From Fedora Project Wiki

Revision as of 17:04, 14 February 2019 by Bcotton (talk | contribs) (Submitted to FESCo for exception https://pagure.io/fesco/issue/2088)

DNF Make Best Mode the Default

Summary

Make DNF always try to upgrade to the highest available version of a package, even only to fail due to dependency problems.

Note: We are aware of the fact that this is a late proposal for Fedora 30, however, we think it is very important from the security standpoint.

Owner

Current status

  • Targeted release: Fedora 30
  • Last updated: 2019-02-14
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Change the built-in default value of the best configuration option from 0 (false) to 1 (true).

As a result, unless best is overridden in the /etc/dnf/dnf.conf file or using --setopt, it will default to 1. As a convenience, we will also put the explicit best=1 assignment in the shipped /etc/dnf/dnf.conf file for better transparency, and introduce the new --nobest command-line switch.

The purpose of the --nobest switch (as a shorthand for --setopt=best=0) is to make it easy for the user to override the default setting when needed, and it will also be suggested in the DNF output when a dependency error occurs.

Relevant excerpt from the updated dnf.conf(5):

best  boolean
When upgrading a package, always try to install its highest version available, even only to find out some of its deps are not satisfiable. Enable this if you want to experience broken dependencies in the repositories firsthand. The default is True.

Relevant excerpt from the updated dnf(8):

--nobest
Set best option as false, therefore transactions are not limited to only best candidates.

Benefit to Fedora

This change allows the users to be properly notified when a package cannot be upgraded to the latest version, instead of silently ignoring it as an upgrade candidate.

Right now, when DNF runs in best=0 mode, if a package cannot be upgraded due to dependency problems, it is skipped and a warning is printed in the transaction summary table. However, this poses a risk of important security fixes being overlooked by the user in case they are broken for some reason, such as due to a repository misconfiguration or inconsistency within the metadata itself.

Moreover, since DNF always exits with the return code 0 (success) when in best=0 mode, this mode is especially risky in automated scripts invoking DNF in assumeyes mode in which case such unsuccessful package upgrades could easily go unnoticed unless the logs are manually examined after the fact.

The new behavior is also more in line with the generally accepted software development practice of failing early and failing fast.

As a secondary benefit, broken upgrade paths in the Fedora repositories will hopefully be noticed, reported and therefore fixed sooner.

Scope

  • Proposal owners:

Backport the following upstream pull requests into the DNF stack on Fedora:

https://github.com/rpm-software-management/libdnf/pull/678
https://github.com/rpm-software-management/dnf/pull/1311
https://github.com/rpm-software-management/dnf/pull/1316
https://github.com/rpm-software-management/dnf/pull/1319

  • Other developers: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

Broken upgrades are recognized early, enabling the users to act upon them by double-checking their repository configuration or filing bugs, instead of assuming no upgrades are available.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes