Bug 441677 - yum-security plugin needs to pull in non-security dependancies
Summary: yum-security plugin needs to pull in non-security dependancies
Alias: None
Product: Fedora
Classification: Fedora
Component: yum-utils
Version: 8
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: James Antill
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-04-09 13:45 UTC by Bradley
Modified: 2008-11-26 10:56 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-11-26 10:56:09 UTC
Type: ---

Attachments (Terms of Use)
debug output (126.41 KB, text/plain)
2008-04-09 13:45 UTC, Bradley
no flags Details
debug output with patch (specifying package name) (4.29 KB, text/plain)
2008-04-09 15:18 UTC, Bradley
no flags Details
Without the package name (2.84 KB, text/plain)
2008-04-09 15:19 UTC, Bradley
no flags Details

Description Bradley 2008-04-09 13:45:32 UTC
Description of problem:

Using yum --security, if a package has a dependency that is being excluded
(because its not a security package), the rpm install fails. Instead, any
security packages and all dependencies should be installed (even if they're not
security updates themselves)

Version-Release number of selected component (if applicable):



How reproducible:


Steps to Reproduce:
1. Have above xine packages installed
2. Ensure that the updated RPMs are available (both local and livna
3. yum --security -y update
Actual results:

Packages download, but install fails with:

ERROR with rpm_check_debug vs depsolve:
Package xine-lib-extras-nonfree needs xine-lib = 1.1.11, this is not available.

Expected results:

xine-lib-extras-nonfree is downloaded as well and installed to meet dependancies

Additional info:

- Debug (-d 5) attached

- yum update xine-lib (without --security) does work, so all the metadata on my
mirror is definitely OK.

Comment 1 Bradley 2008-04-09 13:45:32 UTC
Created attachment 301805 [details]
debug output

Comment 2 James Antill 2008-04-09 14:23:55 UTC
 Can you try this patch:


Comment 3 James Antill 2008-04-09 14:46:58 UTC
 Also, if that doesn't work ... can you add the output for the "yum -d 5 update
xine-libs" case.

Comment 4 Bradley 2008-04-09 15:18:35 UTC
Created attachment 301830 [details]
debug output with patch (specifying package name)

Well, sort of. With 'yum --security update xine-lib' it works.

However, if I don't specify a package name it fails. The new output says that
its updating 3 of 4 packages (the old one said 1 of 2), but it still doesn't
pull in the dep.

This debug is specifying the package name; the following one will be without
any package.

Comment 5 Bradley 2008-04-09 15:19:05 UTC
Created attachment 301831 [details]
Without the package name

Comment 6 Bradley 2008-04-09 15:19:52 UTC
Both those attachments were with the patch manually applied.

Comment 7 James Antill 2008-04-09 17:16:43 UTC
 Ok, I'm pretty sure I've fixed this. Here's an updated security plugin:


...just copy over the old one, I've only tested with 3.2.14 ... but it should
work :).

Comment 8 Bradley 2008-04-10 00:38:59 UTC
That works, thanks. It does still say:

Needed 3 of 4 packages, for security


Comment 9 James Antill 2008-04-10 03:13:26 UTC
 Ok, thanks. I'll leave this BZ open at least until the fix is in rawhide.

 The message is intentional ... and is saying it removed 1 package from a normal
"yum update" (i.e. it needed 3 of the 4 available packages, due to security).

Comment 10 Bradley 2008-04-10 04:13:20 UTC
But there are only 2 available packages, only one of which is a security
issue... Without the patch it said 1 of 2; it should say either 1/2 or 2/2
(making sure not to overcount if the extra package wasn't an update but was an
extra prereq)

Comment 11 James Antill 2008-04-10 04:28:08 UTC
 Right, I've also changed it upstream to say "transactional packages" which is
kind of what it is counting.
 The extra numbers are because it's counting the old xine-lib packages you have
installed (which are being removed as part of the transaction).

Comment 12 Bug Zapper 2008-11-26 10:27:18 UTC
This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Comment 13 Bradley 2008-11-26 10:56:09 UTC
Fixed for F10 (and was earlier pushed to F8 as an update, IIRC)

Note You need to log in before you can comment on or make changes to this bug.