libdnf icon indicating copy to clipboard operation
libdnf copied to clipboard

Published 20 hours ago verified publisher icon rpm-software-management

RFE: support `upgrade-minimal --advisories <errata>` in Python bindings

Open ianballou opened this issue 2 years ago • 3 comments

katello-agent uses libdnf's upgrade method to update packages on a machine. Currently, katello-agent loops through the desired errata to be applied and installs their related packages. However, this does not exactly match the normal way of installing advisories via dnf upgrade-minimal --advisories .... We recently had to fix an issue to work around the fact that upgrade-minimal wasn't being emulated correctly in our code: https://github.com/Katello/katello-host-tools/pull/140

With the yum bindings, we were able to do something like:

if advisories:
                lib.updateinfo_filters = {
                    'bzs': [],
                    'bugfix': None,
                    'sevs': [],
                    'security': None,
                    'advs': advisories,
                    'cves': []
                }
                updateinfo.update_minimal(lib)

From the documentation (https://dnf.readthedocs.io/en/latest/api_base.html#dnf.Base.upgrade) I couldn't see a way to perform this, but let me know if there are any better ways to go about applying advisories via python-libdnf.

ianballou avatar Nov 15 '22 21:11 ianballou

You should be able to do the same with add_security_filters(). You just need to match the configuration of upgade-minimal.

By default upgrade minimal uses all security types. So I think it would look something like this:

base.add_security_filters(cmp_type="eq", types=["bugfix", "enhancement", "newpackage", "security"])

After that you can do upgrade()/upgrade_all().

kontura avatar Nov 16 '22 12:11 kontura

I tried a lib.upgrade([]) after adding some advisories and it upgraded all of my packages. I added the advisory directly for a test:

               lib.add_security_filters(cmp_type="eq",
                        types=["bugfix", "enhancement", "newpackage", "security"],
                        advisory=["RHBA-2022:7067"]

After running the upgrade, the packages installed were updated to their latest version rather than the one in the advisory.

Here are my libdnf versions (on RHEL 8):

python3-libdnf-0.63.0-8.2.el8_6.x86_64 libdnf-0.63.0-8.2.el8_6.x86_64

ianballou avatar Nov 16 '22 21:11 ianballou

One thing that is perhaps not well documented is that there is an or relationship between the arguments of add_security_filters(...). In your example it will update all packages that have an advisory either of the types you specified or have an id RHBA-2022:7067.

If you want to limit the upgrade to just the one advisory try:

lib.add_security_filters(cmp_type="eq", advisory=["RHBA-2022:7067"])

I tried a lib.upgrade([]) after adding some advisories and it upgraded all of my packages.

Also I think the dnf upgrade(pkg_spec, reponame=None) method takes a pkg_spec which is a string not an []. It should throw an exception when called with an array.

If it still doesn't work for you can you provide a minimal reproducer?

kontura avatar Nov 21 '22 08:11 kontura