Fedora package update when upstream publishes

I have regularly been looking at what gets updated using

dnf updateinfo --info --refresh

and find there are many with a notation indicating the reason for the update being that upstream published an update.
ie:

===============================================================================
  container-selinux-2.233.0-1.fc40
===============================================================================
  Update ID: FEDORA-2024-510ab949e4
       Type: enhancement
    Updated: 2024-09-14 01:57:36
Description: Automatic update for container-selinux-2.233.0-1.fc40.
           : 
           : ##### **Changelog for container-selinux**
           : 
           : ```
           : * Wed Sep 11 2024 Packit <hello@packit.dev> - 2:2.233.0-1
           : - Update to 2.233.0 upstream release
           : 
           : ```
   Severity: None

But there are packages that lag upstream
ie:

40/Everything/x86_64/os/Packages/d/docker-distribution-2.8.1-5.gitb5ca020.fc40.x86_64.rpm

rawhide/Everything/x86_64/os/Packages/d/docker-distribution-2.8.1-6.gitb5ca020.fc41.x86_64.rpm

https://github.com/distribution/distribution/releases/latest -> v2.8.3 (2 Oct 2023)

I could not find anything in packaging guidlines that gives any guidance on how closely upstream should be tracked. Is management of each package autonomous when it comes to updates?

How do I go about requesting the latest stable version be used? Open and issue on src.fedoraproject.org?

1 Like

Added packages, updates and removed selinux

Package maintainers manually update Fedora packages when upstream publishes updates. So, there can be a lag depending on how busy the maintainer is. The best way of speeding these things up is to have more maintainers who can share the load.

We have a bunch of automation to help with this, but it does require a manual step because each upstream release has to be vetted by a human to ensure that it continues to follow the Fedora community packaging guidelines.

  • https://release-monitoring.org: helps monitor new releases, opens new bugs on bugzilla to let maintainers know
  • packit: adds some automation to automatically open pull requests with updates for maintainers to work with

All packages should ideally use at least release-monitoring.org to receive notifications on new versions. If a package you use does not have this set up, you should file a new bug to inform the maintainer of a new release upstream and request them to update the Fedora package.

1 Like
$ dnf updateinfo --info --refresh
Unknown argument "--info" for command "updateinfo". Add "--help" for more information about the arguments.

I guess it is just a small typing error?

dnf updateinfo info --refresh

version info (f40):
dnf5 version 5.1.17
dnf5 plugin API version 1.0
libdnf5 version 5.1.17
libdnf5 plugin API version 1.0

@ankursinha,

Sounds reasonable that individual package maintainers make the call. I expect there is plenty of automated testing as well to verify nothing breaks?

Filing a bug report so current maintainers are aware some user would like a newer version is also reasonable. Looks like this is this done in bugzilla, not as an issue in pagure.

Stepping up to be a maintainer myself would be good for me…

1 Like

@ilikelinux,

The syntax I used is correct for what the default f40 uses

dnf --version
4.21.1
  Installed: dnf-0:4.21.1-1.fc40.noarch at Tue 20 Aug 2024 11:33:06 AM GMT
  Built    : Fedora Project at Fri 16 Aug 2024 02:34:26 PM GMT

  Installed: rpm-0:4.19.1.1-1.fc40.x86_64 at Fri 17 May 2024 09:19:41 AM GMT
  Built    : Fedora Project at Wed 07 Feb 2024 03:55:53 PM GMT

The syntax you use works for the default dnf used in the latest successful compose of f41

dnf --version
dnf5 version 5.2.5.0
dnf5 plugin API version 2.0
libdnf5 version 5.2.5.0
libdnf5 plugin API version 2.0

I am all for change and am expecting there will be plenty needed as things move forward with dnf5.

1 Like

The maintainers of course test the updates but we also first publish the updates for testing. So that’s another of getting involved:

https://fedoraproject.org/wiki/QA:Updates_Testing

This is an opportunity for users to test the updates and provide feedback.

Yes, bugzilla is our current tracker for all packages. Here’s some documentation on filing bugs:

1 Like