Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1788371 - [Feature Request] Package vendor stickiness as available in Zypper
Summary: [Feature Request] Package vendor stickiness as available in Zypper
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnf
Version: 8.1
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: 8.0
Assignee: nsella
QA Contact: Eva Mrakova
URL:
Whiteboard:
Depends On:
Blocks: dnf-community 1890505
TreeView+ depends on / blocked
 
Reported: 2020-01-07 03:10 UTC by Michael Rochefort
Modified: 2021-05-18 15:00 UTC (History)
5 users (show)

Fixed In Version: dnf-4.4.2-2.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:00:34 UTC
Type: Bug
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Michael Rochefort 2020-01-07 03:10:52 UTC
I will lead with I'm not sure if this feature request belongs in RHEL or in Fedora, but applies to both (though I'm currently using RHEL and feel it's a _tad_ more applicable from my experience). I also couldn't find a pre-existing request, but I will be honest in that my searching skills aren't the best at times.

Often times 3rd party repositories need to be activated in order to install software that is not found in the supported Red Hat and Fedora repositories (examples being EPEL, RPM Fusion, ELRepo, Negativo17, and Nux). However, sometimes these repositories can have duplicate packages as the projects hold different views on how a particular software should be packaged. A good example of this is the NVIDIA closed source driver. In these situations, installing the driver from one repository may end up having its package overwritten and updated by the packages from another when the other repository is hosting newer packages of the same name, regardless of whether or not this is what the user actually prefers/wants. Using the NVIDIA example, having ones' packages upgraded from a long-lived driver branch to a short-lived driver branch or updated at all.

Zypper (as I found out today) has a functionality called vendor stickiness[0] where a user can specify, in a couple of ways, to lock a set of packages to a particular repository at install time. This will prevent the solver from choosing to upgrade those packages if newer ones exist in a different repository than the one they were installed from.

Currently the only solution (I'm aware of) is to edit the repo file by adding a list of excludes. A similar functionality could help out in situations where packages are duplicated across repositories, whether they be 3rd party community or vendor provided packages.

[0] https://en.opensuse.org/SDB:Vendor_change_update

Comment 1 Neal Gompa 2020-01-07 13:13:49 UTC
This is a libsolv feature, centered around the "allowvendorchange" solver flag.

Details about vendor policies: https://github.com/openSUSE/libsolv/blob/master/doc/libsolv-pool.txt#vendor-policies

Comment 2 Neal Gompa 2020-01-07 13:34:41 UTC
Also, the functions around vendor policies are documented in the same file, though quite a bit further up: https://github.com/openSUSE/libsolv/blob/master/doc/libsolv-pool.txt#functions-1

Comment 3 nsella 2020-03-13 09:45:09 UTC
I made some PRs

   dnf : https://github.com/rpm-software-management/dnf/pull/1602
libdnf : https://github.com/rpm-software-management/libdnf/pull/907
 tests : https://github.com/rpm-software-management/ci-dnf-stack/pull/803


Shall we apply the change also for micronf and packagekit?

Comment 4 Neal Gompa 2020-03-14 07:29:17 UTC
(In reply to nsella from comment #3)
> 
> Shall we apply the change also for micronf and packagekit?

Yes. We want the behavior to be consistent across all consumers of libdnf.

Comment 20 errata-xmlrpc 2021-05-18 15:00:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (dnf bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1657


Note You need to log in before you can comment on or make changes to this bug.