[BUG] On Archlinux state `pkg.installed` invokes with `-S -y -u` causing Salt to fully upgrade a system to install one package introducing quirks in the live system.

[ipaqmaster]

Description

As per title a simple pkg.installed state call causes salt to do a full pacman -S -y -u which upgrades all packages on a system when that isn't remotely what were requested.

If a kernel upgrade occurs as a result of the above, and the past few years it often does - a live system becomes half broken as it's unable to load any new kernel modules until either:

1. The kernel is downgraded back to what it was prior restoring the correct kernel version's modules directory
2. The old kernel package is manually extracted into the filesystem to restore the live system's modules directory temporarily.
3. The machine is restarted into the new kernel.

This doesn't sound like a huge deal at first but the lack of a /lib/modules/a.b.c-arch1-1 kernel module directory for the currently running kernel breaks many things on the live system where previously-unloaded modules must be probed such as mounting new filesystems, tweaking firewall rules and many more driver situations become inattainable until one of the above steps are taken.

This can be avoided with - refresh: False to all relevant salt pkg.installed states or with a jinja grains.filter_by block to catch a "default": True, "Arch": False filter block against the os grain - though both these workarounds are extremely inconvenient and untidy looking for 329+ pkg.installed matches across our salt states - and would not automatically cover new pkg.installed instances without some kind of messy jinja macro - the kind of thing anybody would accidentally forget to use.

(The pkg.install module does not experience this issue :salt host pkg.install somePkg only invoking -S as expected.)

Setup

Saltmaster and minion both on Archlinux - packaged install. Though issue lies in state behaviour not setup.

Please be as specific as possible and give set-up details.

• [X] on-prem machine
• [X] VM (Virtualbox, KVM, etc. please specify)
• KVM salt-master, physical minion in this case.
• [ ] VM running on a cloud service, please be explicit and add details
• [ ] container (Kubernetes, Docker, containerd, etc. please specify)
• [ ] or a combination, please be explicit
• [ ] jails if it is FreeBSD
• [X] classic packaging
• [ ] onedir packaging
• [ ] used bootstrap to install

Steps to Reproduce the behavior

This should trigger the behaviour:

pkgtest.sls

pacman_pkg.installed_test:
  pkg.installed:
    - name: somePkg

salt archHost state.sls pkgtest cat /var/log/pacman.log # To see the usage of pacman -S -y -u by this state.

Expected behavior

The salt state to do a pacman -S --noprogressbar --noconfrim --needed somePkg alike the behaviour seen in module pkg.install somePkg which does so without -y (Sync) or -u (Upgrade)

Screenshots If applicable, add screenshots to help explain your problem.

NA but have /var/log/pacman.log output for each call:

• salt state pkg.installed with missing package to resolve:

  • [DateHere] [PACMAN] Running '/usr/bin/pacman -S -y -u --noprogressbar --noconfirm --needed somePkg'

• salt above state file with pkg.installed but with Refresh: False in the state:

  • [DateHere] [PACMAN] Running '/usr/bin/pacman -S --noprogressbar --noconfirm --needed somePkg'
  • (I feel this would be a good default pkg.installed state behaviour for rolling distributions. If the state fails due to an out of sync local package database only then trying -Sy or just erroring and perhaps asking the user to consider adding Refresh:True themselves. If not making 'Refresh' a salt-minion configurable default setting.)

• Running module pkg.intsall somePkg

  • [DateHere] [PACMAN] Running '/usr/bin/pacman -S --noprogressbar --noconfirm --needed somePkg'

Versions Report

salt --versions-report

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml Salt Version: Salt: 3006.1 Python Version: Python: 3.11.5 (main, Aug 28 2023, 20:02:58) [GCC 13.2.1 20230801] Dependency Versions: cffi: 1.15.1 cherrypy: Not Installed dateutil: 2.8.2 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.2 libgit2: Not Installed looseversion: 1.2.0 M2Crypto: 0.38.0 Mako: 1.2.4 msgpack: 1.0.5 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 23.1 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.12.0 pygit2: Not Installed python-gnupg: Not Installed PyYAML: 6.0.1 PyZMQ: 25.1.1 relenv: Not Installed smmap: Not Installed timelib: Not Installed Tornado: 4.5.3 ZMQ: 4.3.4 System Versions: dist: arch rolling n/a locale: utf-8 machine: x86_64 release: 6.4.12-arch1-1 system: Linux version: Arch Linux rolling n/a ```

Additional context Add any other context about the problem here.

[teclab-ifcfraiburgo]

Expected behavior

The salt state to do a pacman -S --noprogressbar --noconfrim --needed somePkg alike the behaviour seen in module pkg.install somePkg which does so without -y (Sync) or -u (Upgrade)

+1 This would be a far better default behavior.