Created attachment 1842485 [details] The source file with the offending code. Created attachment 1842485 [details] The source file with the offending code. Description of problem: Using --downloaddir with system-upgrade will destroy all other data in the provided directory. dnf system-upgrade download --downloaddir=/home will destroy all home directories on the computer with no warning. This is unacceptable. Version-Release number of selected component (if applicable): $ dnf list dnf\* Last metadata expiration check: 0:01:10 ago on Wed 17 Nov 2021 09:40:44 PM MST. Installed Packages dnf.noarch 4.9.0-1.fc35 @fedora dnf-data.noarch 4.9.0-1.fc35 @fedora dnf-plugins-core.noarch 4.0.24-1.fc35 @updates dnfdaemon.noarch 0.3.20-7.fc35 @fedora dnfdaemon-selinux.noarch 0.3.20-7.fc35 @fedora dnfdragora.noarch 2.1.0-5.fc35 How reproducible: Will do it every time. See source code. Steps to Reproduce: 1. dnf system-upgrade download --downloaddir=/home --releasever=35 Actual results: upgrade goes fine, but home directories are all deleted ! Expected results: dnf should not delete any user data Additional info: git clone https://github.com/rpm-software-management/dnf-plugins-extras.git From dnf-plugins-extras/plugins/system_upgrade.py: (See attachment) def clear_dir(path): if not os.path.isdir(path): return for entry in os.listdir(path): fullpath = os.path.join(path, entry) try: if os.path.isdir(fullpath): dnf.util.rm_rf(fullpath) The developer appears to use #rm -rf on the directory provided. When I used /home as the download directory, it wiped out all the user data in the home directories on my computer ! Furthermore, there is no warning of this behavior to the user on the command line or on the man page. I lost months of work just because I used --downloaddir=/home
> dnf system-upgrade download --downloaddir=/home --releasever=35 Because dnf removes the downloaddir on completion, I'd like to suggest that it should check downloaddir before it begins and refuse to accept a directory that is not empty.
It does not remove the directory. Look at /var/lib/dnf/system-upgrade on a system that you've done an upgrade on.
It removes *everything* within that directory, recursively, ie including sub directories.
I shared this with the dnf developers on github. https://github.com/rpm-software-management/dnf-plugins-extras/issues/200
> It does not remove the directory. Look at /var/lib/dnf/system-upgrade on a system that you've done an upgrade on. I don't think that's adequate as contrary evidence. The system-upgrade plugin code looks like it'll remove the cachedir and, if it was specified, the "destdir" (which is set by --downloaddir). As far as I can tell, /var/lib/dnf/system-upgrade is not either of those things when --downloaddir isn't specified.
As the code points out, dnf system-upgrade does a rm -rf on "fullpath". It appears that if --downloaddir isn't used, fullpath is /var/lib/dnf/system-upgrade. If you use --downloaddir, then it is whatever dir you give it.
Yes it unfortunately cleans everything in the destdir (can be specified by --destdir or --downloaddir). I made a PR to fix this: https://github.com/rpm-software-management/dnf-plugins-extras/pull/201 and also tests for it: https://github.com/rpm-software-management/ci-dnf-stack/pull/1056
FEDORA-2022-e119fcc7d5 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-e119fcc7d5
FEDORA-2022-e119fcc7d5 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.