How to reproduce (e.g Puppet code you use)
Fact yum_package_updates/yum_has_updates is using /usr/bin/yum --assumeyes --quiet --cacheonly list updates to list available updates. It does not take into account that packages can be versionlocked. So when a system has versionlocked packages and the system is updated through yum update, the fact yum_has_updates will still return true. I would expect a false because the system is up to date (except the versionlocked packages).
Instead of using list updates, check-update can be considered. See below.
What are you seeing
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64 3.1.20-12.el8 rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
[root@server ~]# /usr/bin/yum versionlock at*
Updating Subscription Management repositories.
Last metadata expiration check: 0:00:56 ago on Mon 19 Dec 2022 03:11:31 PM CET.
Adding versionlock on: at-0:3.1.20-11.el8.*
Adding versionlock on: attr-0:2.4.48-3.el8.*
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly list updates
Available Upgrades
at.x86_64 3.1.20-12.el8 rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly check-update
[root@server ~]#
[root@server ~]# /usr/bin/yum versionlock clear
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:49 ago on Mon 19 Dec 2022 03:11:31 PM CET.
[root@server ~]#
[root@server ~]# /usr/bin/yum --assumeyes --quiet --cacheonly check-update
at.x86_64 3.1.20-12.el8 rhel-8-for-x86_64-baseos-rpms
[root@server ~]#
What behaviour did you expect instead
If a system is up to date - even when there are versionlocked packages - I expect false.
I can create a PR, but I am not sure which approach is the way to go.
Approach 1:
Replace /usr/bin/yum --assumeyes --quiet --cacheonly list updates with /usr/bin/yum --quiet --cacheonly check-update
Approach 2:
Add a new fact (for example: yum_has_updates_ex_versionlocked). This fact uses /usr/bin/yum --quiet --cacheonly check-update.
How to reproduce (e.g Puppet code you use)
Fact
yum_package_updates/yum_has_updatesis using/usr/bin/yum --assumeyes --quiet --cacheonly list updatesto list available updates. It does not take into account that packages can be versionlocked. So when a system has versionlocked packages and the system is updated throughyum update, the factyum_has_updateswill still returntrue. I would expect afalsebecause the system is up to date (except the versionlocked packages).Instead of using
list updates,check-updatecan be considered. See below.What are you seeing
What behaviour did you expect instead
If a system is up to date - even when there are versionlocked packages - I expect
false.I can create a PR, but I am not sure which approach is the way to go.
Approach 1:
Replace
/usr/bin/yum --assumeyes --quiet --cacheonly list updateswith/usr/bin/yum --quiet --cacheonly check-updateApproach 2:
Add a new fact (for example:
yum_has_updates_ex_versionlocked). This fact uses/usr/bin/yum --quiet --cacheonly check-update.