[stable-2.10] [dnf] Some fixes around filtering (#72483) (#72500)

* [stable-2.10] [dnf] Some fixes around filtering (#72483)

Change:
- Docs: Add note that security/bugfix apply to dependencies too, like
  the dnf command.

- dnf: security/bugfix only makes sense for updates, so limit the
  package query sack to available updates.

- tests: Limit tests to our known-good test packages, so that RHEL
  packages marked security/bugfix without similarly marked dependencies
  don't fail our tests.

Test Plan:
- Tested with `dnf upgrade-minimal --bugfix` and reproduced the same
  error currently seen in CI, showing that we are consistent with what
  dnf does.

Tickets:
- Likely fixes #72316

Signed-off-by: Rick Elrod <rick@elrod.me>
(cherry picked from commit d8c637da37)

Co-authored-by: Rick Elrod <rick@elrod.me>

* Add changelog (#72502)

(cherry picked from commit b33d7e2e29)

Co-authored-by: Rick Elrod <rick@elrod.me>
This commit is contained in:
Sam Doran 2020-11-06 09:56:18 -05:00 committed by GitHub
parent 31ab3d8a64
commit 8c5910efe7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 6 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- dnf - fix filtering to avoid dependncy conflicts (https://github.com/ansible/ansible/issues/72316)

View file

@ -117,12 +117,14 @@ options:
security:
description:
- If set to C(yes), and C(state=latest) then only installs updates that have been marked security related.
- Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
type: bool
default: "no"
version_added: "2.7"
bugfix:
description:
- If set to C(yes), and C(state=latest) then only installs updates that have been marked bugfix related.
- Note that, similar to ``dnf upgrade-minimal``, this filter applies to dependencies as well.
default: "no"
type: bool
version_added: "2.7"
@ -646,10 +648,10 @@ class DnfModule(YumDnf):
filters = []
if self.bugfix:
key = {'advisory_type__eq': 'bugfix'}
filters.append(base.sack.query().filter(**key))
filters.append(base.sack.query().upgrades().filter(**key))
if self.security:
key = {'advisory_type__eq': 'security'}
filters.append(base.sack.query().filter(**key))
filters.append(base.sack.query().upgrades().filter(**key))
if filters:
base._update_security_filters = filters

View file

@ -20,7 +20,9 @@
- name: Ask for pending updates (check_mode)
dnf:
name: '*'
name:
- toaster
- oven
state: latest
update_only: true
disable_gpg_check: true
@ -38,7 +40,9 @@
- name: Ask for pending updates with security=true (check_mode)
dnf:
name: '*'
name:
- toaster
- oven
state: latest
update_only: true
disable_gpg_check: true
@ -57,7 +61,9 @@
- name: Ask for pending updates with bugfix=true (check_mode)
dnf:
name: '*'
name:
- toaster
- oven
state: latest
update_only: true
disable_gpg_check: true
@ -76,7 +82,9 @@
- name: Ask for pending updates with bugfix=true and security=true (check_mode)
dnf:
name: '*'
name:
- toaster
- oven
state: latest
update_only: true
disable_gpg_check: true