Is this a critical security issue?
Describe the Bug
DNF provider supports intervals/comparison in ensure parameter. Somehow this seems broken for kernel-core, while working for other packages like bash-completion or nano.
Expected Behavior
Comparison in ensure works with all packages.
Steps to Reproduce
Sample manifest, tested on AlmaLinux 9
# Just to check if comparison works elsewhere
package { 'bash-completion':
ensure => '>=2.0',
}
package { 'nano':
ensure => '>=5.5.0',
}
# The problem
package { 'kernel-core':
ensure => '>=5.14.0-611.54.3',
}
Run
sudo /opt/puppetlabs/puppet/bin/puppet apply manifest.pp --debug
Environment
Version: 8.26.2
Platform: AlmaLinux 9.7
Additional Context
Also tried a simpler comparison
package { 'kernel-core':
ensure => '>=5.14.0',
}
It resulted in
Debug: /Package[nano]: Provider dnf does not support features targetable; not managing attribute command
Debug: /Package[kernel-core]: Provider dnf does not support features targetable; not managing attribute command
Debug: /Package[bash-completion]: Provider dnf does not support features targetable; not managing attribute command
Debug: Creating default schedules
Debug: Loaded state in 0.00 seconds
Info: Using environment 'production'
Debug: Loaded state in 0.00 seconds
Info: Applying configuration version '1778686147'
Debug: Prefetching dnf resources for package
Debug: Executing: '/bin/rpm --version'
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' | sort'
Debug: Package[kernel-core](provider=dnf): Ensuring => >=5.14.0
Debug: Executing: '/bin/dnf list kernel-core --showduplicates | sed -e '1,/Available Packages/ d' | awk '{print $2}''
Debug: Package[kernel-core](provider=dnf): Detected Arch argument in package! - Moving arch to end of version string
Debug: Executing: '/bin/rpm -q kernel-core --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Package[kernel-core](provider=dnf): Upgrading package kernel-core from version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 to 5.14.0-611.54.3.el9_7
Debug: Executing: '/bin/dnf -y upgrade kernel-core-5.14.0-611.54.3.el9_7'
Debug: Executing: '/bin/rpm -q kernel-core --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Error: Could not update: Failed to update to version 5.14.0-611.54.3.el9_7, got version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 instead
Error: /Stage[main]/Main/Package[kernel-core]/ensure: change from '5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7' to '>=5.14.0' failed: Could not update: Failed to update to version 5.14.0-611.54.3.el9_7, got version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 instead
Debug: Class[Main]: Resource is being skipped, unscheduling all events
Debug: Stage[main]: Resource is being skipped, unscheduling all events
Debug: Finishing transaction 12560
Debug: Storing state
Debug: Pruned old state cache entries in 0.00 seconds
Debug: Stored state in 0.00 seconds
Notice: Applied catalog in 2.67 seconds
Relevant log output
Debug: /Package[nano]: Provider dnf does not support features targetable; not managing attribute command
Debug: /Package[kernel-core]: Provider dnf does not support features targetable; not managing attribute command
Debug: /Package[bash-completion]: Provider dnf does not support features targetable; not managing attribute command
Debug: Creating default schedules
Debug: Loaded state in 0.00 seconds
Info: Using environment 'production'
Debug: Loaded state in 0.00 seconds
Info: Applying configuration version '1778685832'
Debug: Prefetching dnf resources for package
Debug: Executing: '/bin/rpm --version'
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' | sort'
Debug: Package[kernel-core](provider=dnf): Ensuring => >=5.14.0-611.54.3
Debug: Executing: '/bin/dnf list kernel-core --showduplicates | sed -e '1,/Available Packages/ d' | awk '{print $2}''
Debug: Package[kernel-core](provider=dnf): Detected Arch argument in package! - Moving arch to end of version string
Debug: Executing: '/bin/rpm -q kernel-core --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Debug: Package[kernel-core](provider=dnf): Upgrading package kernel-core from version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 to 5.14.0-611.54.3.el9_7
Debug: Executing: '/bin/dnf -y upgrade kernel-core-5.14.0-611.54.3.el9_7'
Debug: Executing: '/bin/rpm -q kernel-core --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'
Error: Could not update: Failed to update to version 5.14.0-611.54.3.el9_7, got version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 instead
Error: /Stage[main]/Main/Package[kernel-core]/ensure: change from '5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7' to '>=5.14.0-611.54.3' failed: Could not update: Failed to update to version 5.14.0-611.54.3.el9_7, got version 5.14.0-611.45.1.el9_7; 5.14.0-611.49.1.el9_7; 5.14.0-611.54.3.el9_7 instead
Debug: Class[Main]: Resource is being skipped, unscheduling all events
Debug: Stage[main]: Resource is being skipped, unscheduling all events
Debug: Finishing transaction 12560
Debug: Storing state
Debug: Pruned old state cache entries in 0.00 seconds
Debug: Stored state in 0.01 seconds
Notice: Applied catalog in 3.24 seconds
Is this a critical security issue?
Describe the Bug
DNF provider supports intervals/comparison in
ensureparameter. Somehow this seems broken forkernel-core, while working for other packages likebash-completionornano.Expected Behavior
Comparison in
ensureworks with all packages.Steps to Reproduce
Sample manifest, tested on AlmaLinux 9
Run
Environment
Version: 8.26.2
Platform: AlmaLinux 9.7
Additional Context
Also tried a simpler comparison
It resulted in
Relevant log output