A quick look at DNF5

0

DNF5 is the new DNF. With Fedora 41, it replaces DNF, and brings with it a new command as well as some new, upgraded, and renamed sub-commands.

The good news is that, despite the actual command being dnf5, the plain dnf command is still there — its a link to the dnf5 command.

# ll /usr/bin/dnf
lrwxrwxrwx 1 root root 4 Sep 19 20:00 /usr/bin/dnf -> dnf5

I use Ansible to perform my upgrades but the python3-libdnf5 package was not installed by default on a new test installation of Fedora 41 and that playbook failed. I talk a little about that in my Short review of Fedora 41. This is not a DNF5 problem, it’s a packaging problem as the python3-libdnf5 package should be installed by default, as its predecessor was in previous Fedora releases.

Some differences

Some of the previous sub-commands have changed in this newest release of DNF. The first one I encountered was that the whatprovides alias for the provides sub-command has been removed. I suppose I should have started using provides before now. I use check-update and that’s been changed to check-upgrade but check-update is still available as an alias. Since I want to use aliases as little as possible, I’ve already made that change in my scripts.

One command I use frequently, especially in scripts — is dnf list-updateinfo, but that sub-commend is no longer available and throws an error. It would send a data stream to STDOUT containing a list of all the packages that would be updated along with the type, such as security, bugfix, and enhancement.

A related command, dnf updateinfo summary, summarized the updates into categories with a count of each type, and that’s still available. This tells us a lot about the numbers of updates available. I am always especially interested in the security advisories. It doesn’t show any details, but I can at least see that a critical update is available.

# dnf updateinfo summary
Updating and loading repositories:
Repositories loaded.
Available advisory information summary:
Security    : 7
  Critical  : 1
  Important : 3
  Moderate  : 3
  Low       : 0
  Other     : 0
Bugfix      : 38
Enhancement : 21
Other       : 18

These numbers do not represent all of the packages that need updates. The next command, below, when run through wc (word count), indicates that there are 182 total packages that need upgraded.

And that’s my next step — to look for more detailed information. The dnf updateinfo list command provides more details with a list of each update available, it’s ID number, whether it’s a bugfix, security, or enhancement. It also lists the severity of each update. You can see the critical and important security packages listed. The information from these two commands can be useful in making a determination of whether updates should be installed immediately or that they can wait.

# dnf updateinfo list
Updating and loading repositories:
Repositories loaded.
Name                   Type    Severity                                                     Package              Issued
FEDORA-2024-01763b95cb unspeci None                                   ibus-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                              ibus-gtk2-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                              ibus-gtk3-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                              ibus-gtk4-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                              ibus-libs-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                             ibus-panel-1.5.31~rc1-2.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                             ibus-setup-1.5.31~rc1-2.fc41.noarch 2024-11-02 02:23:24
FEDORA-2024-01763b95cb unspeci None                             ibus-xinit-1.5.31~rc1-2.fc41.noarch 2024-11-02 02:23:24
FEDORA-2024-032a15d098 enhance None                                    libdav1d-1.5.0-1.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-05f0c114a8 enhance None                                   openssh-9.8p1-3.fc41.2.x86_64 2024-10-26 02:51:35
FEDORA-2024-05f0c114a8 enhance None                           openssh-askpass-9.8p1-3.fc41.2.x86_64 2024-10-26 02:51:35
FEDORA-2024-05f0c114a8 enhance None                           openssh-clients-9.8p1-3.fc41.2.x86_64 2024-10-26 02:51:35
FEDORA-2024-05f0c114a8 enhance None                            openssh-server-9.8p1-3.fc41.2.x86_64 2024-10-26 02:51:35
FEDORA-2024-0789e8fad8 bugfix  None                                libxshmfence-1.3.2-5.fc41.x86_64 2024-11-06 03:51:37
FEDORA-2024-0b460daa69 bugfix  None                         python3-argcomplete-3.5.1-1.fc41.noarch 2024-10-26 02:51:35
FEDORA-2024-0e2edce43c unspeci None                              fedora-release-common-41-27.noarch 2024-11-06 03:51:37
FEDORA-2024-0e2edce43c unspeci None                       fedora-release-identity-xfce-41-27.noarch 2024-11-06 03:51:37
FEDORA-2024-0e2edce43c unspeci None                                fedora-release-xfce-41-27.noarch 2024-11-06 03:51:37
FEDORA-2024-1531cc4d97 unspeci None                           python3-regex-2024.9.11-1.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-18dbc92086 enhance None                                  libarchive-3.7.4-4.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-2294017c96 bugfix  Low                                       zenity-4.0.3-1.fc41.x86_64 2024-10-28 22:10:39
FEDORA-2024-24fbd327e3 securit Critical                                 firefox-132.0-2.fc41.x86_64 2024-10-31 01:36:34
FEDORA-2024-24fbd327e3 securit Critical                       firefox-langpacks-132.0-2.fc41.x86_64 2024-10-31 01:36:34
FEDORA-2024-2c6a9cf88f unspeci None                       f41-backgrounds-base-41.0.1-1.fc41.noarch 2024-10-31 01:36:34
FEDORA-2024-2de24e3fe0 enhance None                                makedumpfile-1.7.6-1.fc41.x86_64 2024-10-28 22:10:39
FEDORA-2024-2e8944621e securit Importan               NetworkManager-libreswan-1.2.24-1.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-2e8944621e securit Importan         NetworkManager-libreswan-gnome-1.2.24-1.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-2fba3e6f20 unspeci None               crypto-policies-20241029-1.git8baf557.fc41.noarch 2024-11-01 03:41:44
FEDORA-2024-2fba3e6f20 unspeci None       crypto-policies-scripts-20241029-1.git8baf557.fc41.noarch 2024-11-01 03:41:44
FEDORA-2024-30429f8371 newpack None                                    libusb1-1.0.27-4.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-30f644aef4 enhance None                                      libvdpau-1.5-8.fc41.x86_64 2024-11-02 02:23:24
FEDORA-2024-3b99b1bca1 bugfix  Low                                        gvfs-1.56.1-1.fc41.x86_64 2024-10-26 02:51:35
FEDORA-2024-3b99b1bca1 bugfix  Low                                gvfs-archive-1.56.1-1.fc41.x86_64 2024-10-26 02:51:35
<SNIP>

Each name in the first column, is an identifier that allows for keeping track of the packages that need to be updated for a specific fix.

If you’re curious by nature, as I am, there’s still more information to be had. The seemingly redundant command, dnf updateinfo info, lists the updates by the name and prints additional information like the severity, status, vendor, rights, Red Hat Bugzilla information, as well as a list of packages in the fix. I’ve included the information for one moderate security fix, and some header information for an enhancement in the following short excerpt. The total data stream contained 11,586 lines.

# dnf updateinfo info
<SNIP>
Name        : FEDORA-2024-80c8f31c55
Title       : xorg-x11-server-Xwayland-24.1.4-1.fc41
Severity    : Moderate
Type        : security
Status      : stable
Vendor      : updates@fedoraproject.org
Issued      : 2024-10-31 01:36:34
Description : xwayland 24.1.4 - CVE fix for CVE-2024-9632
Message     : 
Rights      : Copyright (C) 2024 Red Hat, Inc. and others.
Reference   : 
  Title     : xorg-x11-server-Xwayland-24.1.4 is available
  Id        : 2316081
  Type      : bugzilla
  Url       : https://bugzilla.redhat.com/show_bug.cgi?id=2316081
Collection  : 
  Packages  : xorg-x11-server-Xwayland-24.1.4-1.fc41.src
            : xorg-x11-server-Xwayland-devel-24.1.4-1.fc41.i686
            : xorg-x11-server-Xwayland-debuginfo-24.1.4-1.fc41.i686
            : xorg-x11-server-Xwayland-24.1.4-1.fc41.i686
            : xorg-x11-server-Xwayland-debugsource-24.1.4-1.fc41.i686
            : xorg-x11-server-Xwayland-debuginfo-24.1.4-1.fc41.x86_64
            : xorg-x11-server-Xwayland-24.1.4-1.fc41.x86_64
            : xorg-x11-server-Xwayland-devel-24.1.4-1.fc41.x86_64
            : xorg-x11-server-Xwayland-debugsource-24.1.4-1.fc41.x86_64
            : xorg-x11-server-Xwayland-debuginfo-24.1.4-1.fc41.aarch64
            : xorg-x11-server-Xwayland-devel-24.1.4-1.fc41.aarch64
            : xorg-x11-server-Xwayland-24.1.4-1.fc41.aarch64
            : xorg-x11-server-Xwayland-debugsource-24.1.4-1.fc41.aarch64
            : xorg-x11-server-Xwayland-24.1.4-1.fc41.ppc64le
            : xorg-x11-server-Xwayland-devel-24.1.4-1.fc41.ppc64le
            : xorg-x11-server-Xwayland-debuginfo-24.1.4-1.fc41.ppc64le
            : xorg-x11-server-Xwayland-debugsource-24.1.4-1.fc41.ppc64le
            : xorg-x11-server-Xwayland-debuginfo-24.1.4-1.fc41.s390x
            : xorg-x11-server-Xwayland-24.1.4-1.fc41.s390x
            : xorg-x11-server-Xwayland-debugsource-24.1.4-1.fc41.s390x
            : xorg-x11-server-Xwayland-devel-24.1.4-1.fc41.s390x

Name        : FEDORA-2024-2de24e3fe0
Title       : makedumpfile-1.7.6-1.fc41
Severity    : None
Type        : enhancement
Status      : stable
Vendor      : updates@fedoraproject.org
Issued      : 2024-10-28 22:10:39
Description : Automatic update for makedumpfile-1.7.6-1.fc41

After performing an update (upgrade), I run the dnf5 needs-restarting command. This is an interesting command that provides some information about certain core libraries and services that require a reboot when they’re updated.

# dnf5 needs-restarting
Updating and loading repositories:
Repositories loaded.
Core libraries or services have been updated since boot-up:
  * glibc
  * kernel
  * kernel-core
  * kernel-modules
  * kernel-modules-core
  * kernel-modules-extra
  * libxcrypt

Reboot is required to fully utilize these updates.
More information: https://access.redhat.com/solutions/27943

With this information, I can make an informed decision about doing a reboot.

The DNF5 documentation contains a complete list of all the changes made to the command line syntax and sub-commands. The list is rather extensive and I found a lot of good information there.

Problems with Ansible

Ansible is a powerful tool that I use to perform a variety of SysAdmin tasks almost every day. The Fedora packagers have neglected to include a library package that will allow Ansible to work properly with DNF5. If you use Ansible, you can install the python3-libdnf5 package manually before running playbooks that depend upon DNF for some tasks. Read more about this problem here.

This is not a problem on systems that have been upgraded from Fedora 40. The package is installed during that process. The problem only occurs with new installations of Fedora 41.

Summary

Despite using DNF frequently in scripts and from the command line, I hadn’t looked at the DNF documentation in a long time. This change to DNF5 and the problem I encountered with its use through Ansible prompted me to take a close look at this important command. I found some interesting tools among the revised complement of sub-commands, and have already started working them into my scripts and CLI repertoire.

When used by itself or in scripts, DNF5 is an outstanding package manager with many powerful sub-commands. I’ve just started learning this newly upgraded tool but I expect it to make managing RPM packages even easier than it has been, once I learn some of its new superpowers.

It’s too bad that the Fedora packagers haven’t yet fixed the problem that prevents Ansible from working properly.

Leave a Reply