If no old installonly packages are present, then the command succesfully
removed all of them and should exit with 0 and write the message to
stdout instead of stderr.
If no duplicates are present, then the command succesfully removed all
duplicates and should exit with 0 and write the message to stdout
instead of stderr.
Resolves: https://issues.redhat.com/browse/RHEL-6424
Adds `-s` to shebang lines.
The `-s` flag ensures that the user’s Python packages (e.g. installed by
pip install --user) don’t interfere with the RPM installed software.
According to Fedora Python Packaging Guidelines, the flag is added using
`%py3_shebang_fix` macro.
Note:
DNF supports plugins. There is a risk that the change will break
a custom plugins that require something from PIP.
Therefore, the change is only in the .spec file and is only allowed
for Fedora >= 41 and RHEL >= 10.
Leaf packages term is not define in documentation and it even
represent different set of packages that are showed by leaves command.
Related: https://issues.redhat.com/browse/RHELDOCS-17711
RTD no longer automatically generates config files.
The `.readthedocs.yaml` is now required: https://blog.readthedocs.com/migrate-configuration-v2/
The `conf.py` for Sphinx is also required: https://blog.readthedocs.com/doctool-without-configuration-file/
- The previously automatically generated `conf.py` contained
`sphinx_rtd_theme` -> in order to keep it we have to set it and add it
as a requirement.
- The version field in `conf.py.in` remains uncofigured but I don't
think it is a problem because it doesn't shows up in the html docs.
For packages originating outside the System repository, we don't populate the `pkg.files` when running without filelists metadata. Use RPM database as a source instead.
Resolves https://issues.redhat.com/browse/RHEL-21874
It seems that these two approaches for selecting security updates
sometimes disagree. The regular `dnf update` command uses
base.add_security_filters to select security updates, so dnf-automatic
should do the same.
It is a reflection of https://fedoraproject.org/wiki/Changes/Drop_Delta_RPMs
Not installing DeltaRPMs by default on new systems make sence because
using RPM deltas is by default swithed off.
The change will slightly make systems smaller.
DNF workflow - check configuration option `deltarpm` then check whether binary
deltarpm is available, then request repository for deltas.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2252128
For: https://bugzilla.redhat.com/show_bug.cgi?id=2261066
Fixes:
1: ERROR: test_do_transaction (tests.api.test_dnf_base.DnfBaseApiTest.test_do_transaction)
1: ----------------------------------------------------------------------
1: Traceback (most recent call last):
1: File "/builddir/build/BUILD/dnf-4.19.0-0.20240130004727.4.18.2+6.g0e400470/tests/api/test_dnf_base.py", line 174, in test_do_transaction
1: self.base.do_transaction(display=None)
1: File "/builddir/build/BUILD/dnf-4.19.0-0.20240130004727.4.18.2+6.g0e400470/dnf/base.py", line 953, in do_transaction
1: self._moduleContainer.save()
1: File "/usr/lib64/python3.12/site-packages/libdnf/module.py", line 1241, in save
1: return _module.ModulePackageContainer_save(self)
1: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
1: libdnf._error.Error: Failed to create directory "/etc/dnf/modules.d": 13 - Permission denied# Please enter the commit message for your changes. Lines starting
It is also failing in our nightlies.
If a user had installed multiple keys for the same e-mail address in
an RPM database, and no records for the address existed in DNS, DNF
validated the first key correctly, but reported that the other key is
revoked:
# rpm -q gpg-pubkey --qf '%{packager} %{nevra}\n' |grep nokey
nokey1 <nokey@fedoraproject.org> gpg-pubkey-7460757e-6553a6ab
nokey2 <nokey@fedoraproject.org> gpg-pubkey-c8d04ba8-6553a6b1
# dnf-3 upgrade
DNSSEC extension: Testing already imported keys for their validity.
DNSSEC extension: GPG Key nokey@fedoraproject.org has been revoked and should be removed immediately
The cause was a wrong test for a cached negative reponse. This patch
fixes it.
https://bugzilla.redhat.com/show_bug.cgi?id=2249380
If an PGP key is stored in an RPM database without a "packager" RPM
header, or without an e-mail address there, DNS verification crashed
on converting the undefined address into a DNS domain. That was the
case of Fedora 13 key:
# dnf-3 upgrade
Traceback (most recent call last):
File "/usr/bin/dnf-3", line 62, in <module>
main.user_main(sys.argv[1:], exit_code=True)
File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 201, in user_main
errcode = main(args)
^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 67, in main
return _main(base, args, cli_class, option_parser_class)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 106, in _main
return cli_run(cli, base)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/dnf/cli/main.py", line 122, in cli_run
cli.run()
File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 1040, in run
self._process_demands()
File "/usr/lib/python3.12/site-packages/dnf/cli/cli.py", line 741, in _process_demands
self.base.fill_sack(
File "/usr/lib/python3.12/site-packages/dnf/base.py", line 403, in fill_sack
dnf.dnssec.RpmImportedKeys.check_imported_keys_validity()
File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 286, in check_imported_keys_validity
keys = RpmImportedKeys._query_db_for_gpg_keys()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/site-packages/dnf/dnssec.py", line 276, in _query_db_for_gpg_keys
email = re.search('<(.*@.*)>', packager).group(1)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.12/re/__init__.py", line 177, in search
return _compile(pattern, flags).search(string)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: expected string or bytes-like object, got 'NoneType'
This patch defends the crash at two places: In
_query_db_for_gpg_keys() because here we know a NEVRA of the key
and can produce a meaningful message. And in _cache_miss() because
we can get there independenly and called email2location() would also
crash.
A PGP armor message can contain any amount of headers. Up to Fedora 38
there was one:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: rpm-4.18.0-beta1
mQINBGIC2cYBEADJye1aE0AR17qwj6wsHWlCQlcihmqkL8s4gbOk1IevBbH4iXJx
[...]
=CHKS
-----END PGP PUBLIC KEY BLOCK-----
Since Fedora 39 there is none:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy
l/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ
[...]
=CHKS
-----END PGP PUBLIC KEY BLOCK-----
RpmImportedKeys._query_db_for_gpg_keys() assumed exactly one header.
As a result if gpgkey_dns_verification configuration option was true,
DNF reported that Fedora 39 keys was revoked because the key
misextratracted from RPM database did not match a key in DNS:
# dnf-3 upgrade
DNSSEC extension: Testing already imported keys for their validity.
DNSSEC extension: GPG Key fedora-39-primary@fedoraproject.org has been revoked and should be removed immediately
This patch implements skipping all armor headers.
https://bugzilla.redhat.com/show_bug.cgi?id=2249380
Given that the `--queryformat` option is commonly used to generate
machine-readable outputs from repoquery, we should ensure that the
output remains stable regardless of the locale used.
This partially reverts commit 1daf3467e6.
= changelog =
msg: Do not translate repoquery time format strings
type: bugfix
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2245773
Pavla Kratochvilova