Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-94828

Document that versionlock doesn't apply to local packages

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-10.0
    • dnf-plugins-core
    • No
    • Low
    • rhel-swm
    • ssg_core_services
    • 0
    • Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      dnf-versionlock(8) manual page will document that the plugin only applies to in-repository packages.

      Upstream test suite will also supply a test which verifies that DNF4 versionlock plugin does not affect installing local packages.

      Show
      dnf-versionlock(8) manual page will document that the plugin only applies to in-repository packages. Upstream test suite will also supply a test which verifies that DNF4 versionlock plugin does not affect installing local packages.
    • None
    • None
    • Known Issue
    • Hide
      Cause: Installing a package from a local file whose version is excluded in versionlock DNF plugin configuration.
      Consequence: A user expects that versionlock configuration applies to local packages and that a package like that won't get installed.
      Workaround: Turn a directory with local packages into a local repository with createrepo_c tool, enable that repository in DNF configuration and install package by name.
      Result: versionlock DNF plugin only applies to in-repository packages and has not effect on local package files. Users are advised not not install packages by a local file path if they do not want having them installled.
      Show
      Cause: Installing a package from a local file whose version is excluded in versionlock DNF plugin configuration. Consequence: A user expects that versionlock configuration applies to local packages and that a package like that won't get installed. Workaround: Turn a directory with local packages into a local repository with createrepo_c tool, enable that repository in DNF configuration and install package by name. Result: versionlock DNF plugin only applies to in-repository packages and has not effect on local package files. Users are advised not not install packages by a local file path if they do not want having them installled.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Locking a package doesn't prevent it from being updated using a local rpm file.

      Please provide the package NVR for which the bug is seen:

      python3-dnf-plugin-versionlock-4.0.24-4.el9_0.noarch

      How reproducible is this bug?:

      Always

      Steps to reproduce

      1.- Lock a package, in this example I will use skopeo:

       

      # yum versionlock skopeo-1.18.0-2.el9
Adding versionlock on: skopeo-2:1.18.0-2.el9.*

       

       2.- Check that the lock works:

      # rpm -q skopeo
skopeo-1.18.0-2.el9.x86_64
# dnf update skopeo
Dependencies resolved.
Nothing to do.
Complete!

      3.- Use the local rpm:

       
# dnf install ./skopeo-1.18.1-1.el9_6.x86_64.rpm
Updating Subscription Management repositories.
Last metadata expiration check: 1:25:35 ago on Wed 28 May 2025 02:49:51 PM CEST.
Dependencies resolved.
==============================================================================================================================================================
 Package                          Architecture                     Version                                       Repository                              Size
==============================================================================================================================================================
Upgrading:
 skopeo                           x86_64                           2:1.18.1-1.el9_6                              @commandline                           9.1 M
Transaction Summary
==============================================================================================================================================================
Upgrade  1 Package
Total size: 9.1 M

              packaging-team-maint packaging-team-maint
              rhn-support-jeperez Jesus Perez
              packaging-team-maint packaging-team-maint
              Software Management QE Software Management QE
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: