search

voxpupuli / puppet-yum

Puppet module for Yum
https://forge.puppet.com/puppet/yum
MIT License
16 stars 99 forks source link

Exclude versionlocked updates in fact yum_package_updates/yum_has_updates #291

Open polatsinan opened 1 year ago

polatsinan commented 1 year ago

How to reproduce (e.g Puppet code you use)

Fact yum_package_updates/yum_has_updates is using /usr/bin/yum --assumeyes --quiet --cacheonly list updates to list available updates. It does not take into account that packages can be versionlocked. So when a system has versionlocked packages and the system is updated through yum update, the fact yum_has_updates will still return true. I would expect a false because the system is up to date (except the versionlocked packages).

Instead of using list updates, check-update can be considered. See below.

What are you seeing

[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64            3.1.20-12.el8            rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
[root@server ~]# /usr/bin/yum versionlock at*
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:56 ago on Mon 19 Dec 2022 03:11:31 PM CET.
Adding versionlock on: at-0:3.1.20-11.el8.*
Adding versionlock on: attr-0:2.4.48-3.el8.*
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64            3.1.20-12.el8            rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly check-update
[root@server ~]#
[root@server ~]# /usr/bin/yum versionlock clear
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:49 ago on Mon 19 Dec 2022 03:11:31 PM CET.
[root@server ~]# 
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly check-update

at.x86_64            3.1.20-12.el8            rhel-8-for-x86_64-baseos-rpms
[root@server ~]#

What behaviour did you expect instead

If a system is up to date - even when there are versionlocked packages - I expect false.

I can create a PR, but I am not sure which approach is the way to go.

Approach 1: Replace /usr/bin/yum --assumeyes --quiet --cacheonly list updates with /usr/bin/yum --quiet --cacheonly check-update

Approach 2: Add a new fact (for example: yum_has_updates_ex_versionlocked). This fact uses /usr/bin/yum --quiet --cacheonly check-update.

vchepkov commented 1 year ago

I stepped on the same issue recently, I would use former, one should expect the fact to be empty if yum update won't update anything