Fact yum_package_updates/yum_has_updates is using /usr/bin/yum --assumeyes --quiet --cacheonly list updates to list available updates. It does not take into account that packages can be versionlocked. So when a system has versionlocked packages and the system is updated through yum update, the fact yum_has_updates will still return true. I would expect a false because the system is up to date (except the versionlocked packages).
Instead of using list updates, check-update can be considered. See below.
What are you seeing
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64 3.1.20-12.el8 rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
[root@server ~]# /usr/bin/yum versionlock at*
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:56 ago on Mon 19 Dec 2022 03:11:31 PM CET.
Adding versionlock on: at-0:3.1.20-11.el8.*
Adding versionlock on: attr-0:2.4.48-3.el8.*
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64 3.1.20-12.el8 rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
How to reproduce (e.g Puppet code you use)
Fact
yum_package_updates
/yum_has_updates
is using/usr/bin/yum --assumeyes --quiet --cacheonly list updates
to list available updates. It does not take into account that packages can be versionlocked. So when a system has versionlocked packages and the system is updated throughyum update
, the factyum_has_updates
will still returntrue
. I would expect afalse
because the system is up to date (except the versionlocked packages).Instead of using
list updates
,check-update
can be considered. See below.What are you seeing
What behaviour did you expect instead
If a system is up to date - even when there are versionlocked packages - I expect
false
.I can create a PR, but I am not sure which approach is the way to go.
Approach 1: Replace
/usr/bin/yum --assumeyes --quiet --cacheonly list updates
with/usr/bin/yum --quiet --cacheonly check-update
Approach 2: Add a new fact (for example:
yum_has_updates_ex_versionlocked
). This fact uses/usr/bin/yum --quiet --cacheonly check-update
.