BugFix for DNF5: Exclusion list not honored#357
Open
yashnap wants to merge 4 commits into
Open
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #357 +/- ##
==========================================
+ Coverage 93.99% 94.10% +0.10%
==========================================
Files 107 107
Lines 19810 19822 +12
==========================================
+ Hits 18621 18654 +33
+ Misses 1189 1168 -21
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the DNF5 dependency-discovery flow used during include/exclude evaluation so that exclusions can propagate to dependent packages correctly in DNF5 upgrade scenarios (packages returned by dnf5 check-update).
Changes:
- Switch dependency simulation from
dnf5 install --assumeno --skip-brokentodnf5 upgrade --assumeno. - Extend dependency parsing to recognize both “Installing dependencies:” and “Upgrading dependencies:” sections.
- Update unit-test environment mocks and refresh the DNF5 output reference examples accordingly.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| src/core/src/package_managers/Dnf5PackageManager.py | Updates the simulation command and parsing heuristics for DNF5 dependency extraction. |
| src/core/tests/library/LegacyEnvLayerExtensions.py | Updates the mocked DNF5 simulation command matching used by tests. |
| src/tools/references/cmd_output_references/dnf5_output_expected_format | Updates the documented expected output formats for DNF5 dependency simulation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
291
to
295
| # Detect start of dependency section | ||
| if line_str.startswith(self.dnf5_dependency_success_text): | ||
| if any(line_str.startswith(text) for text in self.dnf5_dependency_success_text): | ||
| in_dependency_section = True | ||
|
|
||
| # Detect exit of dependency section |
| # Handle non-blocking dependency failure / nothing-to-do cases | ||
| if all(text in output for text in self.dnf5_dependency_failure_text): | ||
| if any(text in output for text in self.dnf5_dependency_failure_text): | ||
| self.composite_logger.log_warning("[DNF5] Packages skipped due to broken dependencies (non-blocking)") |
| Operation aborted by the user. | ||
|
|
||
| In DNF 5: Sample output for the command ' sudo dnf5 install --assumeno --skip-broken git' Failure case : Dependency Fails and exit code : 0 | ||
| In DNF 5: Sample output for the command 'sudo dnf5 upgrade --assumeno p11-kit.x86_64 p11-kit.x86_64' |
| Operation aborted by the user. | ||
| Exit Code : 1 | ||
|
|
||
| Ind DNF 5 : Sample outut for the command 'sudo dnf5 upgrade --assumeno openssl-999.999' : Failure Case , exit code :1 |
yashnap
force-pushed
the
bug1_inclusion_exclusion
branch
from
3bae6a9 to
0327c05
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
### Problem Statement
Linux Patch Extension performs dependency discovery during Include/Exclude processing so that exclusions can be propagated to dependent packages. i.e.
1: "patchesToInclude": ["openssl"], patchesToExclude": ["openssl-libs"]
In this scenario, if openssl-libs is identified as a dependency of openssl, both packages should be excluded from the final installation set.
However, dependency discovery was not working correctly for DNF5 upgrade scenarios. As a result, dependent packages were getting missed during Include/Exclude evaluation, causing exclusions to not be propagated as expected.
### Root Cause
Dependency discovery was using:
dnf5 install --assumeno --skip-broken <package>This worked correctly for new package installation scenarios, which is what was validated during the initial DNF5 development effort.
Example:
In this case, DNF5 exposes the dependency graph because the package is not already installed.
However, LPE dependency discovery is executed for packages returned by:
dnf5 check-updatewhich are already-installed packages with updates available. Using the same simulation command for an installed package produces:
Since no transaction is generated, no dependency information is exposed and LPE is unable to discover dependent packages.
Solution
Replace the dependency simulation command with:
dnf5 upgrade --assumeno <package>This more accurately simulates the actual operation performed by LPE for packages returned from check-update.
Example:
This allows dependency extraction to identify and correctly propagate exclusions.
openssl -> openssl-libs
Additionally, DNF5 dependency parsing was updated to recognize both in dependency sections:
Note on --skip-broken
The previous implementation used:
dnf5 install --assumeno --skip-brokenwhile the new implementation uses without --skip-broken.: ( Dnf5 doesnt support skip-broken with uprade command: https://dnf5.readthedocs.io/en/latest/commands/upgrade.8.html#upgrade-command )
dnf5 upgrade --assumenoAs part of validation, DNF5 upgrade simulations were observed to return exit code 1 for both successful simulations and transaction resolution failures. Therefore, dependency simulation continues to evaluate both command output and exit code.
Additionally, dependency parsing now treats transaction resolution failures (for example, output containing:
Failed to resolve the transaction:) as non-blocking dependency discovery failures and returns an empty dependency list, maintaining behavior consistent with the existing dependency simulation flow.
### Validation
1. Include + Exclude Dependency Scenario (Root Cause)
"patchesToInclude": ["openssl"],
"patchesToExclude": ["openssl-libs"]
Verified that dependency discovery correctly identified and exclusion propagation removed both packages from the installation set.
3.core.openssl.log
Additional Dependency Validation
"patchesToInclude": ["p11-kit"],
"patchesToExclude": ["p11-kit-trust"]
new_include_exclude.txt
2. Included Package With Dependencies
"patchesToInclude": ["kernel"]
Verified that normal kernel installation behavior remains unchanged and required kernel packages continue to be installed successfully:
4.core.included_dependencies.log
3. Package-Only Inclusion Scenario
2.core.inclusion.log
4. Include + Exclude Validation
Include: kernel, kernel-modules, Exclude: kernel-core, kernel-modules-core.
3.core.kernel.log