Rpm-ostree show update but updates nothing

Hi,
I have upgraded to F31 and mostly everything works. But I have a problem when I do

$ rpm-ostree status

State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.timer: last run 15min ago
Deployments:
● ostree://fedora:fedora/31/x86_64/silverblue
                   Version: 31.20191104.0 (2019-11-04T00:31:13Z)
                BaseCommit: 1c133016c6a02dc24811bc8a4123adadf321f34f15d25665078799154f2cbe4d
              GPGSignature: Valid signature by 7D22D5867F2A4236474BF7B850CB390B3C3359C4
           LayeredPackages: ...
             LocalPackages: rpmfusion-free-release-31-1.noarch rpmfusion-nonfree-release-31-1.noarch

  ostree://fedora:fedora/30/x86_64/silverblue
                   Version: 30.20191104.0 (2019-11-04T00:55:55Z)
                BaseCommit: 759287e8ee8688fc939fbf2d1d12a774a063f163bc2ab3ff0a2ec0eb73f27ed0
              GPGSignature: Valid signature by F1D8EC98F241AAF20DF69420EF3C111FCFC659B9
           LayeredPackages: ...
             LocalPackages: rpmfusion-free-release-30-1.noarch rpmfusion-nonfree-release-30-1.noarch

AvailableUpdate:
  SecAdvisories: 1 important
           Diff: 4 upgraded

It shows there is an upgrade available so I do

$ rpm-ostree upgrade

note: automatic updates (stage) are enabled
1 metadata, 0 content objects fetched; 569 B transferred in 3 seconds
Checking out tree 1c13301... done
Enabled rpm-md repositories: updates rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates fedora rpmfusion-free
rpm-md repo 'updates' (cached); generated: 2019-11-04T00:46:21Z
rpm-md repo 'rpmfusion-free-updates' (cached); generated: 2019-11-03T15:17:47Z
rpm-md repo 'rpmfusion-nonfree' (cached); generated: 2019-10-22T10:43:47Z
rpm-md repo 'rpmfusion-nonfree-updates' (cached); generated: 2019-11-03T15:24:22Z
rpm-md repo 'fedora' (cached); generated: 2019-10-25T01:48:20Z
rpm-md repo 'rpmfusion-free' (cached); generated: 2019-10-22T10:21:36Z
Importing rpm-md... done
Resolving dependencies... done
No upgrade available.

But nothing is updated. The update concerns chromium and some other chromium related packages

$ rpm-ostree upgrade --preview

note: automatic updates (stage) are enabled
⠙ Receiving metadata objects: 0/(estimating) -/s 0 bytes... 
Receiving metadata objects: 0/(estimating) -/s 0 bytes... done
Enabled rpm-md repositories: updates rpmfusion-free-updates rpmfusion-nonfree rpmfusion-nonfree-updates fedora rpmfusion-free
Updating metadata for 'updates'... done
rpm-md repo 'updates'; generated: 2019-11-04T00:46:21Z
Updating metadata for 'rpmfusion-free-updates'... done
rpm-md repo 'rpmfusion-free-updates'; generated: 2019-11-03T15:17:47Z
Updating metadata for 'rpmfusion-nonfree'... done
rpm-md repo 'rpmfusion-nonfree'; generated: 2019-10-22T10:43:47Z
Updating metadata for 'rpmfusion-nonfree-updates'... done
rpm-md repo 'rpmfusion-nonfree-updates'; generated: 2019-11-03T15:24:22Z
Updating metadata for 'fedora'... done
rpm-md repo 'fedora'; generated: 2019-10-25T01:48:20Z
Updating metadata for 'rpmfusion-free'... done
rpm-md repo 'rpmfusion-free'; generated: 2019-10-22T10:21:36Z
Importing rpm-md... done
AvailableUpdate:
  SecAdvisories: FEDORA-2019-9a5e81214f  Important  chromium-77.0.3865.120-1.fc31.x86_64
                 FEDORA-2019-9a5e81214f  Important  chromium-common-77.0.3865.120-1.fc31.x86_64
                 FEDORA-2019-9a5e81214f  Important  chromium-libs-77.0.3865.120-1.fc31.x86_64
                 FEDORA-2019-9a5e81214f  Important  chromium-libs-media-77.0.3865.120-1.fc31.x86_64
                   CVE-2019-5870 chromium-browser: Use-after-free in media
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762366
                   CVE-2019-5871 chromium-browser: Heap overflow in Skia
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762367
                   CVE-2019-5872 chromium-browser: Use-after-free in Mojo
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762368
                   CVE-2019-5873 chromium-browser: URL bar spoofing on iOS
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762369
                   CVE-2019-5874 chromium-browser: External URIs may trigger other browsers
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762370
                   CVE-2019-5875 chromium-browser: URL bar spoof via download redirect
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762371
                   CVE-2019-13691 chromium-browser: Omnibox spoof
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762372
                   CVE-2019-13692 chromium-browser: SOP bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762373
                   CVE-2019-5876 chromium-browser: Use-after-free in media
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762374
                   CVE-2019-5877 chromium-browser: Out-of-bounds access in V8
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762375
                   CVE-2019-5878 chromium-browser: Use-after-free in V8
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762376
                   CVE-2019-5879 chromium-browser: Extensions can read some local files
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762377
                   CVE-2019-5880 chromium-browser: SameSite cookie bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762378
                   CVE-2019-5881 chromium-browser: Arbitrary read in SwiftShader
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762379
                   CVE-2019-13659 chromium-browser: URL spoof
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762380
                   CVE-2019-13660 chromium-browser: Full screen notification overlap
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762381
                   CVE-2019-13661 chromium-browser: Full screen notification spoof
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762382
                   CVE-2019-13662 chromium-browser: CSP bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762383
                   CVE-2019-13663 chromium-browser: IDN spoof
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762384
                   CVE-2019-13664 chromium-browser: CSRF bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762385
                   CVE-2019-13665 chromium-browser: Multiple file download protection bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762386
                   CVE-2019-13666 chromium-browser: Side channel using storage size estimate
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762387
                   CVE-2019-13667 chromium-browser: URI bar spoof when using external app URIs
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762388
                   CVE-2019-13668 chromium-browser: Global window leak via console
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762389
                   CVE-2019-13669 chromium-browser: HTTP authentication spoof
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762390
                   CVE-2019-13670 chromium-browser: V8 memory corruption in regex
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762391
                   CVE-2019-13671 chromium-browser: Dialog box fails to show origin
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762392
                   CVE-2019-13673 chromium-browser: Cross-origin information leak using devtools
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762393
                   CVE-2019-13674 chromium-browser: IDN spoofing
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762394
                   CVE-2019-13675 chromium-browser: Extensions can be disabled by trailing slash
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762395
                   CVE-2019-13676 chromium-browser: Google URI shown for certificate warning
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762396
                   CVE-2019-13677 chromium-browser: Chrome web store origin needs to be isolated
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762397
                   CVE-2019-13678 chromium-browser: Download dialog spoofing
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762398
                   CVE-2019-13679 chromium-browser: User gesture needed for printing
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762399
                   CVE-2019-13680 chromium-browser: IP address spoofing to servers
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762400
                   CVE-2019-13681 chromium-browser: Bypass on download restrictions
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762401
                   CVE-2019-13682 chromium-browser: Site isolation bypass
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762402
                   CVE-2019-13683 chromium-browser: Exceptions leaked by devtools
                   https://bugzilla.redhat.com/show_bug.cgi?id=1762403
       Upgraded: chromium 77.0.3865.90-2.fc31 -> 77.0.3865.120-1.fc31
                 chromium-common 77.0.3865.90-2.fc31 -> 77.0.3865.120-1.fc31
                 chromium-libs 77.0.3865.90-2.fc31 -> 77.0.3865.120-1.fc31
                 chromium-libs-media 77.0.3865.90-2.fc31 -> 77.0.3865.120-1.fc31

Could someone point me in the right direction?

Thank you very much

you need to use sudo at the beginning.

$ sudo rpm-ostree upgrade --check

$ sudo rpm-ostree upgrade --preview

$ sudo rpm-ostree upgrade

https://docs.fedoraproject.org/en-US/iot/applying-updates-UG/

I don’t think it’s related to sudo.

The Chromium update has been stable for over a week and rpm-ostree would say if there was a conflict. If rpm -q chromium shows chromium-77.0.3865.120-1.fc31.x86_64, then you have the update already and the status is either wrong or referring to a different update.

No I don’t. I have been using it without sudo since forever. But thanks anyway :slight_smile:

Well rpm -q chromium shows chromium-77.0.3865.90-2.fc31.x86_64. But today kernel and something else got updated and since then the update for chromium was not showing up at all. It showed up again when I opened the Software application. It seems even weirder.

IIUC rpm-ostree upgrade will only upgrade if there is a new base ostree update, but rpm-ostree upgrade --preview will show you layered packages (in yum repos) that would be updated if there were a new base ostree update. This behavior (bug?) is being tracked in https://github.com/coreos/rpm-ostree/issues/1579.

1 Like

Thank you for the info. I’ll watch the issue. Although what surprises me is that mark says the update is stable for a while…