2170093 – dnf-automatic returns "success" ( zero exit status return ) even if the called dnf command returns error

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2170093 - dnf-automatic returns "success" ( zero exit status return ) even if the called dnf command returns error

Summary: dnf-automatic returns "success" ( zero exit status return ) even if the calle...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	dnf
Sub Component:
Version:	8.7
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Kolarik
QA Contact:	swm-qe
Docs Contact:	Mariya Pershina
URL:
Whiteboard:
Depends On:
Blocks:	2212262
TreeView+	depends on / blocked

Reported:	2023-02-15 15:59 UTC by Vaibhav Bhope
Modified:	2023-11-14 18:06 UTC (History)
CC List:	7 users (show)
Fixed In Version:	dnf-4.7.0-18.el8
Doc Type:	Bug Fix
Doc Text:	.The `dnf-automatic` command now correctly reports the exit status of transactions Previously, the `dnf-automatic` command returned a successful exit code of a transaction even if some actions during this transaction were not successfully completed. This could cause a security risk on machines that use `dnf-automatic` for automatic deployment of errata. With this update, the issue has been fixed, and `dnf-automatic` now reports every problem with packages during the transaction.
Clone Of:
Clones:	2212262 (view as bug list)
Environment:
Last Closed:	2023-11-14 15:49:42 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	rpm-software-management dnf issues 1918	None	open	Doesn't e-mail when updates cannot be installed	2023-04-04 06:22:11 UTC
Red Hat Bugzilla	1341086	unspecified	CLOSED	dnf install exists with 0 even if it did not install all packages	2023-04-19 07:05:32 UTC
Red Hat Issue Tracker	RHELPLAN-148771	None	None	None	2023-02-15 16:02:49 UTC
Red Hat Product Errata	RHBA-2023:7122	None	None	None	2023-11-14 15:49:54 UTC

Description Vaibhav Bhope 2023-02-15 15:59:01 UTC

Description of problem:
dnf-automatic returns "success" ( zero exit status returned ) even if the called dnf command returns error

Version-Release number of selected component (if applicable):

dnf-4.7.0-11.el8.noarch
dnf-automatic-4.7.0-11.el8.noarch

How reproducible:

Steps to Reproduce:
1. Added an immutable bit to /usr/sbin/httpd to cause a package update failure.

2. With the "dnf" command, we see that the "httpd" update failed and an exit status of "1" indicates that the command was not successful.

---------------------------------------------------------------------------
[root@rhel8 ~]# dnf -v update httpd; echo $?
Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, product-id, repoclosure, repodiff, repograph, repomanage, reposync, subscription-manager, uploadprofile, versionlock
Updating Subscription Management repositories.
DNF version: 4.7.0
cachedir: /var/cache/dnf
User-Agent: constructed: 'libdnf (Red Hat Enterprise Linux 8.7; generic; Linux.x86_64)'
--> Starting dependency resolution
---> Package httpd.x86_64 2.4.37-47.module+el8.6.0+15654+427eba2e.2 will be upgraded
---> Package httpd.x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e will be an upgrade
--> Finished dependency resolution
Dependencies resolved.
===================================================================================================================================================================================================================
 Package                            Architecture                        Version                                                                Repository                                                     Size
===================================================================================================================================================================================================================
Upgrading:
 httpd                              x86_64                              2.4.37-51.module+el8.7.0+16050+02173b8e                                rhel-8-for-x86_64-appstream-rpms                              1.4 M

Transaction Summary
===================================================================================================================================================================================================================
Upgrade  1 Package

Total download size: 1.4 M
Is this ok [y/N]: y
Downloading Packages:
httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64.rpm                                                                                                                           3.6 MB/s | 1.4 MB     00:00    
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                              3.6 MB/s | 1.4 MB     00:00     
Using rpmkeys executable at /usr/bin/rpmkeys to verify signatures
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                           1/1 
  Running scriptlet: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64                                                                                                                                      1/1 
  Upgrading        : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64                                                                                                                                      1/2 
Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Errors occurred during transaction.
  Verifying        : httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64                                                                                                                                      1/2 
  Verifying        : httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64                                                                                                                                    2/2 
Completion plugin: Generating completion cache...
Installed products updated.
Failed: httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64
Failed: httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64

Failed:
  httpd-2.4.37-47.module+el8.6.0+15654+427eba2e.2.x86_64                                                    httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64                                                   

Error: Transaction failed
1
---------------------------------------------------------------------------

3. With the "dnf-automatic" command, we see that the "httpd" update failed and the exit status returned was 0.

---------------------------------------------------------------------------
# dnf-automatic --installupdates ; echo $?
Updating Subscription Management repositories.
Last metadata expiration check: 0:03:42 ago on Wed 15 Feb 2023 10:30:55 AM EST.
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Error unpacking rpm package httpd-2.4.37-51.module+el8.7.0+16050+02173b8e.x86_64
Installed products updated.
The following updates have been applied on 'rhel8':
===================================================================================================================================================================================================================
 Package
       Arch   Version                    Repository                        Size
===================================================================================================================================================================================================================
Upgrading:
 httpd x86_64 2.4.37-51.module+el8.7.0+16050+02173b8e
                                         rhel-8-for-x86_64-appstream-rpms 1.4 M

Transaction Summary
===================================================================================================================================================================================================================
Upgrade  1 Package

Updates completed at Wed 15 Feb 2023 10:34:41 AM EST
0
---------------------------------------------------------------------------

Actual results:

With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed. 

With the dnf-automatic command, if an update fails, then echo $? will return a 0 exit status. 0 means that no error occurred as the yum command completed. .
 
Expected results:

With dnf-automatic command, if update failed is failed then echo $? should return correct exit status.

Additional info:

Comment 2 Jan Kolarik 2023-04-19 07:05:33 UTC

Looks like a quite long-lasting bug there. Originally this issue was reported in DNF here: https://bugzilla.redhat.com/show_bug.cgi?id=1341086, but it was only fixed for the CLI usage. Looking into the latest DNF 4.15.0 release sources, this is the place where this failure is handled for CLI: https://github.com/rpm-software-management/dnf/blob/5306910d06631bc93fa3ece0e70ed27ee592b0aa/dnf/cli/cli.py#L264.

Comment 3 Jan Kolarik 2023-04-20 10:17:17 UTC

I've created a PR to fix this: 

DNF PR:   https://github.com/rpm-software-management/dnf/pull/1923
tests PR: https://github.com/rpm-software-management/ci-dnf-stack/pull/1250

Comment 4 Jan Kolarik 2023-06-05 06:52:18 UTC

Cloned into RHEL 9 bug: https://bugzilla.redhat.com/show_bug.cgi?id=2212262.

Comment 10 errata-xmlrpc 2023-11-14 15:49:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (dnf bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:7122

Note You need to log in before you can comment on or make changes to this bug.