Description of problem:
When I try to run
yum list security
I am getting no output even when there are known security updates. Even
worse, if I try to run
yum --security list updates
then it tries to process for a *very* long time, then it prints out the
excessively long output that is in the attached file.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Type "yum --security list updates"
2. Sit for a very long time
3. Bathe in the glow of large amount of error messages
The output in attached file
I would expect to see a list of security-related updates that are
Created attachment 160807 [details]
output from "yum --security list updates"
Perhaps I'm reading the code incorrectly, but doesn't yum-security depend on the
existence of an updateinfo.xml file? That file doesn't seem to be around in
Fedora 7 anymore....
I can now verify that using version 1.1.6-1.fc7 of yum-utils, the error
messages go away. However, yum-security is now merely saying that
there are no security updates. This even when there is a known
security update that is listed by "yum list updates". For example, at
this moment, there is an update available for my system for the
Terminal package. It is listed under FEDORA-2007-1620. However, when
yum --advisory FEDORA-2007-1620 list updates
yum --advisory FEDORA-2007-1620 list-sec
I get the message 'Advisory "FEDORA-2007-1620" not found applicable for
James, do you have any comments ?
> yum list security
This doesn't do anything, you want yum list-security (as there are no ways to
> yum --security list updates
> then it tries to process for a *very* long time
This is a known bug (plugin remove package takes a long time), it's worked
around in upstream yum-utils ... but that hasn't made it to f7 yet.
Note that "yum --security update" still works, as that uses another code path.
> However, yum-security is now merely saying that
> there are no security updates.
This is all dependant on the updateinfo.xml file ... which doesn't seem to
exist in /var/cache/yum/updates atm. on Fed-7. and I don't see it at:
...is pirut/pup getting this data?
(In reply to comment #5)
> > yum list security
> This doesn't do anything, you want yum list-security (as there are no ways to
> add sub-commands).
Wow, I must have been *really* bleary-eyed when I first read that man page. I
have no idea how I thought that was the correct command.
> > yum --security list updates
> > then it tries to process for a *very* long time
> This is a known bug (plugin remove package takes a long time), it's worked
> around in upstream yum-utils ... but that hasn't made it to f7 yet.
> Note that "yum --security update" still works, as that uses another code path.
When I first filed this bug, I was using yum-utils 1.1.5-1.fc7. Now that
yum-utils has been upgraded to 1.1.6-1.fc7 in F7,
yum --security list updates
now returns in a sane amount of time. However, it returns some strange data.
When I run that command now, I get a listing of two kmod packages, at least one
of which is definitely not a security update. (The latest kmod-sysprof, in
particular.) It doesn't list any other packages. With the current behavior, I
guess I would expect it to return an empty list as well...
> > However, yum-security is now merely saying that
> > there are no security updates.
> This is all dependant on the updateinfo.xml file ... which doesn't seem to
> exist in /var/cache/yum/updates atm. on Fed-7. and I don't see it at:
> ...is pirut/pup getting this data?
Just another data point: Updates for FC6 do seem to have the udateinfo.xml
However, extras for FC6 do not. See
(Note the ftp protocol. The directory contains an index.html file that
redirects you to a repoview index page.) I don't know if this is for political
or technical reasons. Naively, I would think that since the F7 updates repo
also applies to stuff that used to be in extras, then FC6 extras would have an
updateinfo.xml file along with FC6 updates.
FYI: It is a known bug that there is no updateinfo.xml for Fedora 7:
Okay this entire bug seems to be based in that we didn't have the infrastructure
in place to generate the updateinfo xml files for all versions of the distro.
Since fc6 is EOL'd and f7 and f8 get their updateinfo generated by bodhi I think
we can safely close this bug as fixed - currentrelease