Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: rhel-10.2
Affects Version/s: rhel-10.0
Component/s: dnf-plugins-core
Labels:
- dev+
- qe+

Fixed in Build:
dnf-plugins-core-4.7.0-10.el10
Regression:
No
Severity:
Low
Epic Link:
SWM-6185

AssignedTeam:
rhel-swm
Sub-System Group:

ssg_core_services

Dev Target Milestone:
15
Story Points:
0
ACKs Check:

Dev ack
Target Version:

rhel-10.2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
None

Acceptance Criteria:

Hide

dnf-versionlock(8) manual page will document that the plugin only applies to in-repository packages.

Upstream test suite will also supply a test which verifies that DNF4 versionlock plugin does not affect installing local packages.

Show
dnf-versionlock(8) manual page will document that the plugin only applies to in-repository packages. Upstream test suite will also supply a test which verifies that DNF4 versionlock plugin does not affect installing local packages.
Test Plan:
https://gitlab.com/redhat/centos-stream/rpms/dnf-plugins-core/-/blob/c10s/plans/internal/CI-Tier-1.fmf?ref_type=heads
Git Pull Request:
https://github.com/rpm-software-management/dnf-plugins-core/pull/606, https://github.com/rpm-software-management/ci-dnf-stack/pull/1797, https://gitlab.com/redhat/centos-stream/rpms/dnf-plugins-core/-/merge_requests/57
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/157025
Test Coverage:

Automated

Release Note Type:
Known Issue
Release Note Text:

Hide
Cause: Installing a package from a local file whose version is excluded in versionlock DNF plugin configuration.
Consequence: A user expects that versionlock configuration applies to local packages and that a package like that won't get installed.
Workaround: Turn a directory with local packages into a local repository with createrepo_c tool, enable that repository in DNF configuration and install the packages by name.
Result: versionlock DNF plugin only applies to in-repository packages and has no effect on local package files. Users are advised not to install packages by a local file path if they do not want having them installed. This behavior is now documented in dnf-versionlock(8) manual page.

Show
Cause: Installing a package from a local file whose version is excluded in versionlock DNF plugin configuration. Consequence: A user expects that versionlock configuration applies to local packages and that a package like that won't get installed. Workaround: Turn a directory with local packages into a local repository with createrepo_c tool, enable that repository in DNF configuration and install the packages by name. Result: versionlock DNF plugin only applies to in-repository packages and has no effect on local package files. Users are advised not to install packages by a local file path if they do not want having them installed. This behavior is now documented in dnf-versionlock(8) manual page.
Release Note Status:
Proposed
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
PX Technical Impact:
PX Impact Range:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

Locking a package doesn't prevent it from being updated using a local rpm file.

Please provide the package NVR for which the bug is seen:

python3-dnf-plugin-versionlock-4.0.24-4.el9_0.noarch

How reproducible is this bug?:

Always

Steps to reproduce

1.- Lock a package, in this example I will use skopeo:

# yum versionlock skopeo-1.18.0-2.el9
Adding versionlock on: skopeo-2:1.18.0-2.el9.*

2.- Check that the lock works:

# rpm -q skopeo
skopeo-1.18.0-2.el9.x86_64
# dnf update skopeo
Dependencies resolved.
Nothing to do.
Complete!

3.- Use the local rpm:

 
# dnf install ./skopeo-1.18.1-1.el9_6.x86_64.rpm
Updating Subscription Management repositories.
Last metadata expiration check: 1:25:35 ago on Wed 28 May 2025 02:49:51 PM CEST.
Dependencies resolved.
==============================================================================================================================================================
 Package                          Architecture                     Version                                       Repository                              Size
==============================================================================================================================================================
Upgrading:
 skopeo                           x86_64                           2:1.18.1-1.el9_6                              @commandline                           9.1 M
Transaction Summary
==============================================================================================================================================================
Upgrade  1 Package
Total size: 9.1 M

clones

RHEL-94014 Document that versionlock doesn't apply to local packages

Release Pending

links to

RHBA-2025:157025 dnf-plugins-core update

Upstream bug report

Upstream fix

Upstream test

Assignee:: Petr Pisar

Reporter:: Jesus Perez

Developer:: packaging-team-maint

QA Contact:: Eva Mrakova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/06/02 2:38 PM

Updated:: 2025/12/09 2:19 PM

Dev Target end:: 2025/12/08

Next Planned Release Date:: 2026/05/12

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates