1947844 – Ugly stderr output when 'dnf repoquery' executed by non-root

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1947844 - Ugly stderr output when 'dnf repoquery' executed by non-root

Summary: Ugly stderr output when 'dnf repoquery' executed by non-root

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	subscription-manager
Sub Component:
Version:	34
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Chris Snyder
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-04-09 11:44 UTC by Pavel Raiskup
Modified:	2021-05-10 14:35 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pavel Raiskup 2021-04-09 11:44:49 UTC

On a subscription-manager registered Fedora box, I run:

$ dnf repoquery --repofrompath=prunerepo_query,/tmp/repo --repo=prunerepo_query --refresh --queryformat=%{location} --quiet --setopt=skip_if_unavailable=False --latest-limit=1
2021-04-09 13:43:09,027 [ERROR] dnf:964596:MainThread @logutil.py:200 - [Errno 13] Permission denied: '/var/log/rhsm/rhsm.log' - Further logging output will be written to stderr
2021-04-09 13:43:09,084 [WARNING] dnf:964596:MainThread @logutil.py:154 - logging already initialized
2021-04-09 13:43:09,084 [ERROR] dnf:964596:MainThread @identity.py:156 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 13] Permission denied: '/etc/pki/consumer/key.pem'
dummy-pkg-20210407_1217-1.fc34.x86_64.rpm

The error messages are not related to the `--repo` we are querying, and
it shouldn't be printed out.

This can not be silenced by dnf -q option, nor error level, etc.

Comment 1 Pavel Raiskup 2021-04-09 11:45:56 UTC

We run DNF non-privleged in prunerepo script:
https://pagure.io/prunerepo

Comment 2 Pino Toscano 2021-04-13 14:03:33 UTC

There are different possibilities to do in case of running dnf with the subscription-manager plugin when run as non-root user:

a) disable logging of (permissions?) errors/etc

b) log to a file somewhere in $HOME -- like in $XDG_CACHE_HOME ($HOME/.cache by default)

c) log to a file in the user cache directory of dnf -- e.g. /var/tmp/dnf-$USER-$RANDOM_8_CHARS

In case of (b) and (c), the log file would still fill with messages about root-only files (like /etc/pki/consumer/cert.pem mentioned above) being not accessibile. Making subcription-manager partially usable as user is a bigger, and separate task, though.

Comment 3 Chris Snyder 2021-05-10 14:35:07 UTC

Personally I think (b) and (c) are the only viable options. The messages in (a) might be annoying but they are at least meaningful and afaik accurate.
I think (b) will align the best with any future attempts at making subscription-manager usable (even partially) as a non-root user.
Thanks for the thoughts!

Note You need to log in before you can comment on or make changes to this bug.