Problem:
Using Katello Content Views with Rocky Linux 9 repositories filtered by errata publication date causes inconsistent dependency resolution during dnf update --security.
After publishing and promoting the Content View, clients fail installing security updates because some advisory metadata is present while required dependency RPMs are missing from the published Content View.
Example:
Error:
Problem 1: cannot install the best update candidate for package libcurl-7.76.1-31.el9.x86_64
- nothing provides openssl-libs(x86-64) >= 1:3.5.1 needed by libcurl-7.76.1-40.el9.x86_64
The issue only happens when using errata date filters to create historical frozen snapshots.
If the Content View is published without errata filters, the issue disappears.
Expected outcome:
When a security advisory is included in a published Content View:
- all required dependency RPMs should also be included
dnf update --securityshould work correctly- dependency chains should remain consistent
Foreman and Proxy versions:
- Foreman: 3.12.1
- Katello: 4.14.3
Distribution and version:
- Foreman Server: Rocky Linux 8.10
- Managed clients: Rocky Linux 9.6
Other relevant data:
Repositories are configured with:
- Complete Mirroring
- Restrict to architecture = x86_64
The issue appears with:
- Rocky Linux BaseOS
- Rocky Linux AppStream
Security metadata is still visible through:
dnf updateinfo list security all
However some required dependency packages are missing from the published Content View package list.
Example:
- advisory references
openssl-libs >= 3.5.1 - package missing from CV package list
The same behavior happens with:
- python3 / python-unversioned-command
- curl / libcurl
Is filtering by errata publication date considered a supported/reliable approach for Rocky Linux repositories in Katello?
My goal is to maintain historical frozen environments while still supporting:
dnf update --security- security-only patching
- dependency consistency