34
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	mhorky
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-09 11:44 UTC by Pavel Raiskup
Modified:	2021-08-08 01:08 UTC (History)
CC List:	8 users (show)
Fixed In Version:	subscription-manager-1.29.18-1.fc34 subscription-manager-1.29.18-1.fc33
Clone Of:
Environment:
Last Closed:	2021-08-08 01:04:02 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	candlepin subscription-manager pull 2714	0	None	open	1876828: Try to suppress errors in stderr when not run as root	2021-07-21 15:22:40 UTC

Description Pavel Raiskup 2021-04-09 11:44:49 UTC

On a subscription-manager registered Fedora box, I run:

$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
2021-04-09 13:43:09,027 [ERROR] dnf:964596:MainThread @logutil.py:200 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr
2021-04-09 13:43:09,084 [WARNING] dnf:964596:MainThread @logutil.py:154 - logging already initialized
2021-04-09 13:43:09,084 [ERROR] dnf:964596:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'
dummy-pkg-20210407_1217-1.fc34.x86_64.rpm

The error messages are not related to the `--repo` we are querying, and
it shouldn't be printed out.

This can not be silenced by dnf -q option, nor error level, etc.

Comment 1 Pavel Raiskup 2021-04-09 11:45:56 UTC

We run DNF non-privleged in prunerepo script:
https://pagure.io/prunerepo

Comment 2 Pino Toscano 2021-04-13 14:03:33 UTC

There are different possibilities to do in case of running dnf with the subscription-manager plugin when run as non-root user:

a) disable logging of (permissions?) errors/etc

b) log to a file somewhere in $HOME -- like in $XDG_CACHE_HOME ($HOME/.cache by default)

c) log to a file in the user cache directory of dnf -- e.g. /var/tmp/dnf-$USER-$RANDOM_8_CHARS

In case of (b) and (c), the log file would still fill with messages about root-only files (like /etc/pki/consumer/cert.pem mentioned above) being not accessibile. Making subcription-manager partially usable as user is a bigger, and separate task, though.

Comment 3 Chris Snyder 2021-05-10 14:35:07 UTC

Personally I think (b) and (c) are the only viable options. The messages in (a) might be annoying but they are at least meaningful and afaik accurate.
I think (b) will align the best with any future attempts at making subscription-manager usable (even partially) as a non-root user.
Thanks for the thoughts!

Comment 4 Rehana 2021-07-30 11:46:27 UTC

Reproducing the failure:
======================
subscription management server: 3.2.19-1
subscription management rules: 5.41
subscription-manager: 1.28.19-1.el8

# su - test
Last login: Fri Jul 30 07:41:35 EDT 2021 on pts/1

$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
2021-07-30 07:43:42,227 [ERROR] dnf:43447:MainThread @logutil.py:221 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr
2021-07-30 07:43:42,229 [ERROR] dnf:43447:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'
Error: Failed to download metadata for repo 'prunerepo_query': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried


Verifying on :
==============
# subscription-manager version
server type: Red Hat Subscription Management
subscription management server: 3.2.19-1
subscription management rules: 5.41
subscription-manager: 1.28.19-1.git.6.c1dd7c3.el8

# su - test
Last login: Fri Jul 30 12:54:55 IDT 2021 on pts/0

$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
Error: Failed to download metadata for repo 'prunerepo_query': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
$ tail ~/.cache/rhsm/rhsm.log -n 1
2021-07-30 14:44:45,629 [ERROR] dnf:87159:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'

Based on the above observation preverifying the bug .

Comment 5 Fedora Update System 2021-07-30 19:35:53 UTC

FEDORA-2021-6ee21d8f84 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ee21d8f84

Comment 6 Fedora Update System 2021-08-08 01:04:02 UTC

FEDORA-2021-6ee21d8f84 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 7 Fedora Update System 2021-08-08 01:08:21 UTC

FEDORA-2021-bf6554d095 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.