RFE: Isolated system checks and updates #1357
Comments
|
I am not sure but what you describe is similar what is provided by |
|
@j-mracek While that may be true, it is not feasible or cost efficient to set up a whole satellite service solution to patch one or two servers in isolation. In addition, dnf is used by non Red Hat operating systems as well. |
|
We have "dnf5 upgrade --downloadonly". We have "dnf5 download --url". Implementing "dnf5 upgrade --url" should be simple. Then the user can copy a snapshot of "repodata" directory of his repository from a mirror to his off-line system. And then either with injecting the metadata into DNF5 cache, or rewriting package URLs in primary.xml of the metadata he could make "dnf5 upgrade --url" to use the metadata to resolve dependencies and print URLs of packages to download. After obtaining the packages from the Internet, he can copy them into DNF5 package cache and "dnf5 upgrade" should succeed even on an off-line system. Of course adding DNF5 a nice user interface for all of it would be more work. But that's not necessary for the minimal level of support of this feature. |
I realize my RFE is just for checks and updates, but the idea of making sure isolated systems can be managed with dnf5 seems like it may have some tendrils on it that may squirm into other things. |
While that could work, /var/cache/… internals are generally not portable. They depend e.g. on a host architecture, or libsolv version. My idea was copying https://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/ from a mirror to a local file system and pointing a repository configuration in /etc/yum.repos.d there.
If you add the packages into the very same repository and run createrepo_c on them, then yes. Otherwise, DNF could insist on downloading the packages from the original repository because it distinguishes a package foo-1-1.noarch from one repository from foo-1-1.noarch from another repository.
"dnf5 download --url" does not resolve dependencies. But there is an option which does it: "dnf5 download --url --resolve".
The --url option would need to be generalize or implemented for "dnf5 install", "dnf5 swap", "dnf5 downgrade" etc. if want to cover all cases. That's why I wrote "nice user interface for all of it would be more work". |
|
@ppisar Sounds like I may want to close this issue and write a new general one for full offline system support as opposed to just updates. I will have to think on it. Thank you for the information. |
|
Yes, DNF5 would deserve a global dry-run mode where it would report URLs it would have downloaded and then a way how to divert DNF5 to fetch already downloaded packages from a local cache. It may have some overlap with issue #833 (lockfile support). |
|
I close this issue according to your preference. Feel free write a new, well-thought feature request. |
Note: If this already exists, I can't seem to find a way to do it anywhere on the Net. So I'm submitting this RFE. If I am mistaken, and a way exists, I apologize and ask for information.
Scenario: A need to update an isolated/non-networked system
Current methodology: Use reposync to download a copy of the repo, copy to media, bring into isolated area, virus scan, treat it as a local repo and do an update
Issue: Due to the size of repos (even when only downloading the newest packages) the amount of media used for transfers (such as BD/DVD) over time is excessive and the time to virus scan the repos each time is solid time block each time you need to do an update. (Note: "Just use an external HD is not a good answer". Some systems have USB disabled for reasons)
Desired path:
Bonus: Do 2 and 3 on multiple isolated systems and have the ability to merge the results prior to 5 to create a small repo to patch all the systems in the isolated space
Thank you for your time.
The text was updated successfully, but these errors were encountered: