Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1645568 - epel-release: lock to matching RHEL release
Summary: epel-release: lock to matching RHEL release
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: epel-release
Version: el6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michael Stahnke
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-02 14:41 UTC by Carl George
Modified: 2018-11-13 17:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-13 17:32:33 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Carl George 2018-11-02 14:41:19 UTC 
Description of problem:
Currently epel-release requires `redhat-release >= %{version}`.  This allows installing a newer epel-release than you should.  For example, you can install epel-release-7-11 on EL6.  It would be better to change the requirement to `redhat-release = %{version}` so that you can only ever install a matching epel-release.

Version-Release number of selected component (if applicable):
epel-release-6-8.noarch
epel-release-7-11.noarch

Steps to Reproduce:
1. an EL6 system
2. yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Actual results:
Installation is allowed.

Expected results:
Installation should fail because EPEL7 doesn't work on EL6.

Additional info:
Yes, I know people shouldn't do this, but it's a easy change to make to help enforce the correct thing.
Comment 1 Carl George 2018-11-02 15:28:30 UTC 
Ok I mixed things up slightly, my example should have been installing epel-release-latest-6.noarch.rpm works on EL7.

However, my example also works on CentOS 6 because centos-release-6 has an unversioned provides for redhat-release.  This is a related but technically a separate issue.

$ rpm -q --provides centos-release | grep redhat
redhat-release
Comment 2 Kevin Fenzi 2018-11-04 20:59:52 UTC 
Well, the problem here is that redhat-release is the actual release... ie, 7.0, 7.1, etc. 

So if we made epel7's epel-release require = redhat_release it would be uninstallable, since 7 is not = to 7.0, 7.1, ... 7.6

I suppose we could add a 'Conflicts: redhat-release < %{version}' but conflicts are kind of nasty, might be the only way though.
Comment 3 Carl George 2018-11-05 14:19:06 UTC 
Ah I missed that detail, thanks for the clarification.  I was probably looking at centos-release and incorrectly assumed redhat-release had the same version.

In the future we'll have a version of RPM in RHEL that supports ranged dependencies [0] to solve this correctly.  Until then, I agree that a conflict is the only way to accomplish this.

[0]: https://fedoraproject.org/wiki/Changes/RPM-4.14
Comment 4 Fedora Update System 2018-11-11 19:13:22 UTC 
epel-release-6-9 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7883fc5fe2
Comment 5 Fedora Update System 2018-11-12 04:46:27 UTC 
epel-release-6-9 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-7883fc5fe2
Comment 6 Carl George 2018-11-12 15:25:07 UTC 
I see the feedback on that bodhi update.  I had filed a bug with CentOS to add a version to centos-release, but it appears they did it that way to match redhat-release-server.

https://bugs.centos.org/view.php?id=15436

With both centos-release and redhat-release-server using an unversioned provides of redhat-release, this won't be solvable for EL6.  We could still do it for EL7 going forward if you like.
Comment 7 Kevin Fenzi 2018-11-13 17:32:33 UTC 
Yeah, I am afraid we can't really do this until/unless rhel changes, and I doubt they will want to change rhel6 at this point. ;(
Note You need to log in before you can comment on or make changes to this bug.