We would like to switch to exclusively using Packit for building and
testing pull requests, so we are retiring this GitHub Actions workflow.
In order to fully disable the action, this commit must be applied on
each branch in the upstream repository. Otherwise, the action might be
triggered by a pull request to some stale branch.
dnf-bootc's only job is to Require python3-gobject-base and ostree-libs,
which are needed to check the unlock status on bootc systems. We don't
want to add these dependencies on `python3-dnf` because we don't want
them on non-bootc systems, so we use a subpackage.
To keep /usr read-only after DNF is finished with a transient
transaction, we call `ostree admin unlock --transient` to mount the /usr
overlay as read-only by default. Then, we create a private mount
namespace for DNF and its child processes and remount the /usr overlayfs
as read/write in the private mountns.
os.unshare is unfortunately only available in Python >= 3.12, so we have
to call libc.unshare via Python ctypes here and hardcode the CLONE_NEWNS
flag that we need to pass.
Documents the new `--transient` command-line argument and `persistence`
configuration option. I tried to use a table for listing the valid
options for `persistence`, but RST does not automatically wrap table
cells containing long lines, so a list was much easier.
Adds support for the --transient option on all transactions. Passing
--transient on a bootc system will call `bootc usr-overlay` to create a
transient writeable /usr and continue the transaction.
Specifying --transient on a non-bootc system will throw an error; we
don't want to mislead users to thinking this feature works on non-bootc
systems.
If --transient is not specified and the bootc system is in a locked
state, the operation will be aborted and a message will be printed
suggesting to try again with --transient.
If a configuration file is explicitly specified on the command line,
ensure that it exists and is readable. If the file is not found, notify
the user immediately and terminate the process.
This resolves issues where users may run dnf-automatic with unrecognized
positional arguments, such as `dnf-automatic install`.
The most natural approach to handle a non-existing config file would be
by catching the exception thrown by the `read()` method of the
`libdnf.conf.ConfigParser` class. Unfortunately, the Python bindings
override the `read()` method at the SWIG level, causing it to suppress any
potentially raised IOError.
For details see this section of the commit
8f1fedf855
def ConfigParser__newRead(self, filenames):
parsedFNames = []
try:
if isinstance(filenames, str) or isinstance(filenames, unicode):
filenames = [filenames]
except NameError:
pass
for fname in filenames:
try:
self.readFileName(fname)
parsedFNames.append(fname)
except IOError:
pass
except Exception as e:
raise RuntimeError("Parsing file '%s' failed: %s" % (fname, str(e)))
return parsedFNames
ConfigParser.read = ConfigParser__newRead
Resolves: https://issues.redhat.com/browse/RHEL-46030
"dnf install --downloadonly" failed on read-only bootc system despite
not running the transaction. The downloaded packages are stored under
writable /var or to a directory explicitly choosen by a user.
This patch suppresses the bootc read-only bailout if --downloadonly
option is used.
https://issues.redhat.com/browse/RHEL-61745
Fedora CI rpmdeplint test failed for dnf-automic in Fedora 42 because
dnf5-plugin-automatic package obsoletes dnf-automatic package there:
Upgrade problems:
dnf-automatic-4.21.1-1.fc42.noarch would be obsoleted by dnf5-plugin-automatic-5.2.5.0-2.fc41.x86_64 from repo fedora-42-x86_64
This patch fixes it by not building dnf-automatic package if a macro
for obsoleting dnf by dnf5 is set. (Similar to a previous
f519e602a7 commit.)
DNF currently prints RPM errors that occur during scriptlet execution or
during package installation/removal.
This patch adds error handling for issues that arise during RPM package
unpacking as well.
= changelog =
msg: Print rpm package unpack errors to the user
type: enhancement
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2312906
Fedora CI installability and rpmdeplint tests failed on Fedoras where
dnf5 obsoletes dnf and yum packages because the tests attempt to
install just built dnf and yum packages, but DNF5 refuses installing
them because they are obsoleted by an already installed dnf5:
--------------------------------------------------------
| |
| Running install test for dnf-0:4.21.0-3.fc41.noarch |
| |
--------------------------------------------------------
Updating and loading repositories:
Repo for 121841198 Brew build 100% | 4.7 MiB/s | 4.8 KiB | 00m00s
Repositories loaded.
Failed to resolve the transaction:
Problem: problem with installed package
- installed package dnf5-5.2.5.0-2.fc41.x86_64 obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- package dnf5-5.2.5.0-2.fc41.x86_64 from fedora obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- package dnf5-5.2.5.0-2.fc41.x86_64 from updates obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- package dnf5-5.2.5.0-2.fc41.x86_64 from rawhide obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- package dnf5-5.2.5.0-2.fc41.x86_64 from fedora-41-buildroot obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- package dnf5-5.2.5.0-2.fc41.x86_64 from testing-farm-tag-repository obsoletes dnf < 5 provided by dnf-4.21.0-3.fc41.noarch from brew-121841198
- conflicting requests
(The same happesn for yum package.)
Solution this patch implements is not building the two obsolete
packages. At the end, they cannot be installed.
Some people use --installroot on a read-only bootc system to install
a system into a chroot subtree. However, current bootc check did not
take into account --installroot and rejected the operation.
This patch augments the check for the installroot being different
from /.
It's pointless to check for installroot writability here because
installroot is written before this check when updating the
repositories and computing a transaction. Moving this check sooner
would not help because some directories (/opt, /) are kept read-only
even on writable bootc.
Resolves: #2108
This patch fixes two mistakes:
(1) In minimal yum_compat_levels (default one) rpmbuild complained:
RPM build warnings:
File not found: /home/test/rpmbuild/BUILDROOT/dnf-4.21.0-4.fc40.x86_64/etc/yum/pluginconf.d
File not found: /home/test/rpmbuild/BUILDROOT/dnf-4.21.0-4.fc40.x86_64/etc/yum/protected.d
File not found: /home/test/rpmbuild/BUILDROOT/dnf-4.21.0-4.fc40.x86_64/etc/yum/vars
(2) In full yum_compat_levels /etc/yum directory was not owned by yum package
CMake build script stopped creating yum4 executable when
Python 2 support was removed with commit
92f03d1e13 ([spec] Remove python 2).
Therefore the preview level cannot be enabled anymore and this patch
removes it to simplify the spec file.
Tests failed on RHEL 10 where SHA-1 is disabled in a DEFAULT crypto
policy and where librepo is configured to use rpm-sequoia which
respects the crypto policy (in contrast to gpgme):
1: ======================================================================
1: FAIL: test_rawkey2infos (tests.test_crypto.CryptoTest.test_rawkey2infos)
1: ----------------------------------------------------------------------
1: Traceback (most recent call last):
1: File "/home/test/rhel/dnf/dnf-4.20.0/tests/test_crypto.py", line 75, in test_rawkey2infos
1: self.assertEqual(info.userid, 'Dandy Fied <dnf@example.com>')
1: AssertionError: '' != 'Dandy Fied <dnf@example.com>'
1: + Dandy Fied <dnf@example.com>
The root cause was that tests/keys/key.pub used the SHA-1 digest
algorithm.
This patch replaces that key with a 4096-bit RSA key signed using
SHA-384 digest algorithm.
Resolves: https://issues.redhat.com/browse/RHEL-50218
This changes the is_container() func for _is_bootc_host()
and updates the logic and message. This should detect on
all ostree and bootc hosts to date that are not using
bootc usroverlay or ostree admin unlock for development
purposes.
resolves: #RHEL-49670, RHEL-49671
Currently when `dnf download --downloaddir <dir> <package>` sources`<package>` from `<dir>` it triggers a `shutil.SameFileError` exception and aborts the entire download process.
This goes against the current flow which marks locally present RPMs that match a remote RPM as `[SKIPPED] <package>.rpm: Already downloaded`.
This change allows downloads of locally sourced packages to the same file, treating it as a no-op.
This patch includes some minor consistency fixes I noticed when reading
the man page:
- A few commands had extra blank lines before starting their description
which was causing extra whitespace to be added to the description.
- Some information relevant to commands was nested under example
commands because of leading whitespace (mostly the information about
`-nevra` commands).
- Some example commands followed their description, while most other
examples have the command first and then the description. This changes
all examples to the latter for consistency.
- Renamed the `Examples` header to `Repoquery Examples` similar to other
example headers
- Fixed typo in repoquery examples (ligttpd -> lighttpd)
- Added parameter names to `swap` description
Also this updates the man page file name in the README (dnf.8 -> dnf4.8)
Command `dnf install-n <provide>` does not install only according
to package mame but still search in provides. The patch limits
searrch only to NEVRA forms for install, remove, autoremove,
and repoquery commands.
Resolves partially: https://issues.redhat.com/browse/RHEL-5747
There was a bug in dnf and dnf-automatic that caused traceback
when running the Python interpreter with the `-P` argument.
Since the bug has been fixed, the `-P` argument can be used.
There was code in dnf and dnf-automatic to support running them from
the git tree. This was a developer-oriented hack that should not exist
in production code. It assumed that when running an installed dnf,
the `sys.path[0]` contains `/usr/bin`. If not, it overwrites
the contents of `sys.path[0]`.
This is a problem when running the Python interpreter with the `-P`
parameter (meaning: Don't automatically prepend a potentially unsafe
path to sys.path such as the current directory, the script's directory
or an empty string.)
The fix removes this developer-oriented hack. Developers should instead
set PYTHONPATH in the environment.
On ostree-based systems, users can use dnf to customize the
environment but those changes will be lost at the next ostree-based
image update. If you want to retain changes between ostree-updates
you need to make use of rpm-ostree right now.
Signed-off-by: David Cantrell <dcantrell@redhat.com>
When `-f` option is used, the argument is stored in the `opts.file` instead of the `opts.key`. We need to load filelists also in this case.
= changelog =
msg: repoquery: Fix loading filelists when -f is used
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2276012
Evan Goode