Compare commits

..

No commits in common. "c8" and "changed/a9-beta/dnf-4.14.0-4.el9.alma" have entirely different histories.

51 changed files with 496 additions and 30576 deletions

1
.dnf.metadata Normal file
View File

@ -0,0 +1 @@
0697aee277730c57446b5b87bdb12456cf245203 SOURCES/dnf-4.14.0.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/dnf-4.7.0.tar.gz SOURCES/dnf-4.14.0.tar.gz

View File

@ -0,0 +1,62 @@
From 5e082d74b73bf1b3565cfd72a3e1ba7a45a00a8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Wed, 7 Sep 2022 14:40:32 +0200
Subject: [PATCH 1/2] Pass whole URL in relativeUrl to PackageTarget for RPM
URL download
The PackageTarget supports baseUrl and relativeUrl on the API, but then
the relativeUrl is just a path fragment with no definition on whether it
should be encoded. It's being passed unencoded paths from other places,
and so there's a conditional encode (only if not full URL) in libdnf.
But full URLs are actually supported in relativeUrl (in that case
baseUrl should be empty) and in that case the URL is expected to be
encoded and is not encoded for the second time.
Hence, pass the full URL to relativeUrl instead of splitting it. We also
need to decode the file name we store, as on the filesystem the RPM file
name is also decoded.
= changelog =
msg: Don't double-encode RPM URLs passed on CLI
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2103015
---
dnf/repo.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/dnf/repo.py b/dnf/repo.py
index ec1a2537..86fb2bf4 100644
--- a/dnf/repo.py
+++ b/dnf/repo.py
@@ -47,6 +47,7 @@ import string
import sys
import time
import traceback
+import urllib
_PACKAGES_RELATIVE_DIR = "packages"
_MIRRORLIST_FILENAME = "mirrorlist"
@@ -295,7 +296,7 @@ class RemoteRPMPayload(PackagePayload):
self.local_path = os.path.join(self.pkgdir, self.__str__().lstrip("/"))
def __str__(self):
- return os.path.basename(self.remote_location)
+ return os.path.basename(urllib.parse.unquote(self.remote_location))
def _progress_cb(self, cbdata, total, done):
self.remote_size = total
@@ -308,8 +309,8 @@ class RemoteRPMPayload(PackagePayload):
def _librepo_target(self):
return libdnf.repo.PackageTarget(
- self.conf._config, os.path.basename(self.remote_location),
- self.pkgdir, 0, None, 0, os.path.dirname(self.remote_location),
+ self.conf._config, self.remote_location,
+ self.pkgdir, 0, None, 0, None,
True, 0, 0, self.callbacks)
@property
--
2.37.3

View File

@ -1,26 +0,0 @@
From 423c987b6b14ec0a6277181ac7c038b50033296d Mon Sep 17 00:00:00 2001
From: Pavla Kratochvilova <pkratoch@redhat.com>
Date: Wed, 19 May 2021 12:58:30 +0200
Subject: [PATCH] Set top-level directory for unittest
In some build environments, the top-level directory is not added to
the sys.path and the tests fail. This fixes the issue.
---
tests/CMakeLists.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index b15cc62b..dedc46fd 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,6 +1,6 @@
ADD_TEST(
NAME test
- COMMAND ${PYTHON_EXECUTABLE} -m unittest discover -s tests
+ COMMAND ${PYTHON_EXECUTABLE} -m unittest discover -s tests -t ${PROJECT_SOURCE_DIR}
WORKING_DIRECTORY ${PROJECT_SOURCE_DIR})
# For libdnf built with sanitizers, has no effect otherwise.
--
2.35.1

View File

@ -1,7 +1,8 @@
From 97fe94c94f030f5596a3a3ac52748bdd7544ad52 Mon Sep 17 00:00:00 2001 From a41c3aefaa4f982511363645f5608e270094cadf Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com> From: Jan Kolarik <jkolarik@redhat.com>
Date: Tue, 1 Nov 2022 09:15:08 +0000 Date: Tue, 1 Nov 2022 09:15:08 +0000
Subject: [PATCH] Document changes to offline-upgrade command (RhBug:1939975) Subject: [PATCH 2/2] Document changes to offline-upgrade command
(RhBug:1939975)
A support for security filters was added to the offline-upgrade command. This commit adds the documentation into the man pages. A support for security filters was added to the offline-upgrade command. This commit adds the documentation into the man pages.
@ -13,10 +14,10 @@ resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1939975
1 file changed, 14 insertions(+), 14 deletions(-) 1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index bee6a109..7279b3a4 100644 index f39f2c71..3ee66bac 100644
--- a/doc/command_ref.rst --- a/doc/command_ref.rst
+++ b/doc/command_ref.rst +++ b/doc/command_ref.rst
@@ -113,7 +113,7 @@ Options @@ -114,7 +114,7 @@ Options
``--advisory=<advisory>, --advisories=<advisory>`` ``--advisory=<advisory>, --advisories=<advisory>``
Include packages corresponding to the advisory ID, Eg. FEDORA-2201-123. Include packages corresponding to the advisory ID, Eg. FEDORA-2201-123.
@ -25,8 +26,8 @@ index bee6a109..7279b3a4 100644
``--allowerasing`` ``--allowerasing``
Allow erasing of installed packages to resolve dependencies. This option could be used as an alternative to the ``yum swap`` command where packages to remove are not explicitly defined. Allow erasing of installed packages to resolve dependencies. This option could be used as an alternative to the ``yum swap`` command where packages to remove are not explicitly defined.
@@ -125,12 +125,12 @@ Options @@ -130,12 +130,12 @@ Options
Try the best available package versions in transactions. Specifically during :ref:`dnf upgrade <upgrade_command-label>`, which by default skips over updates that can not be installed for dependency reasons, the switch forces DNF to only consider the latest packages. When running into packages with broken dependencies, DNF will fail giving a reason why the latest version can not be installed. solver may use older versions of dependencies to meet their requirements.
``--bugfix`` ``--bugfix``
- Include packages that fix a bugfix issue. Applicable for the install, repoquery, updateinfo and - Include packages that fix a bugfix issue. Applicable for the install, repoquery, updateinfo and
@ -42,7 +43,7 @@ index bee6a109..7279b3a4 100644
``-C, --cacheonly`` ``-C, --cacheonly``
Run entirely from system cache, don't update the cache and use it even in case it is expired. Run entirely from system cache, don't update the cache and use it even in case it is expired.
@@ -148,8 +148,8 @@ Options @@ -153,8 +153,8 @@ Options
``--cve=<cves>, --cves=<cves>`` ``--cve=<cves>, --cves=<cves>``
Include packages that fix a CVE (Common Vulnerabilities and Exposures) ID Include packages that fix a CVE (Common Vulnerabilities and Exposures) ID
@ -53,8 +54,8 @@ index bee6a109..7279b3a4 100644
``-d <debug level>, --debuglevel=<debug level>`` ``-d <debug level>, --debuglevel=<debug level>``
Debugging output level. This is an integer value between 0 (no additional information strings) and 10 (shows all debugging information, even that not understandable to the user), default is 2. Deprecated, use ``-v`` instead. Debugging output level. This is an integer value between 0 (no additional information strings) and 10 (shows all debugging information, even that not understandable to the user), default is 2. Deprecated, use ``-v`` instead.
@@ -208,8 +208,8 @@ Options @@ -217,8 +217,8 @@ Options
Enable additional repositories by an id or a glob. specified multiple times.
``--enhancement`` ``--enhancement``
- Include enhancement relevant packages. Applicable for the install, repoquery, updateinfo and - Include enhancement relevant packages. Applicable for the install, repoquery, updateinfo and
@ -64,7 +65,7 @@ index bee6a109..7279b3a4 100644
.. _exclude_option-label: .. _exclude_option-label:
@@ -280,8 +280,8 @@ Options @@ -289,8 +289,8 @@ Options
``--setopt`` using configuration from ``/path/dnf.conf``. ``--setopt`` using configuration from ``/path/dnf.conf``.
``--newpackage`` ``--newpackage``
@ -75,7 +76,7 @@ index bee6a109..7279b3a4 100644
``--noautoremove`` ``--noautoremove``
Disable removal of dependencies that are no longer used. It sets Disable removal of dependencies that are no longer used. It sets
@@ -353,11 +353,11 @@ Options @@ -362,11 +362,11 @@ Options
``--sec-severity=<severity>, --secseverity=<severity>`` ``--sec-severity=<severity>, --secseverity=<severity>``
Includes packages that provide a fix for an issue of the specified severity. Includes packages that provide a fix for an issue of the specified severity.

View File

@ -1,36 +0,0 @@
From 8522c4651678097157fd9f133a451c892021d30b Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Tue, 4 May 2021 22:03:30 +0200
Subject: [PATCH] dnf/rpm/miscutils.py: fix usage of _()
Specifically:
- an import of _ was missing
- _ was reused for a different purpose
---
dnf/rpm/miscutils.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 235aaf28..7e33d4c4 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -22,6 +22,7 @@ import subprocess
import logging
from dnf.i18n import ucd
+from dnf.i18n import _
from shutil import which
@@ -46,7 +47,7 @@ def _verifyPkgUsingRpmkeys(package, installroot):
env={'LC_ALL': 'C'},
stdout=subprocess.PIPE,
cwd='/') as p:
- data, _ = p.communicate()
+ data, err = p.communicate()
if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
return 0
else:
--
2.35.1

View File

@ -1,7 +1,7 @@
From c9251d182be0bfa66345220cffe0842b44a061a8 Mon Sep 17 00:00:00 2001 From e5732ab22f092bb3fc6ce6e8f94aad72f3654383 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com> From: Jan Kolarik <jkolarik@redhat.com>
Date: Wed, 31 Aug 2022 07:49:39 +0200 Date: Wed, 31 Aug 2022 07:49:39 +0200
Subject: [PATCH] Move system-upgrade plugin to core (RhBug:2054235) Subject: [PATCH 1/2] Move system-upgrade plugin to core (RhBug:2054235)
Just doc fix. Just doc fix.
@ -13,10 +13,10 @@ resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2054235
1 file changed, 1 insertion(+), 2 deletions(-) 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 7a02448c..bee6a109 100644 index 996ae3b4..f39f2c71 100644
--- a/doc/command_ref.rst --- a/doc/command_ref.rst
+++ b/doc/command_ref.rst +++ b/doc/command_ref.rst
@@ -182,8 +182,7 @@ Options @@ -189,8 +189,7 @@ Options
``--downloaddir=<path>, --destdir=<path>`` ``--downloaddir=<path>, --destdir=<path>``
Redirect downloaded packages to provided directory. The option has to be used together with the \-\ Redirect downloaded packages to provided directory. The option has to be used together with the \-\
:ref:`-downloadonly <downloadonly-label>` command line option, with the :ref:`-downloadonly <downloadonly-label>` command line option, with the
@ -27,5 +27,5 @@ index 7a02448c..bee6a109 100644
.. _downloadonly-label: .. _downloadonly-label:
-- --
2.37.3 2.38.1

View File

@ -1,56 +0,0 @@
From f109c57ab18d8b1a80e707df3c3f7ad8930bdd42 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Tue, 27 Apr 2021 21:07:19 -0400
Subject: [PATCH] Pass the package to rpmkeys stdin
This avoids having to compute the expected stdout value, which will
always be the constant "-: digests signatures OK\n".
---
dnf/rpm/miscutils.py | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 7e33d4c4..5f2621c2 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -29,7 +29,8 @@ from shutil import which
logger = logging.getLogger('dnf')
-def _verifyPkgUsingRpmkeys(package, installroot):
+def _verifyPkgUsingRpmkeys(package, installroot, fdno):
+ os.lseek(fdno, 0, os.SEEK_SET)
rpmkeys_binary = '/usr/bin/rpmkeys'
if not os.path.isfile(rpmkeys_binary):
rpmkeys_binary = which("rpmkeys")
@@ -40,15 +41,16 @@ def _verifyPkgUsingRpmkeys(package, installroot):
logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
return 0
- args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '--', package)
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
with subprocess.Popen(
args=args,
executable=rpmkeys_binary,
env={'LC_ALL': 'C'},
+ stdin=fdno,
stdout=subprocess.PIPE,
cwd='/') as p:
data, err = p.communicate()
- if p.returncode != 0 or data != (package.encode('ascii', 'strict') + b': digests signatures OK\n'):
+ if p.returncode != 0 or data != b'-: digests signatures OK\n':
return 0
else:
return 1
@@ -85,7 +87,7 @@ def checkSig(ts, package):
if siginfo == '(none)':
value = 4
- elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir):
+ elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
value = 0
else:
raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
--
2.35.1

View File

@ -1,11 +1,8 @@
From 9700b8fabd102fcf289281c3c04238da90d7b28e Mon Sep 17 00:00:00 2001 From 3ef5ec915ea4b5e6fe7d25542f0daccef278c01e Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com> From: Jan Kolarik <jkolarik@redhat.com>
Date: Tue, 13 Sep 2022 14:35:10 +0200 Date: Tue, 13 Sep 2022 14:35:10 +0200
Subject: [PATCH] Fix plugins unit tests + unload plugins upon their deletion Subject: [PATCH] Fix plugins unit tests + unload plugins upon their deletion
=changelog=
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2134309
--- ---
dnf/plugin.py | 8 ++++++-- dnf/plugin.py | 8 ++++++--
tests/api/test_dnf_base.py | 24 +++++++++++++++++++----- tests/api/test_dnf_base.py | 24 +++++++++++++++++++-----
@ -93,5 +90,5 @@ index e84e272b..19754b07 100644
self.base.unload_plugins() self.base.unload_plugins()
-- --
2.37.3 2.38.1

View File

@ -1,174 +0,0 @@
From 9798e9ee85f1ba39c816fa08fd3d6168cc8b29e8 Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Fri, 9 Apr 2021 13:03:03 -0400
Subject: [PATCH] Use rpmkeys alone to verify signature
This avoids having to actually parse the package to check its signature,
which reduces attack surface. If the output of rpmkeys cannot be
parsed, we assume the package is corrupt (the most likely cause).
---
dnf/rpm/miscutils.py | 126 ++++++++++++++++++++++---------------------
1 file changed, 66 insertions(+), 60 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 5f2621c2..9d5b2860 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -13,47 +13,84 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Copyright 2003 Duke University
-from __future__ import print_function, absolute_import
-from __future__ import unicode_literals
+from __future__ import print_function, absolute_import, unicode_literals
-import rpm
import os
import subprocess
import logging
-
-from dnf.i18n import ucd
-from dnf.i18n import _
from shutil import which
+from dnf.i18n import _
-logger = logging.getLogger('dnf')
+_logger = logging.getLogger('dnf')
+_rpmkeys_binary = None
+def _find_rpmkeys_binary():
+ global _rpmkeys_binary
+ if _rpmkeys_binary is None:
+ _rpmkeys_binary = which("rpmkeys")
+ _logger.debug(_('Using rpmkeys executable at %s to verify signatures'),
+ _rpmkeys_binary)
+ return _rpmkeys_binary
-def _verifyPkgUsingRpmkeys(package, installroot, fdno):
- os.lseek(fdno, 0, os.SEEK_SET)
- rpmkeys_binary = '/usr/bin/rpmkeys'
- if not os.path.isfile(rpmkeys_binary):
- rpmkeys_binary = which("rpmkeys")
- logger.info(_('Using rpmkeys executable from {path} to verify signature for package: {package}.').format(
- path=rpmkeys_binary, package=package))
+def _process_rpm_output(data):
+ # No signatures or digests = corrupt package.
+ # There is at least one line for -: and another (empty) entry after the
+ # last newline.
+ if len(data) < 3 or data[0] != b'-:' or data[-1]:
+ return 2
+ seen_sig, missing_key, not_trusted, not_signed = False, False, False, False
+ for i in data[1:-1]:
+ if b': BAD' in i:
+ return 2
+ elif i.endswith(b': NOKEY'):
+ missing_key = True
+ elif i.endswith(b': NOTTRUSTED'):
+ not_trusted = True
+ elif i.endswith(b': NOTFOUND'):
+ not_signed = True
+ elif not i.endswith(b': OK'):
+ return 2
+ if not_trusted:
+ return 3
+ elif missing_key:
+ return 1
+ elif not_signed:
+ return 4
+ # we still check return code, so this is safe
+ return 0
- if not os.path.isfile(rpmkeys_binary):
- logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
- return 0
+def _verifyPackageUsingRpmkeys(package, installroot):
+ rpmkeys_binary = _find_rpmkeys_binary()
+ if rpmkeys_binary is None or not os.path.isfile(rpmkeys_binary):
+ _logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
+ return 2
- args = ('rpmkeys', '--checksig', '--root', installroot, '--define', '_pkgverify_level all', '-')
+ # "--define=_pkgverify_level all" enforces signature checking;
+ # "--define=_pkgverify_flags 0x0" ensures that all signatures and digests
+ # are checked.
+ args = ('rpmkeys', '--checksig', '--root', installroot, '--verbose',
+ '--define=_pkgverify_level all', '--define=_pkgverify_flags 0x0',
+ '-')
with subprocess.Popen(
args=args,
executable=rpmkeys_binary,
env={'LC_ALL': 'C'},
- stdin=fdno,
stdout=subprocess.PIPE,
- cwd='/') as p:
- data, err = p.communicate()
- if p.returncode != 0 or data != b'-: digests signatures OK\n':
- return 0
- else:
- return 1
+ cwd='/',
+ stdin=package) as p:
+ data = p.communicate()[0]
+ returncode = p.returncode
+ if type(returncode) is not int:
+ raise AssertionError('Popen set return code to non-int')
+ # rpmkeys can return something other than 0 or 1 in the case of a
+ # fatal error (OOM, abort() called, SIGSEGV, etc)
+ if returncode >= 2 or returncode < 0:
+ return 2
+ ret = _process_rpm_output(data.split(b'\n'))
+ if ret:
+ return ret
+ return 2 if returncode else 0
def checkSig(ts, package):
"""Takes a transaction set and a package, check it's sigs,
@@ -63,40 +100,9 @@ def checkSig(ts, package):
return 3 if the key is not trusted
return 4 if the pkg is not gpg or pgp signed"""
- value = 4
- currentflags = ts.setVSFlags(0)
- fdno = os.open(package, os.O_RDONLY)
+ fdno = os.open(package, os.O_RDONLY|os.O_NOCTTY|os.O_CLOEXEC)
try:
- hdr = ts.hdrFromFdno(fdno)
- except rpm.error as e:
- if str(e) == "public key not available":
- value = 1
- elif str(e) == "public key not trusted":
- value = 3
- elif str(e) == "error reading package header":
- value = 2
- else:
- raise ValueError('Unexpected error value %r from ts.hdrFromFdno when checking signature.' % str(e))
- else:
- # checks signature from an hdr
- string = '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:' \
- '{%|SIGGPG?{%{SIGGPG:pgpsig}}:{%|SIGPGP?{%{SIGPGP:pgpsig}}:{(none)}|}|}|}|'
- try:
- siginfo = hdr.sprintf(string)
- siginfo = ucd(siginfo)
-
- if siginfo == '(none)':
- value = 4
- elif "Key ID" in siginfo and _verifyPkgUsingRpmkeys(package, ts.ts.rootDir, fdno):
- value = 0
- else:
- raise ValueError('Unexpected return value %r from hdr.sprintf when checking signature.' % siginfo)
- except UnicodeDecodeError:
- pass
-
- del hdr
-
- os.close(fdno)
-
- ts.setVSFlags(currentflags) # put things back like they were before
+ value = _verifyPackageUsingRpmkeys(fdno, ts.ts.rootDir)
+ finally:
+ os.close(fdno)
return value
--
2.35.1

View File

@ -1,8 +1,8 @@
From 23742561dcb168604d9668815a8c1ebbdf516d39 Mon Sep 17 00:00:00 2001 From 490cf87dd27926d16fb10735b467cbc490d5c9f1 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com> From: Jan Kolarik <jkolarik@redhat.com>
Date: Wed, 23 Nov 2022 08:44:41 +0000 Date: Wed, 23 Nov 2022 08:44:41 +0000
Subject: [PATCH 2/2] Ignore processing variable files with unsupported Subject: [PATCH] Ignore processing variable files with unsupported encoding
encoding (RhBug:2141215) (RhBug:2141215)
This issue could be seen for example when there are some temporary files stored by text editors in the `/etc/dnf/vars` folder. These files could be in the binary format and causes `UnicodeDecodeError` exception to be thrown during processing of the var files. This issue could be seen for example when there are some temporary files stored by text editors in the `/etc/dnf/vars` folder. These files could be in the binary format and causes `UnicodeDecodeError` exception to be thrown during processing of the var files.

View File

@ -1,37 +0,0 @@
From 185330e5d5f5e07f40ed08c706fd997abffd5e78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Thu, 3 Jun 2021 11:23:31 +0200
Subject: [PATCH] Lower _pkgverify_level to signature for signature checking
with rpmkeys
We don't want to be veryfing digests as well when checking signatures.
It would break legacy package installation in FIPS mode due to MD5
digest being unverifiable (see https://access.redhat.com/solutions/5221661)
Follow up for https://github.com/rpm-software-management/dnf/pull/1753
---
dnf/rpm/miscutils.py | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/dnf/rpm/miscutils.py b/dnf/rpm/miscutils.py
index 9d5b2860..46ef4754 100644
--- a/dnf/rpm/miscutils.py
+++ b/dnf/rpm/miscutils.py
@@ -66,11 +66,10 @@ def _verifyPackageUsingRpmkeys(package, installroot):
_logger.critical(_('Cannot find rpmkeys executable to verify signatures.'))
return 2
- # "--define=_pkgverify_level all" enforces signature checking;
- # "--define=_pkgverify_flags 0x0" ensures that all signatures and digests
- # are checked.
+ # "--define=_pkgverify_level signature" enforces signature checking;
+ # "--define=_pkgverify_flags 0x0" ensures that all signatures are checked.
args = ('rpmkeys', '--checksig', '--root', installroot, '--verbose',
- '--define=_pkgverify_level all', '--define=_pkgverify_flags 0x0',
+ '--define=_pkgverify_level signature', '--define=_pkgverify_flags 0x0',
'-')
with subprocess.Popen(
args=args,
--
2.35.1

View File

@ -1,101 +0,0 @@
From 6766d3af1993d48f5548746e68268e674e52bd1d Mon Sep 17 00:00:00 2001
From: Gary Leydon <gary.leydon@yale.edu>
Date: Fri, 21 May 2021 14:13:59 -0400
Subject: [PATCH] add default colors to documentation
---
doc/conf_ref.rst | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index ec5bac2a..fcaa0319 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -498,72 +498,72 @@ configuration file by your distribution to override the DNF defaults.
:ref:`color <color-label>`
Color of available packages that are older than installed packages.
- The option is used during list operations.
+ The option is used during list operations. Default is dim,cyan.
``color_list_available_install``
:ref:`color <color-label>`
Color of packages that are available for installation and none of their versions in installed.
- The option is used during list operations.
+ The option is used during list operations. Default is normal.
``color_list_available_reinstall``
:ref:`color <color-label>`
- Color of available packages that are identical to installed versions and are available for reinstalls.
+ Color of available packages that are identical to installed versions and are available for reinstalls. Default is bold,underline,green.
The option is used during list operations.
``color_list_available_upgrade``
:ref:`color <color-label>`
- Color of available packages that are newer than installed packages.
+ Color of available packages that are newer than installed packages. Default is bold,blue.
The option is used during list operations.
``color_list_installed_extra``
:ref:`color <color-label>`
Color of installed packages that do not have any version among available packages.
- The option is used during list operations.
+ The option is used during list operations. Default is bold,red.
``color_list_installed_newer``
:ref:`color <color-label>`
Color of installed packages that are newer than any version among available packages.
- The option is used during list operations.
+ The option is used during list operations. Default is bold,yellow.
``color_list_installed_older``
:ref:`color <color-label>`
Color of installed packages that are older than any version among available packages.
- The option is used during list operations.
+ The option is used during list operations. Default is bold.
``color_list_installed_reinstall``
:ref:`color <color-label>`
Color of installed packages that are among available packages and can be reinstalled.
- The option is used during list operations.
+ The option is used during list operations. Default is normal.
``color_search_match``
:ref:`color <color-label>`
- Color of patterns matched in search output.
+ Color of patterns matched in search output. Default is bold.
``color_update_installed``
:ref:`color <color-label>`
- Color of removed packages.
+ Color of removed packages. Default is normal.
This option is used during displaying transactions.
``color_update_local``
:ref:`color <color-label>`
Color of local packages that are installed from the @commandline repository.
- This option is used during displaying transactions.
+ This option is used during displaying transactions. Default is bold.
``color_update_remote``
:ref:`color <color-label>`
Color of packages that are installed/upgraded/downgraded from remote repositories.
- This option is used during displaying transactions.
+ This option is used during displaying transactions. Default is normal.
==============
--
2.35.1

View File

@ -1,21 +0,0 @@
From 276e3b1d19bfad2a72f75ecbcce478e4f1e575db Mon Sep 17 00:00:00 2001
From: Gary Leydon <gary.leydon@yale.edu>
Date: Fri, 21 May 2021 14:16:21 -0400
Subject: [PATCH] add author
---
AUTHORS | 1 +
1 file changed, 1 insertion(+)
diff --git a/AUTHORS b/AUTHORS
index 1981dc4e..f8c9eb83 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -95,3 +95,4 @@ DNF CONTRIBUTORS
Vladan Kudlac <vladankudlac@gmail.com>
Will Woods <wwoods@redhat.com>
Furkan Karcıoğlu <krc440002@gmail.com>
+ Gary Leydon <gary.leydon@yale.edu>
--
2.35.1

View File

@ -1,75 +0,0 @@
From 5cfe87de2ecd645c2aa8b210bd98171e8dd72fe5 Mon Sep 17 00:00:00 2001
From: Gary Leydon <gary.leydon@yale.edu>
Date: Thu, 27 May 2021 11:52:42 -0400
Subject: [PATCH] update colors according to libdnf/libdnf/conf/ConfigMain.cpp
---
doc/conf_ref.rst | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index fcaa0319..016bd00c 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -498,13 +498,13 @@ configuration file by your distribution to override the DNF defaults.
:ref:`color <color-label>`
Color of available packages that are older than installed packages.
- The option is used during list operations. Default is dim,cyan.
+ The option is used during list operations. Default is magenta.
``color_list_available_install``
:ref:`color <color-label>`
Color of packages that are available for installation and none of their versions in installed.
- The option is used during list operations. Default is normal.
+ The option is used during list operations. Default is bold,cyan.
``color_list_available_reinstall``
:ref:`color <color-label>`
@@ -534,36 +534,36 @@ configuration file by your distribution to override the DNF defaults.
:ref:`color <color-label>`
Color of installed packages that are older than any version among available packages.
- The option is used during list operations. Default is bold.
+ The option is used during list operations. Default is yellow.
``color_list_installed_reinstall``
:ref:`color <color-label>`
Color of installed packages that are among available packages and can be reinstalled.
- The option is used during list operations. Default is normal.
+ The option is used during list operations. Default is cyan.
``color_search_match``
:ref:`color <color-label>`
- Color of patterns matched in search output. Default is bold.
+ Color of patterns matched in search output. Default is bold,magenta.
``color_update_installed``
:ref:`color <color-label>`
- Color of removed packages. Default is normal.
+ Color of removed packages. Default is red.
This option is used during displaying transactions.
``color_update_local``
:ref:`color <color-label>`
Color of local packages that are installed from the @commandline repository.
- This option is used during displaying transactions. Default is bold.
+ This option is used during displaying transactions. Default is green.
``color_update_remote``
:ref:`color <color-label>`
Color of packages that are installed/upgraded/downgraded from remote repositories.
- This option is used during displaying transactions. Default is normal.
+ This option is used during displaying transactions. Default is bold,green.
==============
--
2.35.1

View File

@ -1,81 +0,0 @@
From f5cb86b83aedaa18fd784d06d8f1479b9127c6f5 Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Wed, 6 Oct 2021 09:43:37 +0200
Subject: [PATCH] Fix reporting irrecoverable errors on packages download
The original _irrecoverable property returns random dictionary - either
packages irrecoverable errors, or global fatal error or even new empty
dictionary. This makes it prone to programmer errors like:
errs._irrecoverable[pkg] = [err]
which may lead to setting the error into the newly created empty
dictionary instead of packages errors dictionary as intended.
I turned the property to method which I consider more clear.
---
dnf/base.py | 8 ++++----
dnf/repo.py | 9 ++++-----
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/dnf/base.py b/dnf/base.py
index 0949ddf8..b0a378c2 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1165,8 +1165,8 @@ class Base(object):
progress.start(len(payloads), est_remote_size)
errors = dnf.repo._download_payloads(payloads, drpm)
- if errors._irrecoverable:
- raise dnf.exceptions.DownloadError(errors._irrecoverable)
+ if errors._irrecoverable():
+ raise dnf.exceptions.DownloadError(errors._irrecoverable())
remote_size = sum(errors._bandwidth_used(pload)
for pload in payloads)
@@ -1191,8 +1191,8 @@ class Base(object):
progress.start(len(payloads), est_remote_size)
errors = dnf.repo._download_payloads(payloads, drpm)
- if errors._irrecoverable:
- raise dnf.exceptions.DownloadError(errors._irrecoverable)
+ if errors._irrecoverable():
+ raise dnf.exceptions.DownloadError(errors._irrecoverable())
remote_size += \
sum(errors._bandwidth_used(pload) for pload in payloads)
diff --git a/dnf/repo.py b/dnf/repo.py
index b5c9849e..b454e981 100644
--- a/dnf/repo.py
+++ b/dnf/repo.py
@@ -112,7 +112,7 @@ def _download_payloads(payloads, drpm):
errs._skipped.add(pkg)
continue
pkg.repo._repo.expire()
- errs._irrecoverable[pkg] = [err]
+ errs._pkg_irrecoverable[pkg] = [err]
return errs
@@ -131,15 +131,14 @@ def _update_saving(saving, payloads, errs):
class _DownloadErrors(object):
def __init__(self):
- self._val_irrecoverable = {}
+ self._pkg_irrecoverable = {}
self._val_recoverable = {}
self._fatal = None
self._skipped = set()
- @property
def _irrecoverable(self):
- if self._val_irrecoverable:
- return self._val_irrecoverable
+ if self._pkg_irrecoverable:
+ return self._pkg_irrecoverable
if self._fatal:
return {'': [self._fatal]}
return {}
--
2.35.1

View File

@ -1,68 +0,0 @@
From ca3d7f06c8f4c1c901dc853ac33c06976b46c61e Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Wed, 6 Oct 2021 09:56:05 +0200
Subject: [PATCH] Add fail_fast parameter to download_payloads methods
Unlike in the rpm transaction, reposync needs to switch the fail_fast
off to download as much packages from repository as possible.
---
dnf/base.py | 6 +++---
dnf/repo.py | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/dnf/base.py b/dnf/base.py
index b0a378c2..c258a5a7 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1151,7 +1151,7 @@ class Base(object):
timer()
self._trans_success = True
- def _download_remote_payloads(self, payloads, drpm, progress, callback_total):
+ def _download_remote_payloads(self, payloads, drpm, progress, callback_total, fail_fast=True):
lock = dnf.lock.build_download_lock(self.conf.cachedir, self.conf.exit_on_lock)
with lock:
beg_download = time.time()
@@ -1163,7 +1163,7 @@ class Base(object):
progress.start(len(payloads), est_remote_size, total_drpms=total_drpm)
else:
progress.start(len(payloads), est_remote_size)
- errors = dnf.repo._download_payloads(payloads, drpm)
+ errors = dnf.repo._download_payloads(payloads, drpm, fail_fast)
if errors._irrecoverable():
raise dnf.exceptions.DownloadError(errors._irrecoverable())
@@ -1189,7 +1189,7 @@ class Base(object):
est_remote_size = sum(pload.download_size
for pload in payloads)
progress.start(len(payloads), est_remote_size)
- errors = dnf.repo._download_payloads(payloads, drpm)
+ errors = dnf.repo._download_payloads(payloads, drpm, fail_fast)
if errors._irrecoverable():
raise dnf.exceptions.DownloadError(errors._irrecoverable())
diff --git a/dnf/repo.py b/dnf/repo.py
index b454e981..bb422309 100644
--- a/dnf/repo.py
+++ b/dnf/repo.py
@@ -84,7 +84,7 @@ def _pkg2payload(pkg, progress, *factories):
raise ValueError(_('no matching payload factory for %s') % pkg)
-def _download_payloads(payloads, drpm):
+def _download_payloads(payloads, drpm, fail_fast=True):
# download packages
def _download_sort_key(payload):
return not hasattr(payload, 'delta')
@@ -94,7 +94,7 @@ def _download_payloads(payloads, drpm):
for pload in sorted(payloads, key=_download_sort_key)]
errs = _DownloadErrors()
try:
- libdnf.repo.PackageTarget.downloadPackages(libdnf.repo.VectorPPackageTarget(targets), True)
+ libdnf.repo.PackageTarget.downloadPackages(libdnf.repo.VectorPPackageTarget(targets), fail_fast)
except RuntimeError as e:
errs._fatal = str(e)
drpm.wait()
--
2.35.1

View File

@ -1,139 +0,0 @@
From f0f037db8219b1e74be4ed86f5eea53b63ca1d88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Tue, 20 Jul 2021 15:29:59 +0200
Subject: [PATCH] comps: Make the install_or_skip() method not catch CompsError
anymore
According to its docstring, the original intention of the method was to
not fail on installing an already installed group/environment.
However, the CompsError is no longer thrown when attempting to install
an already installed group or environment. It was changed to logging a
warning directly in 5210b9dc and then the check was removed completely
in 217ca0fa.
For the other case for which an instance of CompsError can be thrown
from the install_group() and install_environment() methods, which is
when a group or environment is not found, we certainly want to throw an
error (see the linked bugs), therefore there's no reason to catch the
exception anymore.
The install_or_skip() method is preserved as part of the API so as not
to break compatibility any more than necessary.
msg: API: Raise CompsError when group/env not found in install_group and install_environment
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1947958
related: https://bugzilla.redhat.com/show_bug.cgi?id=1943206
---
dnf/base.py | 8 ++------
dnf/cli/commands/group.py | 4 ++--
dnf/comps.py | 20 ++++++++++----------
doc/api_base.rst | 4 ++--
4 files changed, 16 insertions(+), 20 deletions(-)
diff --git a/dnf/base.py b/dnf/base.py
index c258a5a7..babca31d 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1668,9 +1668,7 @@ class Base(object):
if not isinstance(types, int):
types = libdnf.transaction.listToCompsPackageType(types)
- trans = dnf.comps.install_or_skip(solver._environment_install,
- env_id, types, exclude or set(),
- strict, exclude_groups)
+ trans = solver._environment_install(env_id, types, exclude or set(), strict, exclude_groups)
if not trans:
return 0
return self._add_comps_trans(trans)
@@ -1713,9 +1711,7 @@ class Base(object):
if not isinstance(pkg_types, int):
pkg_types = libdnf.transaction.listToCompsPackageType(pkg_types)
- trans = dnf.comps.install_or_skip(solver._group_install,
- grp_id, pkg_types, exclude_pkgnames,
- strict)
+ trans = solver._group_install(grp_id, pkg_types, exclude_pkgnames, strict)
if not trans:
return 0
if strict:
diff --git a/dnf/cli/commands/group.py b/dnf/cli/commands/group.py
index cf542799..fd723c48 100644
--- a/dnf/cli/commands/group.py
+++ b/dnf/cli/commands/group.py
@@ -244,9 +244,9 @@ class GroupCommand(commands.Command):
types = tuple(self.base.conf.group_package_types)
pkg_types = libdnf.transaction.listToCompsPackageType(types)
for env_id in res.environments:
- dnf.comps.install_or_skip(solver._environment_install, env_id, pkg_types)
+ solver._environment_install(env_id, pkg_types)
for group_id in res.groups:
- dnf.comps.install_or_skip(solver._group_install, group_id, pkg_types)
+ solver._group_install(group_id, pkg_types)
def _mark_remove(self, patterns):
q = CompsQuery(self.base.comps, self.base.history,
diff --git a/dnf/comps.py b/dnf/comps.py
index 89765337..461eb274 100644
--- a/dnf/comps.py
+++ b/dnf/comps.py
@@ -93,15 +93,15 @@ def _fn_display_order(group):
def install_or_skip(install_fnc, grp_or_env_id, types, exclude=None,
strict=True, exclude_groups=None):
- """Either mark in persistor as installed given `grp_or_env` (group
- or environment) or skip it (if it's already installed).
- `install_fnc` has to be Solver._group_install
- or Solver._environment_install.
- """
- try:
- return install_fnc(grp_or_env_id, types, exclude, strict, exclude_groups)
- except dnf.comps.CompsError as e:
- logger.warning("%s, %s", ucd(e)[:-1], _("skipping."))
+ """
+ Installs a group or an environment identified by grp_or_env_id.
+ This method is preserved for API compatibility. It used to catch an
+ exception thrown when a gorup or env was already installed, which is no
+ longer thrown.
+ `install_fnc` has to be Solver._group_install or
+ Solver._environment_install.
+ """
+ return install_fnc(grp_or_env_id, types, exclude, strict, exclude_groups)
class _Langs(object):
@@ -592,7 +592,7 @@ class Solver(object):
assert dnf.util.is_string_type(group_id)
return self.history.env.is_removable_group(group_id)
- def _environment_install(self, env_id, pkg_types, exclude, strict=True, exclude_groups=None):
+ def _environment_install(self, env_id, pkg_types, exclude=None, strict=True, exclude_groups=None):
assert dnf.util.is_string_type(env_id)
comps_env = self.comps._environment_by_id(env_id)
if not comps_env:
diff --git a/doc/api_base.rst b/doc/api_base.rst
index 20d7945e..03396b69 100644
--- a/doc/api_base.rst
+++ b/doc/api_base.rst
@@ -179,7 +179,7 @@
.. method:: group_install(group_id, pkg_types, exclude=None, strict=True)
- Mark group with corresponding `group_id` installed and mark the packages in the group for installation. Return the number of packages that the operation has marked for installation. `pkg_types` is a sequence of strings determining the kinds of packages to be installed, where the respective groups can be selected by including ``"mandatory"``, ``"default"`` or ``"optional"`` in it. If `exclude` is given, it has to be an iterable of package name glob patterns: :meth:`.group_install` will then not mark the respective packages for installation whenever possible. Parameter `strict` is a boolean indicating whether group packages that exist but are non-installable due to e.g. dependency issues should be skipped (False) or cause transaction to fail to resolve (True).
+ Mark group with corresponding `group_id` installed and mark the packages in the group for installation. Return the number of packages that the operation has marked for installation. `pkg_types` is a sequence of strings determining the kinds of packages to be installed, where the respective groups can be selected by including ``"mandatory"``, ``"default"`` or ``"optional"`` in it. If `exclude` is given, it has to be an iterable of package name glob patterns: :meth:`.group_install` will then not mark the respective packages for installation whenever possible. Parameter `strict` is a boolean indicating whether group packages that exist but are non-installable due to e.g. dependency issues should be skipped (False) or cause transaction to fail to resolve (True). Raises :exc:`dnf.exceptions.CompsError` in case the group doesn't exist.
.. method:: group_remove(group_id)
@@ -191,7 +191,7 @@
.. method:: environment_install(env_id, types, exclude=None, strict=True, exclude_groups=None)
- Similar to :meth:`.group_install` but operates on environmental groups. `exclude_groups` is an iterable of group IDs that will not be marked as installed.
+ Similar to :meth:`.group_install` but operates on environmental groups. `exclude_groups` is an iterable of group IDs that will not be marked as installed. Raises :exc:`dnf.exceptions.CompsError` in case the group doesn't exist.
.. method:: environment_remove(env_id)
--
2.35.1

View File

@ -1,30 +0,0 @@
From 683b92811abcb6cbbc00353010ec18e2cf655912 Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Mon, 6 Sep 2021 12:40:59 +0200
Subject: [PATCH] [doc] Improve description of multilib_policy=all
(RhBug:1996681,1995630)
https://bugzilla.redhat.com/show_bug.cgi?id=1996681
https://bugzilla.redhat.com/show_bug.cgi?id=1995630
---
doc/conf_ref.rst | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index 016bd00c..83b14ecd 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -351,7 +351,9 @@ configuration file by your distribution to override the DNF defaults.
``multilib_policy``
:ref:`string <string-label>`
- Controls how multilib packages are treated during install operations. Can either be ``"best"`` (the default) for the depsolver to prefer packages which best match the system's architecture, or ``"all"`` to install all available packages with compatible architectures.
+ Controls how multilib packages are treated during install operations. Can either be ``"best"`` (the default) for
+ the depsolver to prefer packages which best match the system's architecture, or ``"all"`` to install packages for
+ all available architectures.
.. _obsoletes_conf_option-label:
--
2.35.1

View File

@ -1,34 +0,0 @@
From db52d259645daf8ca0ae06e829787d36171f2d5b Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Wed, 20 Oct 2021 09:20:03 +0200
Subject: [PATCH] Fix: Python dnf API does not respect cacheonly
(RhBug:1862970)
`Repo` object has always been constructed with default synchronization
strategy. The configuration option `cacheonly` was ignored. DNF
application set synchronization strategy later in the `Cli` object
during processing demands.
The fix takes into account the `cacheonly` option during the construction
of the `Repo` object. Synchronization strategy may still be overriden
during demand processing.
---
dnf/repo.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/repo.py b/dnf/repo.py
index bb422309..1822cf01 100644
--- a/dnf/repo.py
+++ b/dnf/repo.py
@@ -434,7 +434,7 @@ class Repo(dnf.conf.RepoConf):
self._pkgdir = None
self._key_import = _NullKeyImport()
self.metadata = None # :api
- self._repo.setSyncStrategy(self.DEFAULT_SYNC)
+ self._repo.setSyncStrategy(SYNC_ONLY_CACHE if parent_conf and parent_conf.cacheonly else self.DEFAULT_SYNC)
if parent_conf:
self._repo.setSubstitutions(parent_conf.substitutions)
self._substitutions = dnf.conf.substitutions.Substitutions()
--
2.35.1

View File

@ -1,26 +0,0 @@
From f8025df597685a0bd0c347b1a60c280f03bdca6f Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Fri, 5 Nov 2021 08:52:56 +0100
Subject: [PATCH] Documentation: API notes for cacheonly
---
doc/conf_ref.rst | 3 +++
1 file changed, 3 insertions(+)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index 83b14ecd..75bcdf75 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -129,6 +129,9 @@ configuration file by your distribution to override the DNF defaults.
If set to ``True`` DNF will run entirely from system cache, will not update
the cache and will use it even in case it is expired. Default is ``False``.
+ API Notes: Must be set before repository objects are created. Plugins must set
+ this in the pre_config hook. Later changes are ignored.
+
.. _check_config_file_age-label:
``check_config_file_age``
--
2.35.1

View File

@ -1,39 +0,0 @@
From 6af9938c87cf409f886f21b59ec45c54eda6c8b2 Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Tue, 2 Nov 2021 14:23:22 +0100
Subject: [PATCH] Allow destdir option with modulesync command
---
dnf/cli/cli.py | 2 +-
doc/command_ref.rst | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnf/cli/cli.py b/dnf/cli/cli.py
index 65769978..a315201c 100644
--- a/dnf/cli/cli.py
+++ b/dnf/cli/cli.py
@@ -810,7 +810,7 @@ class Cli(object):
if opts.destdir is not None:
self.base.conf.destdir = opts.destdir
if not self.base.conf.downloadonly and opts.command not in (
- 'download', 'system-upgrade', 'reposync'):
+ 'download', 'system-upgrade', 'reposync', 'modulesync'):
logger.critical(_('--destdir or --downloaddir must be used with --downloadonly '
'or download or system-upgrade command.')
)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index f96c0eac..42aec72c 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -182,7 +182,7 @@ Options
``--downloaddir=<path>, --destdir=<path>``
Redirect downloaded packages to provided directory. The option has to be used together with the \-\
:ref:`-downloadonly <downloadonly-label>` command line option, with the
- ``download`` command (dnf-plugins-core) or with the ``system-upgrade`` command
+ ``download``, ``modulesync`` or ``reposync`` commands (dnf-plugins-core) or with the ``system-upgrade`` command
(dnf-plugins-extras).
.. _downloadonly-label:
--
2.35.1

File diff suppressed because it is too large Load Diff

View File

@ -1,57 +0,0 @@
From 27f26c607c44b8331b23c861241a8509c2452531 Mon Sep 17 00:00:00 2001
From: sbluhm <stefan.bluhm@clacee.eu>
Date: Sun, 9 Jan 2022 14:30:19 +0100
Subject: [PATCH] Add documentation for query api flags
= changelog =
msg: Add documentation for query api flags
type: enhancement
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2035577
---
AUTHORS | 1 +
doc/api_sack.rst | 14 +++++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/AUTHORS b/AUTHORS
index f8c9eb83..0077c7ea 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -91,6 +91,7 @@ DNF CONTRIBUTORS
Petr Spacek <pspacek@redhat.com>
Rob Cutmore <robcutmore@gmail.com>
Satoshi Matsumoto <kaorimatz@gmail.com>
+ Stefan Bluhm <stefan.bluhm@clacee.eu>
Tomas Kasparek <tkasparek@redhat.com>
Vladan Kudlac <vladankudlac@gmail.com>
Will Woods <wwoods@redhat.com>
diff --git a/doc/api_sack.rst b/doc/api_sack.rst
index 79719878..ac843fc9 100644
--- a/doc/api_sack.rst
+++ b/doc/api_sack.rst
@@ -25,10 +25,22 @@
The package sack. Contains metadata information about all known packages, installed and available.
- .. method:: query()
+ .. method:: query(flags=hawkey.APPLY_EXCLUDES)
Return a :class:`Query<dnf.query.Query>` for querying packages contained in this sack.
+ :ref:`Package filtering <excluded_packages-label>` is applied when creating the query object. The behavior can be adapted using flags. Possible flags:
+
+
+ ============================== ===========================================================================
+ Flag Value meaning
+ ============================== ===========================================================================
+ hawkey.APPLY_EXCLUDES Apply all package filtering.
+ hawkey.IGNORE_EXCLUDES Ignore all package filtering.
+ hawkey.IGNORE_REGULAR_EXCLUDES Ignore regular excludes defined by configuration files or the command line.
+ hawkey.IGNORE_MODULAR_EXCLUDES Ignore modular filtering.
+ ============================== ===========================================================================
+
.. function:: rpmdb_sack(base)
Returns a new instance of sack containing only installed packages (@System repo). Useful to get list of the installed RPMs after transaction.
--
2.35.1

View File

@ -1,37 +0,0 @@
From 9bd0423e1e543ed5f83924ec61aa253eced24cf8 Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Mon, 14 Mar 2022 09:49:52 +0100
Subject: [PATCH] Fix processing of download errors (RhBug: 2024527)
Users with different than english locale are not able to update their
systems in case that some of updates are already downloaded in the dnf
cache (e.g. using dnf-automatic).
The error string is taken from librepo target where it is stored
untranslated. Therefore we need to compare untranslated versions of the
string.
= changelog =
msg: Fix download errors handling in non-english locales
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2024527
---
dnf/repo.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/repo.py b/dnf/repo.py
index 1822cf01..ec1a2537 100644
--- a/dnf/repo.py
+++ b/dnf/repo.py
@@ -108,7 +108,7 @@ def _download_payloads(payloads, drpm, fail_fast=True):
callbacks = tgt.getCallbacks()
payload = callbacks.package_pload
pkg = payload.pkg
- if err == _('Already downloaded'):
+ if err == 'Already downloaded':
errs._skipped.add(pkg)
continue
pkg.repo._repo.expire()
--
2.35.1

View File

@ -1,81 +0,0 @@
From 0da73ea1304005b796842d96679d6ea31cdeea3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Tue, 1 Mar 2022 12:42:23 +0100
Subject: [PATCH] Fix unittests that relied on checksum being at the end of
solvfiles
---
tests/test_fill_sack_from_repos_in_cache.py | 26 +++++++++++----------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/tests/test_fill_sack_from_repos_in_cache.py b/tests/test_fill_sack_from_repos_in_cache.py
index a8de287c..30d02cfe 100644
--- a/tests/test_fill_sack_from_repos_in_cache.py
+++ b/tests/test_fill_sack_from_repos_in_cache.py
@@ -39,7 +39,7 @@ TEST_REPO_NAME = "test-repo"
class FillSackFromReposInCacheTest(unittest.TestCase):
- def _create_cache_for_repo(self, repopath, tmpdir):
+ def _create_cache_for_repo(self, repopath, tmpdir, repo_name=TEST_REPO_NAME):
conf = dnf.conf.MainConf()
conf.cachedir = os.path.join(tmpdir, "cache")
conf.installroot = tmpdir
@@ -49,7 +49,7 @@ class FillSackFromReposInCacheTest(unittest.TestCase):
base = dnf.Base(conf=conf)
- repoconf = dnf.repo.Repo(TEST_REPO_NAME, base.conf)
+ repoconf = dnf.repo.Repo(repo_name, base.conf)
repoconf.baseurl = repopath
repoconf.enable()
@@ -194,6 +194,8 @@ class FillSackFromReposInCacheTest(unittest.TestCase):
def test_exception_with_checksum_mismatch_and_only_repomd(self):
self._setUp_from_repo_path(os.path.join(os.path.abspath(os.path.dirname(__file__)), "repos/rpm"))
+ self._create_cache_for_repo(os.path.join(os.path.abspath(os.path.dirname(__file__)), "repos/drpm"),
+ self.tmpdir, "drpm-repo")
# Remove xml metadata except repomd
# repomd.xml is not compressed and doesn't end with .gz
@@ -201,12 +203,11 @@ class FillSackFromReposInCacheTest(unittest.TestCase):
for f in repodata_without_repomd:
os.remove(f)
- # Modify checksum of solv file so it doesn't match with repomd
- solv = glob.glob(os.path.join(self.tmpdir, "cache/*.solv"))[0]
- with open(solv, "a") as opensolv:
- opensolv.write("appended text to change checksum")
+ # Replace solvfile of test-repo with solvfile from drpm-repo which has different data (different checksum)
+ shutil.move(os.path.join(self.tmpdir, "cache/drpm-repo.solv"),
+ os.path.join(self.tmpdir, "cache/test-repo.solv"))
- # Now we only have cache with solvx, modified solv file and just repomd
+ # Now we only have cache with solvx, mismatching solv file and just repomd
# Since we don't have original xml metadata we cannot regenerate solv -> fail (exception)
self.assertRaises(dnf.exceptions.RepoError,
@@ -214,13 +215,14 @@ class FillSackFromReposInCacheTest(unittest.TestCase):
def test_checksum_mistmatch_regenerates_solv(self):
self._setUp_from_repo_path(os.path.join(os.path.abspath(os.path.dirname(__file__)), "repos/rpm"))
+ self._create_cache_for_repo(os.path.join(os.path.abspath(os.path.dirname(__file__)), "repos/drpm"),
+ self.tmpdir, "drpm-repo")
- # Modify checksum of solv file so it doesn't match with repomd
- solv = glob.glob(os.path.join(self.tmpdir, "cache/*.solv"))[0]
- with open(solv, "a") as opensolv:
- opensolv.write("appended text to change checksum")
+ # Replace solvfile of test-repo with solvfile from drpm-repo which has different data (different checksum)
+ shutil.move(os.path.join(self.tmpdir, "cache/drpm-repo.solv"),
+ os.path.join(self.tmpdir, "cache/test-repo.solv"))
- # Now we only have cache with solvx, modified solv file and xml metadata.
+ # Now we only have cache with solvx, mismatching solv file and xml metadata.
# Checksum mistmatch causes regeneration of solv file and repo works.
self.test_base.fill_sack_from_repos_in_cache(load_system_repo=False)
--
2.35.1

View File

@ -1,64 +0,0 @@
From fe87499e6745795b1dc6225fa102a1242eb9ffc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Hr=C3=A1zk=C3=BD?= <lhrazky@redhat.com>
Date: Thu, 17 Feb 2022 18:46:22 +0100
Subject: [PATCH] cli/commands/history: Fix history undo on a Reason Change
The previous reason needs to be fetched from the history db. It's
inefficient to parse the nevra after it was serialized in a previous
step, but that would need bigger code restructuring.
= changelog =
msg: Fix history undo on a Reason Change
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2053014
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2010259
---
dnf.spec | 2 +-
dnf/cli/commands/history.py | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/dnf.spec b/dnf.spec
index 02c8b577..36c3932e 100644
--- a/dnf.spec
+++ b/dnf.spec
@@ -2,7 +2,7 @@
%define __cmake_in_source_build 1
# default dependencies
-%global hawkey_version 0.61.1
+%global hawkey_version 0.66.0
%global libcomps_version 0.1.8
%global libmodulemd_version 2.9.3
%global rpm_version 4.14.0
diff --git a/dnf/cli/commands/history.py b/dnf/cli/commands/history.py
index 293d93fc..21d04a1a 100644
--- a/dnf/cli/commands/history.py
+++ b/dnf/cli/commands/history.py
@@ -223,6 +223,7 @@ class HistoryCommand(commands.Command):
"Reinstall": "Reinstalled",
"Obsoleted": "Install",
"Obsolete": "Obsoleted",
+ "Reason Change": "Reason Change",
}
data = serialize_transaction(trans)
@@ -235,6 +236,16 @@ class HistoryCommand(commands.Command):
if ti["action"] == "Install" and ti.get("reason", None) == "clean":
ti["reason"] = "dependency"
+ if ti["action"] == "Reason Change" and "nevra" in ti:
+ subj = hawkey.Subject(ti["nevra"])
+ nevra = subj.get_nevra_possibilities(forms=[hawkey.FORM_NEVRA])[0]
+ reason = self.output.history.swdb.resolveRPMTransactionItemReason(
+ nevra.name,
+ nevra.arch,
+ trans.tids()[0] - 1
+ )
+ ti["reason"] = libdnf.transaction.TransactionItemReasonToString(reason)
+
if ti.get("repo_id") == hawkey.SYSTEM_REPO_NAME:
# erase repo_id, because it's not possible to perform forward actions from the @System repo
ti["repo_id"] = None
--
2.35.1

View File

@ -1,30 +0,0 @@
From 55f6691d5663c59b675064b04e19288365e92d24 Mon Sep 17 00:00:00 2001
From: Nicola Sella <nsella@redhat.com>
Date: Tue, 15 Mar 2022 16:26:10 +0100
Subject: [PATCH] Fix remove when no repos are enabled (RhBz:2064341)
msg: When no repositories are enabled, dnf group exits and does not
remove an installed group.
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2064341
type: bugfix
---
dnf/cli/commands/group.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/dnf/cli/commands/group.py b/dnf/cli/commands/group.py
index fd723c48..c5c23230 100644
--- a/dnf/cli/commands/group.py
+++ b/dnf/cli/commands/group.py
@@ -358,7 +358,8 @@ class GroupCommand(commands.Command):
else:
demands.available_repos = True
- commands._checkEnabledRepo(self.base)
+ if cmd not in ('remove'):
+ commands._checkEnabledRepo(self.base)
if cmd in ('install', 'upgrade'):
commands._checkGPGKey(self.base, self.cli)
--
2.35.1

View File

@ -1,30 +0,0 @@
From 8f05ee29b7398fa6d18c7113a533f1d8726239df Mon Sep 17 00:00:00 2001
From: Jaroslav Rohel <jrohel@redhat.com>
Date: Tue, 12 Apr 2022 12:25:05 +0200
Subject: [PATCH] [doc] Improve "proxy" configuration option documentation
(RhBug:2072332)
---
doc/conf_ref.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index 75bcdf75..885a4560 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -833,10 +833,10 @@ configuration.
``proxy``
:ref:`string <string-label>`
- URL of a proxy server to connect through. Set to an empty string to disable the proxy setting inherited from the main section and use direct connection instead. The expected format of this option is ``<scheme>://<ip-or-hostname>[:port]``.
+ URL of a proxy server to connect through. Set to an empty string in the repository configuration to disable proxy setting inherited from the main section. The expected format of this option is ``<scheme>://<ip-or-hostname>[:port]``.
(For backward compatibility, '_none_' can be used instead of the empty string.)
- Note: The curl environment variables (such as ``http_proxy``) are effective if this option is unset. See the ``curl`` man page for details.
+ Note: The curl environment variables (such as ``http_proxy``) are effective if this option is unset (or '_none_' is set in the repository configuration). See the ``curl`` man page for details.
``proxy_username``
:ref:`string <string-label>`
--
2.35.1

View File

@ -1,318 +0,0 @@
From 88a6289a4f72b11253c01a5a5d834b74d5abb6c3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 24 Apr 2022 09:08:28 +0200
Subject: [PATCH] Base.reset: plug (temporary) leak of libsolv's page file
descriptors
Consider the following call paths (mixed Python and C), extending from
livecd-creator down to libsolv:
main [livecd-tools/tools/livecd-creator]
install() [livecd-tools/imgcreate/creator.py]
fill_sack() [dnf/dnf/base.py]
_add_repo_to_sack() [dnf/dnf/base.py]
load_repo() [libdnf/python/hawkey/sack-py.cpp]
dnf_sack_load_repo() [libdnf/libdnf/dnf-sack.cpp]
write_main() [libdnf/libdnf/dnf-sack.cpp]
repo_add_solv() [libsolv/src/repo_solv.c]
repopagestore_read_or_setup_pages() [libsolv/src/repopage.c]
dup()
write_ext() [libdnf/libdnf/dnf-sack.cpp]
repo_add_solv() [libsolv/src/repo_solv.c]
repopagestore_read_or_setup_pages() [libsolv/src/repopage.c]
dup()
The dup() calls create the following file descriptors (output from
"lsof"):
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> python3 6500 root 7r REG 8,1 25320727 395438 /var/tmp/imgcreate-mytcghah/install_root/var/cache/dnf/fedora.solv (deleted)
> python3 6500 root 8r REG 8,1 52531426 395450 /var/tmp/imgcreate-mytcghah/install_root/var/cache/dnf/fedora-filenames.solvx
These file descriptors are *owned* by the DnfSack object (which is derived
from GObject), as follows:
sack->priv->pool->repos[1]->repodata[1]->store.pagefd = 7
sack->priv->pool->repos[1]->repodata[2]->store.pagefd = 8
^ ^ ^ ^ ^ ^ ^
| | | | | | |
| | | | | | int
| | | | | Repopagestore [libsolv/src/repopage.h]
| | | | Repodata [libsolv/src/repodata.h]
| | | struct s_Repo [libsolv/src/repo.h]
| | struct s_Pool (aka Pool) [libsolv/src/pool.h]
| DnfSackPrivate [libdnf/libdnf/dnf-sack.cpp]
DnfSack [libdnf/libdnf/dnf-sack.h]
The file descriptors are *supposed* to be closed on the following call
path:
main [livecd-tools/tools/livecd-creator]
install() [livecd-tools/imgcreate/creator.py]
close() [livecd-tools/imgcreate/dnfinst.py]
close() [dnf/dnf/base.py]
reset() [dnf/dnf/base.py]
_sack = None
_goal = None
_transaction = None
...
dnf_sack_finalize() [libdnf/libdnf/dnf-sack.cpp]
pool_free() [libsolv/src/pool.c]
pool_freeallrepos() [libsolv/src/pool.c]
repo_freedata() [libsolv/src/repo.c]
repodata_freedata() [libsolv/src/repodata.c]
repopagestore_free() [libsolv/src/repopage.c]
close()
Namely, when dnf.Base.reset() [dnf/dnf/base.py] is called with (sack=True,
goal=True), the reference counts of the objects pointed to by the "_sack",
"_goal" and "_transaction" fields are supposed to reach zero, and then, as
part of the DnfSack object's finalization, the libsolv file descriptors
are supposed to be closed.
Now, while this *may* happen immediately in dnf.Base.reset(), it may as
well not. The reason is that there is a multitude of *circular references*
between DnfSack and the packages that it contains. When dnf.Base.reset()
is entered, we have the following picture:
_sack _goal
| |
v v
+----------------+ +-------------+
| DnfSack object | <--- | Goal object |
+----------------+ +-------------+
|^ |^ |^
|| || ||
|| || ||
+--||----||----||---+
| v| v| v| | <-- _transaction
| Pkg1 Pkg2 PkgN |
| |
| Transaction oject |
+-------------------+
That is, the reference count of the DnfSack object is (1 + 1 + N), where N
is the number of packages in the transaction. Details:
(a) The first reference comes from the "_sack" field, established like
this:
main [livecd-tools/tools/livecd-creator]
install() [livecd-tools/imgcreate/creator.py]
fill_sack() [dnf/dnf/base.py]
_build_sack() [dnf/dnf/sack.py]
Sack()
sack_init() [libdnf/python/hawkey/sack-py.cpp]
dnf_sack_new() [libdnf/libdnf/dnf-sack.cpp]
(b) The second reference on the DnfSack object comes from "_goal":
main [livecd-tools/tools/livecd-creator]
install() [livecd-tools/imgcreate/creator.py]
fill_sack() [dnf/dnf/base.py]
_goal = Goal(_sack)
goal_init() [libdnf/python/hawkey/goal-py.cpp]
Py_INCREF(_sack)
(c) Then there is one reference to "_sack" *per package* in the
transaction:
main [livecd-tools/tools/livecd-creator]
install() [livecd-tools/imgcreate/creator.py]
runInstall() [livecd-tools/imgcreate/dnfinst.py]
resolve() [dnf/dnf/base.py]
_goal2transaction() [dnf/dnf/base.py]
list_installs() [libdnf/python/hawkey/goal-py.cpp]
list_generic() [libdnf/python/hawkey/goal-py.cpp]
packagelist_to_pylist() [libdnf/python/hawkey/iutil-py.cpp]
new_package() [libdnf/python/hawkey/sack-py.cpp]
Py_BuildValue()
ts.add_install()
list_installs() creates a list of packages that need to be installed
by DNF. Inside the loop in packagelist_to_pylist(), which constructs
the elements of that list, Py_BuildValue() is called with the "O"
format specifier, and that increases the reference count on "_sack".
Subsequently, in the _goal2transaction() method, we iterate over the
package list created by list_installs(), and add each package to the
transaction (ts.add_install()). After _goal2transaction() returns,
this transaction is assigned to "self._transaction" in resolve(). This
is where the last N (back-)references on the DnfSack object come from.
(d) Now, to quote the defintion of the DnfSack object
("libdnf/docs/hawkey/tutorial-py.rst"):
> *Sack* is an abstraction for a collection of packages.
That's why the DnfSack object references all the Pkg1 through PkgN
packages.
So, when the dnf.Base.reset() method completes, the picture changes like
this:
_sack _goal
| |
-- [CUT] -- -- [CUT] --
| |
v | v
+----------------+ [C] +-------------+
| DnfSack object | <-[U]- | Goal object |
+----------------+ [T] +-------------+
|^ |^ |^ |
|| || ||
|| || || |
+--||----||----||---+ [C]
| v| v| v| | <--[U]-- _transaction
| Pkg1 Pkg2 PkgN | [T]
| | |
| Transaction oject |
+-------------------+
and we are left with N reference cycles (one between each package and the
same DnfSack object).
This set of cycles can only be cleaned up by Python's generational garbage
collector <https://stackify.com/python-garbage-collection/>. The GC will
collect the DnfSack object, and consequently close the libsolv page file
descriptors via dnf_sack_finalize() -- but garbage collection will happen
*only eventually*, unpredictably.
This means that the dnf.Base.reset() method breaks its interface contract:
> Make the Base object forget about various things.
because the libsolv file descriptors can (and frequently do, in practice)
survive dnf.Base.reset().
In general, as long as the garbage collector only tracks process-private
memory blocks, there's nothing wrong; however, file descriptors are
visible to the kernel. When dnf.Base.reset() *temporarily* leaks file
descriptors as explained above, then immediately subsequent operations
that depend on those file descriptors having been closed, can fail.
An example is livecd-creator's unmounting of:
/var/tmp/imgcreate-mytcghah/install_root/var/cache/dnf
which the kernel refuses, due to libsolv's still open file descriptors
pointing into that filesystem:
> umount: /var/tmp/imgcreate-mytcghah/install_root/var/cache/dnf: target
> is busy.
> Unable to unmount /var/tmp/imgcreate-mytcghah/install_root/var/cache/dnf
> normally, using lazy unmount
(Unfortunately, the whole lazy umount idea is misguided in livecd-tools;
it's a misfeature that should be removed, as it permits the corruption of
the loop-backed filesystem. Now that the real bug is being fixed in DNF,
lazy umount is not needed as a (broken) workaround in livecd-tools. But
that's a separate patch for livecd-tools:
<https://github.com/livecd-tools/livecd-tools/pull/227>.)
Plug the fd leak by forcing a garbage collection in dnf.Base.reset()
whenever we cut the "_sack", "_goal" and "_transaction" links -- that is,
when the "sack" and "goal" parameters are True.
Note that precisely due to the unpredictable behavior of the garbage
collector, reproducing the bug may prove elusive. In order to reproduce it
deterministically, through usage with livecd-creator, disabling automatic
garbage collection with the following patch (for livecd-tools) is
sufficient:
> diff --git a/tools/livecd-creator b/tools/livecd-creator
> index 291de10cbbf9..8d2c740c238b 100755
> --- a/tools/livecd-creator
> +++ b/tools/livecd-creator
> @@ -31,6 +31,8 @@ from dnf.exceptions import Error as DnfBaseError
> import imgcreate
> from imgcreate.errors import KickstartError
>
> +import gc
> +
> class Usage(Exception):
> def __init__(self, msg = None, no_error = False):
> Exception.__init__(self, msg, no_error)
> @@ -261,5 +263,6 @@ def do_nss_libs_hack():
> return hack
>
> if __name__ == "__main__":
> + gc.disable()
> hack = do_nss_libs_hack()
> sys.exit(main())
Also note that you need to use livecd-tools at git commit 4afde9352e82 or
later, for this fix to make any difference: said commit fixes a different
(independent) bug in livecd-tools that produces identical symptoms, but
from a different origin. In other words, if you don't have commit
4afde9352e82 in your livecd-tools install, then said bug in livecd-tools
will mask this DNF fix.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 5ce5ed1ea08ad6e198c1c1642c4d9ea2db6eab86)
---
dnf/base.py | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/dnf/base.py b/dnf/base.py
index babca31d..852fcdd8 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -72,6 +72,7 @@ import dnf.transaction
import dnf.util
import dnf.yum.rpmtrans
import functools
+import gc
import hawkey
import itertools
import logging
@@ -568,6 +569,46 @@ class Base(object):
self._comps_trans = dnf.comps.TransactionBunch()
self._transaction = None
self._update_security_filters = []
+ if sack and goal:
+ # We've just done this, above:
+ #
+ # _sack _goal
+ # | |
+ # -- [CUT] -- -- [CUT] --
+ # | |
+ # v | v
+ # +----------------+ [C] +-------------+
+ # | DnfSack object | <-[U]- | Goal object |
+ # +----------------+ [T] +-------------+
+ # |^ |^ |^ |
+ # || || ||
+ # || || || |
+ # +--||----||----||---+ [C]
+ # | v| v| v| | <--[U]-- _transaction
+ # | Pkg1 Pkg2 PkgN | [T]
+ # | | |
+ # | Transaction oject |
+ # +-------------------+
+ #
+ # At this point, the DnfSack object would be released only
+ # eventually, by Python's generational garbage collector, due to the
+ # cyclic references DnfSack<->Pkg1 ... DnfSack<->PkgN.
+ #
+ # The delayed release is a problem: the DnfSack object may
+ # (indirectly) own "page file" file descriptors in libsolv, via
+ # libdnf. For example,
+ #
+ # sack->priv->pool->repos[1]->repodata[1]->store.pagefd = 7
+ # sack->priv->pool->repos[1]->repodata[2]->store.pagefd = 8
+ #
+ # These file descriptors are closed when the DnfSack object is
+ # eventually released, that is, when dnf_sack_finalize() (in libdnf)
+ # calls pool_free() (in libsolv).
+ #
+ # We need that to happen right now, as callers may want to unmount
+ # the filesystems which those file descriptors refer to immediately
+ # after reset() returns. Therefore, force a garbage collection here.
+ gc.collect()
def _closeRpmDB(self):
"""Closes down the instances of rpmdb that could be open."""
--
2.35.1

View File

@ -1,31 +0,0 @@
From 00f3016ec0d79186f08c2f0ebf450bdc3dab1311 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Thu, 23 Jun 2022 09:33:45 +0200
Subject: [PATCH] doc: Describe how gpg keys are stored for `repo_ggpcheck`
(RhBug:2020678)
https://bugzilla.redhat.com/show_bug.cgi?id=2020678
---
doc/conf_ref.rst | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/doc/conf_ref.rst b/doc/conf_ref.rst
index 885a4560..decb49ff 100644
--- a/doc/conf_ref.rst
+++ b/doc/conf_ref.rst
@@ -906,6 +906,12 @@ configuration.
:ref:`boolean <boolean-label>`
Whether to perform GPG signature check on this repository's metadata. The default is False.
+ Note that GPG keys for this check are stored separately from GPG keys used in package signature
+ verification. Furthermore, they are also stored separately for each repository.
+
+ This means that dnf may ask to import the same key multiple times. For example, when a key was
+ already imported for package signature verification and this option is turned on, it may be needed
+ to import it again for the repository.
``retries``
:ref:`integer <integer-label>`
--
2.36.1

View File

@ -1,64 +0,0 @@
From 25bc75cbe63289864c09ab25144ee4af232bd8f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 4 Jul 2022 09:43:25 +0200
Subject: [PATCH] Add only relevant pkgs to upgrade transaction (RhBug:2097757)
https://bugzilla.redhat.com/show_bug.cgi?id=2097757
Without this patch dnf can create the following transaction during dnf upgrade --security when there is an advisory for B-2-2:
```
repo @System 0 testtags <inline>
#>=Pkg: A 1 1 x86_64
#>=Pkg: B 1 1 x86_64
#>=Req: A = 1-1
repo available 0 testtags <inline>
#>=Pkg: A 2 2 x86_64
#>=Pkg: B 2 2 x86_64
#>=Req: A = 2-2
system x86_64 rpm @System
job update oneof A-1-1.x86_64@@System B-2-2.x86_64@available [targeted,setevr,setarch]
result transaction,problems
```
Problem is that without forcebest nothing gets upgraded despite the available advisory and --security switch.
This can also be seen in CI test case: rpm-software-management/ci-dnf-stack#1130
---
dnf/base.py | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/dnf/base.py b/dnf/base.py
index 852fcdd8..82466831 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -2135,7 +2135,24 @@ class Base(object):
query.filterm(reponame=reponame)
query = self._merge_update_filters(query, pkg_spec=pkg_spec, upgrade=True)
if query:
- query = query.union(installed_query.latest())
+ # Given that we use libsolv's targeted transactions, we need to ensure that the transaction contains both
+ # the new targeted version and also the current installed version (for the upgraded package). This is
+ # because if it only contained the new version, libsolv would decide to reinstall the package even if it
+ # had just a different buildtime or vendor but the same version
+ # (https://github.com/openSUSE/libsolv/issues/287)
+ # - In general, the query already contains both the new and installed versions but not always.
+ # If repository-packages command is used, the installed packages are filtered out because they are from
+ # the @system repo. We need to add them back in.
+ # - However we need to add installed versions of just the packages that are being upgraded. We don't want
+ # to add all installed packages because it could increase the number of solutions for the transaction
+ # (especially without --best) and since libsolv prefers the smallest possible upgrade it could result
+ # in no upgrade even if there is one available. This is a problem in general but its critical with
+ # --security transactions (https://bugzilla.redhat.com/show_bug.cgi?id=2097757)
+ # - We want to add only the latest versions of installed packages, this is specifically for installonly
+ # packages. Otherwise if for example kernel-1 and kernel-3 were installed and present in the
+ # transaction libsolv could decide to install kernel-2 because it is an upgrade for kernel-1 even
+ # though we don't want it because there already is a newer version present.
+ query = query.union(installed_query.latest().filter(name=[pkg.name for pkg in query]))
sltr = dnf.selector.Selector(self.sack)
sltr.set(pkg=query)
self._goal.upgrade(select=sltr)
--
2.36.1

View File

@ -1,37 +0,0 @@
From fea1f456d3d5f3015ebcff4008959916bdaaf6d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 4 Jul 2022 09:46:29 +0200
Subject: [PATCH] Use `installed_all` because `installed_query` is filtered
user input
`installed_query` could be missing packages. If we specify we want to
upgrade a specific nevra that is not yet installed, then `installed_query`
is empty because it is based on user input, but there could be other
versions of the pkg installed.
Eg: if kernel-1 and kernel-3 are installed and we specify we want to
upgrade kernel-2, nothing should be done because we already have higher
version, but now `installed_query` would be empty and kernel-2 would be
installed.
Therefore, we need to use `installed_all`.
---
dnf/base.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/base.py b/dnf/base.py
index 82466831..e606d9fa 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -2152,7 +2152,7 @@ class Base(object):
# packages. Otherwise if for example kernel-1 and kernel-3 were installed and present in the
# transaction libsolv could decide to install kernel-2 because it is an upgrade for kernel-1 even
# though we don't want it because there already is a newer version present.
- query = query.union(installed_query.latest().filter(name=[pkg.name for pkg in query]))
+ query = query.union(installed_all.latest().filter(name=[pkg.name for pkg in query]))
sltr = dnf.selector.Selector(self.sack)
sltr.set(pkg=query)
self._goal.upgrade(select=sltr)
--
2.36.1

View File

@ -1,47 +0,0 @@
From 66a37245e82c60b972ee35879f9c29c27466a27b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ale=C5=A1=20Mat=C4=9Bj?= <amatej@redhat.com>
Date: Mon, 25 Jul 2022 12:44:17 +0200
Subject: [PATCH] Don't include resolved advisories for obsoletes with sec.
filters (RhBug:2101421)
This makes the obsoletes security filters consistent with upgrade
security filters.
This API is used from check-update and from Info and List commands.
- For check-update we don't want to include resolved advisories to have
identical result to the actual update. That is bz2101421 use case.
- For Info and List commands the --obsoletes switch: "List packages
installed on the system that are obsoleted by packages in any known
repository." Given this specification in makes sense not to
consider resolved advisories when we also use security filters.
There is still a general case when someone uses the API or any potential
future use and I think it is best to have the behavior unified for
"upgrades" and "obsoletes".
= changelog =
msg: Don't include resolved advisories for obsoletes filtering with security filters
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2101421
Tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/1134
---
dnf/base.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dnf/base.py b/dnf/base.py
index e606d9fa..e623d98e 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1565,7 +1565,7 @@ class Base(object):
obsoletes = query_for_repo(
self.sack.query()).filter(obsoletes_by_priority=inst)
# reduce a query to security upgrades if they are specified
- obsoletes = self._merge_update_filters(obsoletes, warning=False)
+ obsoletes = self._merge_update_filters(obsoletes, warning=False, upgrade=True)
obsoletesTuples = []
for new in obsoletes:
obsoleted_reldeps = new.obsoletes
--
2.37.1

View File

@ -1,35 +0,0 @@
From 553a2c585db50599d5028ea6bb6462281bb88d02 Mon Sep 17 00:00:00 2001
From: Jaroslav Mracek <jmracek@redhat.com>
Date: Mon, 11 Jul 2022 12:27:14 +0200
Subject: [PATCH] Set default value for variable to prevent crash
(RhBug:2091636)
It ensure that read of file ended successfully.
https://bugzilla.redhat.com/show_bug.cgi?id=2091636
---
dnf/conf/substitutions.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/dnf/conf/substitutions.py b/dnf/conf/substitutions.py
index 703e4a4f..1281bdf0 100644
--- a/dnf/conf/substitutions.py
+++ b/dnf/conf/substitutions.py
@@ -53,6 +53,7 @@ class Substitutions(dict):
continue
for fsvar in fsvars:
filepath = os.path.join(dir_fsvars, fsvar)
+ val = None
if os.path.isfile(filepath):
try:
with open(filepath) as fp:
@@ -61,4 +62,5 @@ class Substitutions(dict):
val = val[:-1]
except (OSError, IOError):
continue
- self[fsvar] = val
+ if val is not None:
+ self[fsvar] = val
--
2.37.1

View File

@ -1,31 +0,0 @@
From 96a5bd61ab3b35f00f0b52bcd6428c7aea7d1ca5 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Wed, 7 Sep 2022 14:27:07 +0200
Subject: [PATCH] Add doc related to --destdir and --downloadonly options
(RhBug:2100811)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2100811
---
doc/command_ref.rst | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 42aec72c..7a02448c 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -190,6 +190,10 @@ Options
``--downloadonly``
Download the resolved package set without performing any rpm transaction (install/upgrade/erase).
+ Packages are removed after the next successful transaction. This applies also when used together
+ with ``--destdir`` option as the directory is considered as a part of the DNF cache. To persist
+ the packages, use the ``download`` command instead.
+
``-e <error level>, --errorlevel=<error level>``
Error output level. This is an integer value between 0 (no error output) and
10 (shows all error messages), default is 3. Deprecated, use ``-v`` instead.
--
2.37.1

View File

@ -1,79 +0,0 @@
From aa724a639a641943ecf39038fd694abc2037e66d Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Mon, 22 Aug 2022 10:38:30 +0200
Subject: [PATCH] Expose plugin unload method to API (RhBug:2047251)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2047251
---
dnf/base.py | 5 +++++
dnf/plugin.py | 1 +
doc/api_base.rst | 4 ++++
tests/api/test_dnf_base.py | 7 +++++++
4 files changed, 17 insertions(+)
diff --git a/dnf/base.py b/dnf/base.py
index e623d98e..4ddfae15 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -316,6 +316,11 @@ class Base(object):
"""Run plugins configure() method."""
self._plugins._run_config()
+ def unload_plugins(self):
+ # :api
+ """Run plugins unload() method."""
+ self._plugins._unload()
+
def update_cache(self, timer=False):
# :api
diff --git a/dnf/plugin.py b/dnf/plugin.py
index 06066e79..87c1f08f 100644
--- a/dnf/plugin.py
+++ b/dnf/plugin.py
@@ -164,6 +164,7 @@ class Plugins(object):
self._caller('transaction')
def _unload(self):
+ logger.debug(_('Plugins were unloaded'))
del sys.modules[DYNAMIC_PACKAGE]
def unload_removed_plugins(self, transaction):
diff --git a/doc/api_base.rst b/doc/api_base.rst
index 03396b69..35cbeef5 100644
--- a/doc/api_base.rst
+++ b/doc/api_base.rst
@@ -97,6 +97,10 @@
Configure plugins by running their configure() method.
+ .. method:: unload_plugins()
+
+ Unload all plugins.
+
.. method:: fill_sack([load_system_repo=True, load_available_repos=True])
Setup the package sack. If `load_system_repo` is ``True``, load information about packages in the local RPMDB into the sack. Else no package is considered installed during dependency solving. If `load_available_repos` is ``True``, load information about packages from the available repositories into the sack.
diff --git a/tests/api/test_dnf_base.py b/tests/api/test_dnf_base.py
index 33598189..e84e272b 100644
--- a/tests/api/test_dnf_base.py
+++ b/tests/api/test_dnf_base.py
@@ -95,6 +95,13 @@ class DnfBaseApiTest(TestCase):
self.base.configure_plugins()
+ def test_unload_plugins(self):
+ # Base.unload_plugins()
+ self.assertHasAttr(self.base, "unload_plugins")
+
+ self.base.init_plugins()
+ self.base.unload_plugins()
+
def test_update_cache(self):
# Base.update_cache(self, timer=False)
self.assertHasAttr(self.base, "update_cache")
--
2.37.1

View File

@ -1,105 +0,0 @@
From 7ba2cd6a86945e0ec6f9ed866e2ef6b6759ee092 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Thu, 25 Aug 2022 08:06:34 +0200
Subject: [PATCH] Add support for group upgrade rollback (RhBug:2016070)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2016070
---
dnf/db/group.py | 8 +++++++-
dnf/transaction_sr.py | 24 ++++++++++++++++++++++++
2 files changed, 31 insertions(+), 1 deletion(-)
diff --git a/dnf/db/group.py b/dnf/db/group.py
index 4dc8cb06..312e3b98 100644
--- a/dnf/db/group.py
+++ b/dnf/db/group.py
@@ -34,14 +34,16 @@ class PersistorBase(object):
self._installed = {}
self._removed = {}
self._upgraded = {}
+ self._downgraded = {}
def __len__(self):
- return len(self._installed) + len(self._removed) + len(self._upgraded)
+ return len(self._installed) + len(self._removed) + len(self._upgraded) + len(self._downgraded)
def clean(self):
self._installed = {}
self._removed = {}
self._upgraded = {}
+ self._downgraded = {}
def _get_obj_id(self, obj):
raise NotImplementedError
@@ -62,6 +64,10 @@ class PersistorBase(object):
self._upgraded[self._get_obj_id(obj)] = obj
self._add_to_history(obj, libdnf.transaction.TransactionItemAction_UPGRADE)
+ def downgrade(self, obj):
+ self._downgraded[self._get_obj_id(obj)] = obj
+ self._add_to_history(obj, libdnf.transaction.TransactionItemAction_DOWNGRADE)
+
def new(self, obj_id, name, translated_name, pkg_types):
raise NotImplementedError
diff --git a/dnf/transaction_sr.py b/dnf/transaction_sr.py
index dae8d300..5d403a3e 100644
--- a/dnf/transaction_sr.py
+++ b/dnf/transaction_sr.py
@@ -416,6 +416,16 @@ class TransactionReplay(object):
if swdb_group is not None:
self._base.history.group.upgrade(swdb_group)
+ def _swdb_group_downgrade(self, group_id, pkg_types, pkgs):
+ if not self._base.history.group.get(group_id):
+ self._raise_or_warn(self._ignore_installed, _("Group id '%s' is not installed.") % group_id)
+ return
+
+ swdb_group = self._create_swdb_group(group_id, pkg_types, pkgs)
+
+ if swdb_group is not None:
+ self._base.history.group.downgrade(swdb_group)
+
def _swdb_group_remove(self, group_id, pkg_types, pkgs):
if not self._base.history.group.get(group_id):
self._raise_or_warn(self._ignore_installed, _("Group id '%s' is not installed.") % group_id)
@@ -482,6 +492,16 @@ class TransactionReplay(object):
if swdb_env is not None:
self._base.history.env.upgrade(swdb_env)
+ def _swdb_environment_downgrade(self, env_id, pkg_types, groups):
+ if not self._base.history.env.get(env_id):
+ self._raise_or_warn(self._ignore_installed, _("Environment id '%s' is not installed.") % env_id)
+ return
+
+ swdb_env = self._create_swdb_environment(env_id, pkg_types, groups)
+
+ if swdb_env is not None:
+ self._base.history.env.downgrade(swdb_env)
+
def _swdb_environment_remove(self, env_id, pkg_types, groups):
if not self._base.history.env.get(env_id):
self._raise_or_warn(self._ignore_installed, _("Environment id '%s' is not installed.") % env_id)
@@ -535,6 +555,8 @@ class TransactionReplay(object):
self._swdb_group_install(group_id, pkg_types, group_data["packages"])
elif action == "Upgrade":
self._swdb_group_upgrade(group_id, pkg_types, group_data["packages"])
+ elif action == "Downgraded":
+ self._swdb_group_downgrade(group_id, pkg_types, group_data["packages"])
elif action == "Removed":
self._swdb_group_remove(group_id, pkg_types, group_data["packages"])
else:
@@ -564,6 +586,8 @@ class TransactionReplay(object):
self._swdb_environment_install(env_id, pkg_types, env_data["groups"])
elif action == "Upgrade":
self._swdb_environment_upgrade(env_id, pkg_types, env_data["groups"])
+ elif action == "Downgraded":
+ self._swdb_environment_downgrade(env_id, pkg_types, env_data["groups"])
elif action == "Removed":
self._swdb_environment_remove(env_id, pkg_types, env_data["groups"])
else:
--
2.37.1

View File

@ -1,34 +0,0 @@
From 46562dc76e50d86eed99a102af74a1187a4303e4 Mon Sep 17 00:00:00 2001
From: Nicola Sella <nsella@redhat.com>
Date: Thu, 11 Aug 2022 13:56:11 +0200
Subject: [PATCH] Fix upgrade from file to noarch pkg (RhBug:2006018)
= changelog =
msg: Fix upgrade pkg from file when installed pkg is noarch and upgrades
to a different arch
type: bugfix
resolves: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2006018
---
dnf/base.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/dnf/base.py b/dnf/base.py
index 4ddfae15..aba411ea 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -2109,7 +2109,11 @@ class Base(object):
sltr.set(pkg=[pkg])
self._goal.upgrade(select=sltr)
return 1
- q = installed.filter(name=pkg.name, arch=[pkg.arch, "noarch"])
+ # do not filter by arch if the package is noarch
+ if pkg.arch == "noarch":
+ q = installed.filter(name=pkg.name)
+ else:
+ q = installed.filter(name=pkg.name, arch=[pkg.arch, "noarch"])
if not q:
msg = _("Package %s not installed, cannot update it.")
logger.warning(msg, pkg.name)
--
2.37.1

View File

@ -1,62 +0,0 @@
From 7a265cf17fe3531e45dde8ae622c496bef1e17ae Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Wed, 10 Aug 2022 16:24:08 +0200
Subject: [PATCH] Allow passing plugin parameters with dashes in names
(RhBug:1980712)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1980712
---
dnf/plugin.py | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/dnf/plugin.py b/dnf/plugin.py
index 87c1f08f..b083727d 100644
--- a/dnf/plugin.py
+++ b/dnf/plugin.py
@@ -225,17 +225,17 @@ def _get_plugins_files(paths, disable_plugins, enable_plugins):
matched = True
enable_pattern_tested = False
for pattern_skip in disable_plugins:
- if fnmatch.fnmatch(plugin_name, pattern_skip):
+ if _plugin_name_matches_pattern(plugin_name, pattern_skip):
pattern_disable_found.add(pattern_skip)
matched = False
for pattern_enable in enable_plugins:
- if fnmatch.fnmatch(plugin_name, pattern_enable):
+ if _plugin_name_matches_pattern(plugin_name, pattern_enable):
matched = True
pattern_enable_found.add(pattern_enable)
enable_pattern_tested = True
if not enable_pattern_tested:
for pattern_enable in enable_plugins:
- if fnmatch.fnmatch(plugin_name, pattern_enable):
+ if _plugin_name_matches_pattern(plugin_name, pattern_enable):
pattern_enable_found.add(pattern_enable)
if matched:
plugins.append(fn)
@@ -250,6 +250,20 @@ def _get_plugins_files(paths, disable_plugins, enable_plugins):
return plugins
+def _plugin_name_matches_pattern(plugin_name, pattern):
+ """
+ Checks plugin name matches the pattern.
+
+ The alternative plugin name using dashes instead of underscores is tried
+ in case of original name is not matched.
+
+ (see https://bugzilla.redhat.com/show_bug.cgi?id=1980712)
+ """
+
+ try_names = set((plugin_name, plugin_name.replace('_', '-')))
+ return any(fnmatch.fnmatch(name, pattern) for name in try_names)
+
+
def register_command(command_class):
# :api
"""A class decorator for automatic command registration."""
--
2.37.1

View File

@ -1,58 +0,0 @@
From a32b2f7d596247124ad6ff5ab71bc83bf78f0518 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Tue, 13 Sep 2022 13:55:35 +0200
Subject: [PATCH] Add support for rollback of group upgrade rollback
(RhBug:2016070)
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2016070
---
dnf/transaction_sr.py | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/dnf/transaction_sr.py b/dnf/transaction_sr.py
index 5d403a3e..b389f152 100644
--- a/dnf/transaction_sr.py
+++ b/dnf/transaction_sr.py
@@ -553,12 +553,14 @@ class TransactionReplay(object):
if action == "Install":
self._swdb_group_install(group_id, pkg_types, group_data["packages"])
- elif action == "Upgrade":
- self._swdb_group_upgrade(group_id, pkg_types, group_data["packages"])
- elif action == "Downgraded":
- self._swdb_group_downgrade(group_id, pkg_types, group_data["packages"])
elif action == "Removed":
self._swdb_group_remove(group_id, pkg_types, group_data["packages"])
+ # Groups are not versioned, but a reverse transaction could be applied,
+ # therefore we treat both actions the same way
+ elif action == "Upgrade" or action == "Upgraded":
+ self._swdb_group_upgrade(group_id, pkg_types, group_data["packages"])
+ elif action == "Downgrade" or action == "Downgraded":
+ self._swdb_group_downgrade(group_id, pkg_types, group_data["packages"])
else:
errors.append(TransactionError(
_('Unexpected value of group action "{action}" for group "{group}".')
@@ -584,12 +586,14 @@ class TransactionReplay(object):
if action == "Install":
self._swdb_environment_install(env_id, pkg_types, env_data["groups"])
- elif action == "Upgrade":
- self._swdb_environment_upgrade(env_id, pkg_types, env_data["groups"])
- elif action == "Downgraded":
- self._swdb_environment_downgrade(env_id, pkg_types, env_data["groups"])
elif action == "Removed":
self._swdb_environment_remove(env_id, pkg_types, env_data["groups"])
+ # Environments are not versioned, but a reverse transaction could be applied,
+ # therefore we treat both actions the same way
+ elif action == "Upgrade" or action == "Upgraded":
+ self._swdb_environment_upgrade(env_id, pkg_types, env_data["groups"])
+ elif action == "Downgrade" or action == "Downgraded":
+ self._swdb_environment_downgrade(env_id, pkg_types, env_data["groups"])
else:
errors.append(TransactionError(
_('Unexpected value of environment action "{action}" for environment "{env}".')
--
2.37.3

View File

@ -1,114 +0,0 @@
From f1fbef17862e033bf9518bd318339b405f2664dd Mon Sep 17 00:00:00 2001
From: Nicola Sella <nsella@redhat.com>
Date: Mon, 22 Mar 2021 17:37:51 +0100
Subject: [PATCH 1/2] Better explain traceback of rpm.error with dnf
=changelog=
msg: Add dnf.error message to explain rpm.error traceback when package not found after resolving a transaction
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1815327
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1887293
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1909845
---
dnf/db/group.py | 78 ++++++++++++++++++++++++++-----------------------
1 file changed, 41 insertions(+), 37 deletions(-)
diff --git a/dnf/db/group.py b/dnf/db/group.py
index 312e3b98..3a17019a 100644
--- a/dnf/db/group.py
+++ b/dnf/db/group.py
@@ -26,6 +26,7 @@ import dnf.exceptions
from dnf.i18n import _
from dnf.util import logger
+import rpm
class PersistorBase(object):
def __init__(self, history):
@@ -316,43 +317,46 @@ class RPMTransaction(object):
modular_problems = 0
for tsi in self:
- if tsi.action == libdnf.transaction.TransactionItemAction_DOWNGRADE:
- hdr = tsi.pkg._header
- modular_problems += self._test_fail_safe(hdr, tsi.pkg)
- ts.addInstall(hdr, tsi, 'u')
- elif tsi.action == libdnf.transaction.TransactionItemAction_DOWNGRADED:
- ts.addErase(tsi.pkg.idx)
- elif tsi.action == libdnf.transaction.TransactionItemAction_INSTALL:
- hdr = tsi.pkg._header
- modular_problems += self._test_fail_safe(hdr, tsi.pkg)
- ts.addInstall(hdr, tsi, 'i')
- elif tsi.action == libdnf.transaction.TransactionItemAction_OBSOLETE:
- hdr = tsi.pkg._header
- modular_problems += self._test_fail_safe(hdr, tsi.pkg)
- ts.addInstall(hdr, tsi, 'u')
- elif tsi.action == libdnf.transaction.TransactionItemAction_OBSOLETED:
- ts.addErase(tsi.pkg.idx)
- elif tsi.action == libdnf.transaction.TransactionItemAction_REINSTALL:
- # note: in rpm 4.12 there should not be set
- # rpm.RPMPROB_FILTER_REPLACEPKG to work
- hdr = tsi.pkg._header
- modular_problems += self._test_fail_safe(hdr, tsi.pkg)
- ts.addReinstall(hdr, tsi)
- elif tsi.action == libdnf.transaction.TransactionItemAction_REINSTALLED:
- # Required when multiple packages with the same NEVRA marked as installed
- ts.addErase(tsi.pkg.idx)
- elif tsi.action == libdnf.transaction.TransactionItemAction_REMOVE:
- ts.addErase(tsi.pkg.idx)
- elif tsi.action == libdnf.transaction.TransactionItemAction_UPGRADE:
- hdr = tsi.pkg._header
- modular_problems += self._test_fail_safe(hdr, tsi.pkg)
- ts.addInstall(hdr, tsi, 'u')
- elif tsi.action == libdnf.transaction.TransactionItemAction_UPGRADED:
- ts.addErase(tsi.pkg.idx)
- elif tsi.action == libdnf.transaction.TransactionItemAction_REASON_CHANGE:
- pass
- else:
- raise RuntimeError("TransactionItemAction not handled: %s" % tsi.action)
+ try:
+ if tsi.action == libdnf.transaction.TransactionItemAction_DOWNGRADE:
+ hdr = tsi.pkg._header
+ modular_problems += self._test_fail_safe(hdr, tsi.pkg)
+ ts.addInstall(hdr, tsi, 'u')
+ elif tsi.action == libdnf.transaction.TransactionItemAction_DOWNGRADED:
+ ts.addErase(tsi.pkg.idx)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_INSTALL:
+ hdr = tsi.pkg._header
+ modular_problems += self._test_fail_safe(hdr, tsi.pkg)
+ ts.addInstall(hdr, tsi, 'i')
+ elif tsi.action == libdnf.transaction.TransactionItemAction_OBSOLETE:
+ hdr = tsi.pkg._header
+ modular_problems += self._test_fail_safe(hdr, tsi.pkg)
+ ts.addInstall(hdr, tsi, 'u')
+ elif tsi.action == libdnf.transaction.TransactionItemAction_OBSOLETED:
+ ts.addErase(tsi.pkg.idx)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_REINSTALL:
+ # note: in rpm 4.12 there should not be set
+ # rpm.RPMPROB_FILTER_REPLACEPKG to work
+ hdr = tsi.pkg._header
+ modular_problems += self._test_fail_safe(hdr, tsi.pkg)
+ ts.addReinstall(hdr, tsi)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_REINSTALLED:
+ # Required when multiple packages with the same NEVRA marked as installed
+ ts.addErase(tsi.pkg.idx)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_REMOVE:
+ ts.addErase(tsi.pkg.idx)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_UPGRADE:
+ hdr = tsi.pkg._header
+ modular_problems += self._test_fail_safe(hdr, tsi.pkg)
+ ts.addInstall(hdr, tsi, 'u')
+ elif tsi.action == libdnf.transaction.TransactionItemAction_UPGRADED:
+ ts.addErase(tsi.pkg.idx)
+ elif tsi.action == libdnf.transaction.TransactionItemAction_REASON_CHANGE:
+ pass
+ else:
+ raise RuntimeError("TransactionItemAction not handled: %s" % tsi.action)
+ except rpm.error as e:
+ raise dnf.exceptions.Error(_("An rpm exception occurred: %s" % e))
if modular_problems:
raise dnf.exceptions.Error(_("No available modular metadata for modular package"))
--
2.39.0

File diff suppressed because it is too large Load Diff

View File

@ -1,45 +0,0 @@
From 33c354ed52be8f8fa2d43aff8ba1fe1540e1744c Mon Sep 17 00:00:00 2001
From: Kyle Walker <kwalker@redhat.com>
Date: Tue, 20 Dec 2022 08:42:03 -0500
Subject: [PATCH] Omit src RPMs from check-update (RhBug: 2151910)
The current check-update operation relies on src RPMs not being included
in the available repos. When those repos are enabled, *.src RPMs can be
emitted as updates that are available. Those RPMs are not updated in the
traditional fashion and can cause confusion to end users.
This change unconditionally filters out src packages in the
_list_patterns() callpath.
= changelog =
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2151910
---
dnf/base.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dnf/base.py b/dnf/base.py
index aba411e..8c19276 100644
--- a/dnf/base.py
+++ b/dnf/base.py
@@ -1519,6 +1519,8 @@ class Base(object):
updates = query_for_repo(q).filterm(upgrades_by_priority=True)
# reduce a query to security upgrades if they are specified
updates = self._merge_update_filters(updates, upgrade=True)
+ # reduce a query to remove src RPMs
+ updates.filterm(arch__neq=['src', 'nosrc'])
# reduce a query to latest packages
updates = updates.latest().run()
@@ -1571,6 +1573,8 @@ class Base(object):
self.sack.query()).filter(obsoletes_by_priority=inst)
# reduce a query to security upgrades if they are specified
obsoletes = self._merge_update_filters(obsoletes, warning=False, upgrade=True)
+ # reduce a query to remove src RPMs
+ obsoletes.filterm(arch__neq=['src', 'nosrc'])
obsoletesTuples = []
for new in obsoletes:
obsoleted_reldeps = new.obsoletes
--
libgit2 1.3.2

View File

@ -1,56 +0,0 @@
From 2658062d4c176201d0decf03929a89b44761c072 Mon Sep 17 00:00:00 2001
From: Marek Blaha <mblaha@redhat.com>
Date: Mon, 3 Apr 2023 12:19:40 +0200
Subject: [PATCH] Backport: automatic: Fix online detection with proxy (RhBz:2022440)
In case the proxy is configured (either for a repo of globally) it is
used also for detecting whether the system is online.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2022440
---
dnf/automatic/main.py | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/dnf/automatic/main.py b/dnf/automatic/main.py
index b53d9c0..93ce13c 100644
--- a/dnf/automatic/main.py
+++ b/dnf/automatic/main.py
@@ -251,21 +251,29 @@ def wait_for_network(repos, timeout):
'http': 80,
'https': 443,
'ftp': 21,
+ 'socks': 1080,
+ 'socks5': 1080,
}
def remote_address(url_list):
for url in url_list:
parsed_url = dnf.pycomp.urlparse.urlparse(url)
- if parsed_url.hostname and parsed_url.scheme in remote_schemes:
- yield (parsed_url.hostname,
- parsed_url.port or remote_schemes[parsed_url.scheme])
+ if (not parsed_url.hostname) \
+ or (not parsed_url.port and parsed_url.scheme not in remote_schemes):
+ # skip urls without hostname or without recognized port
+ continue
+ yield (parsed_url.hostname,
+ parsed_url.port or remote_schemes[parsed_url.scheme])
# collect possible remote repositories urls
addresses = set()
for repo in repos.iter_enabled():
- addresses.update(remote_address(repo.baseurl))
- addresses.update(remote_address([repo.mirrorlist]))
- addresses.update(remote_address([repo.metalink]))
+ if repo.proxy:
+ addresses.update(remote_address([repo.proxy]))
+ else:
+ addresses.update(remote_address(repo.baseurl))
+ addresses.update(remote_address([repo.mirrorlist]))
+ addresses.update(remote_address([repo.metalink]))
if not addresses:
# there is no remote repository enabled so network connection should not be needed
--
libgit2 1.3.2

View File

@ -1,39 +0,0 @@
From 46aeabda1980621ca0f87528e0a81b4f59d886f0 Mon Sep 17 00:00:00 2001
From: Jan Kolarik <jkolarik@redhat.com>
Date: Thu, 20 Apr 2023 10:10:14 +0000
Subject: [PATCH] automatic: Return an error when transaction fails
(RhBug:2170093)
In case of no global error occurred within the transaction, we still need to check state of individual transaction items for any failure.
This is matching the logic in `BaseCli.do_transaction` method, where the error is emitted after printing the transaction summary.
= changelog =
msg: automatic: Return an error when transaction fails
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2170093
---
dnf/automatic/main.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/dnf/automatic/main.py b/dnf/automatic/main.py
index 93ce13cc..ccd9ab64 100644
--- a/dnf/automatic/main.py
+++ b/dnf/automatic/main.py
@@ -346,6 +346,13 @@ def main(args):
gpgsigcheck(base, trans.install_set)
base.do_transaction()
+
+ # In case of no global error occurred within the transaction,
+ # we need to check state of individual transaction items.
+ for tsi in trans:
+ if tsi.state == libdnf.transaction.TransactionItemState_ERROR:
+ raise dnf.exceptions.Error(_('Transaction failed'))
+
emitters.notify_applied()
emitters.commit()
except dnf.exceptions.Error as exc:
--
2.40.1

View File

@ -1,63 +0,0 @@
From a74209ff53c9a51293b45434196dff49002c5691 Mon Sep 17 00:00:00 2001
From: Evan Goode <mail@evangoo.de>
Date: Tue, 30 May 2023 20:48:54 +0000
Subject: [PATCH] Document symbols in `dnf history list` output
This patch adds documentation for the symbols shown in the "Action(s)"
and "Altered" columns of `dnf history list`
The "Action(s)" column abbreviates the names of transaction actions when
there was more than one action, e.g. a transaction that both installs
and upgrades packages would be displayed as "I, U".
The "Altered" column prints some extra symbols when something unusual
happened with the transaction, like if any warnings were printed or if
it completed with a non-zero status.
Some language was taken from the yum man pages:
https://github.com/rpm-software-management/yum/blob/master/docs/yum.8.
It appears we no longer use the "P" or "s" symbols.
Resolves https://bugzilla.redhat.com/show_bug.cgi?id=2172067
(RhBug:2172067)
= changelog =
msg: Document the symbols in the output of `dnf history list`
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2172067
---
doc/command_ref.rst | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/doc/command_ref.rst b/doc/command_ref.rst
index 7279b3a4..f8149e86 100644
--- a/doc/command_ref.rst
+++ b/doc/command_ref.rst
@@ -701,6 +701,24 @@ transactions and act according to this information (assuming the
which specifies a transaction by a package which it manipulated. When no
transaction is specified, list all known transactions.
+ The "Action(s)" column lists each type of action taken in the transaction. The possible values are:
+
+ * Install (I): a new package was installed on the system
+ * Downgrade (D): an older version of a package replaced the previously-installed version
+ * Obsolete (O): an obsolete package was replaced by a new package
+ * Upgrade (U): a newer version of the package replaced the previously-installed version
+ * Remove (E): a package was removed from the system
+ * Reinstall (R): a package was reinstalled with the same version
+ * Reason change (C): a package was kept in the system but its reason for being installed changed
+
+ The "Altered" column lists the number of actions taken in each transaction, possibly followed by one or two the following symbols:
+
+ * ``>``: The RPM database was changed, outside DNF, after the transaction
+ * ``<``: The RPM database was changed, outside DNF, before the transaction
+ * ``*``: The transaction aborted before completion
+ * ``#``: The transaction completed, but with a non-zero status
+ * ``E``: The transaction completed successfully, but had warning/error output
+
``--reverse``
The order of ``history list`` output is printed in reverse order.
--
2.40.1

View File

@ -1,85 +0,0 @@
From 29f4df4bf7bf7cb9099dbc7c834441ce4e75b623 Mon Sep 17 00:00:00 2001
From: Miro Hrončok <miro@hroncok.cz>
Date: Wed, 23 Feb 2022 13:25:12 +0100
Subject: [PATCH] RHEL-1245: Remove /usr/bin from sys.path to avoid accidentally importing garbage
See https://bugzilla.redhat.com/show_bug.cgi?id=2057340
and https://github.com/benjaminp/six/issues/359
dnf should never import Python modules from /usr/bin but users can
have files in there that look like Python modules and Python will
try to import them and fail.
Consider a tool that is *not* written in Python and is called "copy.pyc".
Naturally, it resides in /usr/bin/copy.pyc and dnf fails:
Traceback (most recent call last):
File "/usr/bin/dnf", line 57, in <module>
from dnf.cli import main
File "/usr/lib/python3.10/site-packages/dnf/__init__.py", line 30, in <module>
import dnf.base
File "/usr/lib/python3.10/site-packages/dnf/base.py", line 31, in <module>
from copy import deepcopy
ImportError: bad magic number in 'copy': b'...'
Similarly, a tool actually written in Python, called "copy.py"
might as well own /usr/bin/copy.py and dnf fails as well:
Traceback (most recent call last):
File "/usr/bin/dnf", line 57, in <module>
from dnf.cli import main
File "/usr/lib/python3.10/site-packages/dnf/__init__.py", line 30, in <module>
import dnf.base
File "/usr/lib/python3.10/site-packages/dnf/base.py", line 31, in <module>
from copy import deepcopy
ImportError: cannot import name 'deepcopy' from 'copy' (/usr/bin/copy.py)
Either problem can happen for a variety of names.
We better not let that happen.
A more general solution that would prevent Python doing this entirely
does not exists yet, see https://discuss.python.org/t/4235
Hence, proposing this to dnf, which is a critical piece of the system.
---
bin/dnf-automatic.in | 6 +++++-
bin/dnf.in | 6 +++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/bin/dnf-automatic.in b/bin/dnf-automatic.in
index 5b06aa2..17e35a0 100755
--- a/bin/dnf-automatic.in
+++ b/bin/dnf-automatic.in
@@ -23,7 +23,11 @@ import os
import sys
here = sys.path[0]
-if here != '/usr/bin':
+if here == '/usr/bin':
+ # we never import Python modules from /usr/bin
+ # removing this lowers the risk of accidental imports of weird files
+ del sys.path[0]
+else:
# git checkout
dnf_toplevel = os.path.dirname(here)
sys.path[0] = dnf_toplevel
diff --git a/bin/dnf.in b/bin/dnf.in
index 645d0f0..55ceb3f 100755
--- a/bin/dnf.in
+++ b/bin/dnf.in
@@ -48,7 +48,11 @@ if __name__ != "__main__":
sys.exit(1)
here = sys.path[0]
-if here != '/usr/bin':
+if here == '/usr/bin':
+ # we never import Python modules from /usr/bin
+ # removing this lowers the risk of accidental imports of weird files
+ del sys.path[0]
+else:
# git checkout
import os
dnf_toplevel = os.path.dirname(here)
--
libgit2 1.6.4

File diff suppressed because it is too large Load Diff

View File

@ -1,53 +0,0 @@
From 8bc3b7a217de41c0a9bc52cd9cac50cde9e9ee65 Mon Sep 17 00:00:00 2001
From: Anish Bhatt <anish.bhatt@salesforce.com>
Date: Mon, 10 Jul 2023 10:09:17 -0700
Subject: [PATCH] When parsing over a KVP list, do not return till the whole
list is parsed
---
dnf/repodict.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dnf/repodict.py b/dnf/repodict.py
index ffa0f8ed..82c05ac0 100644
--- a/dnf/repodict.py
+++ b/dnf/repodict.py
@@ -79,8 +79,8 @@ class RepoDict(dict):
if isinstance(value, str):
substituted.append(
libdnf.conf.ConfigParser.substitute(value, conf.substitutions))
- if substituted:
- return substituted
+ if substituted:
+ return substituted
return values
repo = dnf.repo.Repo(repoid, conf)
--
2.41.0
From 89c6f3633f55acd31d44a487ce76dd89c12d795c Mon Sep 17 00:00:00 2001
From: Anish Bhatt <anish.bhatt@salesforce.com>
Date: Mon, 10 Jul 2023 10:10:30 -0700
Subject: [PATCH] Add to authors
---
AUTHORS | 1 +
1 file changed, 1 insertion(+)
diff --git a/AUTHORS b/AUTHORS
index 0077c7ea..eb1e0121 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -63,6 +63,7 @@ DNF CONTRIBUTORS
Adam Williamson <awilliam@redhat.com>
Albert Uchytil <auchytil@redhat.com>
Alberto Ruiz <aruiz@redhat.com>
+ Anish Bhatt <anish.bhatt@salesforce.com>
Baurzhan Muftakhidinov <baurthefirst@gmail.com>
Christopher Meng <cickumqt@gmail.com>
Daniel Mach <dmach@redhat.com>
--
2.41.0

File diff suppressed because it is too large Load Diff