What happened?
Version locking is broken on several levels with dnf5.
This state
Salt minion is installed:
pkg.installed:
- name: salt-minion
- version: '3007.14*'
- hold: true
- update_holds: trueyields the following error:
Unknown argument "salt-minion" for command "versionlock". Add "--help" for more information about the arguments.
ID: Salt minion is installed
Function: pkg.installed
Name: salt-minion
Result: False
Comment: All specified packages are already installed and are at the desired version.
Package salt-minion was unable to be held.
Started: 09:57:28.934366
Duration: 192.332 ms
Changes:Fixing this by adding add to the versionlock command, the state reports repeated changes because the dnf versionlock list output has changed drastically. Confirm the issue by running pkg.list_holds:
[root@minion ~]# salt-call pkg.list_holds
local:
- 2026-05-18
- salt-minion
- 3007.14-0I was able to fix this via the following patch, not sure if this should be in core as is:
diff --git i/salt/modules/yumpkg.py w/salt/modules/yumpkg.py
index 95126da671..d78c1104c4 100644
--- i/salt/modules/yumpkg.py
+++ w/salt/modules/yumpkg.py
@@ -32,6 +32,7 @@ import os
import re
import string
+import salt.serializers.tomlmod
import salt.utils.args
import salt.utils.data
import salt.utils.environment
@@ -2294,7 +2295,7 @@ def hold(
ret[target].update(result=None)
ret[target]["comment"] = f"Package {target} is set to be held."
else:
- out = _call_yum(["versionlock", target])
+ out = _call_yum(["versionlock", "add", target])
if out["retcode"] == 0:
ret[target].update(result=True)
ret[target]["comment"] = "Package {} is now being held.".format(
@@ -2444,6 +2445,34 @@ def list_holds(pattern=__HOLD_PATTERN, full=True):
"""
_check_versionlock()
+ if _yum() == "dnf5":
+ try:
+ with salt.utils.files.fopen("/etc/dnf/versionlock.toml") as f:
+ data = salt.serializers.tomlmod.deserialize(f)
+ except OSError:
+ log.warning("Missing DNF5 versionlock file at /etc/dns/versionlock.toml")
+ return []
+ except salt.serializers.DeserializationError:
+ log.warning(
+ "Failed to deserialize DNF5 versionlock file at /etc/dns/versionlock.toml"
+ )
+ return []
+ pkgs = data.get("packages", [])
+ if not full:
+ return list({pkg["name"] for pkg in pkgs})
+ res = []
+ for pkg in pkgs:
+ conds = pkg.get("conditions", [])
+ evr = next(
+ cond
+ for cond in conds
+ if cond["key"] == "evr" and cond["comparator"] == "="
+ )["value"]
+ if ":" not in evr:
+ evr = "0:" + evr
+ res.append(pkg["name"] + "-" + evr + ".*")
+ return res
+
out = __salt__["cmd.run"]([_yum(), "versionlock", "list"], python_shell=False)
ret = []
for line in salt.utils.itertools.split(out, "\n"):Type of salt install
Official deb
Major version
3007.x
What supported OS are you seeing the problem on? Can select multiple. (If bug appears on an unsupported OS, please open a GitHub Discussion instead)
fedora-44
* I ran into this on Fedora 44, but I'm pretty sure this is an issue whenever dnf5 exists on the system, so should be present on Fedora 42 as well.
salt --versions-report output
Salt Version:
Salt: 3007.14
Python Version:
Python: 3.10.19 (main, Feb 17 2026, 23:32:03) [GCC 11.2.0]
Dependency Versions:
cffi: 2.0.0
cherrypy: unknown
cryptography: 46.0.5
dateutil: 2.8.2
docker-py: Not Installed
gitdb: 4.0.12
gitpython: Not Installed
Jinja2: 3.1.6
libgit2: Not Installed
looseversion: 1.3.0
M2Crypto: Not Installed
Mako: Not Installed
msgpack: 1.0.7
msgpack-pure: Not Installed
mysql-python: Not Installed
packaging: 24.0
pycparser: 2.21
pycrypto: Not Installed
pycryptodome: 3.19.1
pygit2: Not Installed
python-gnupg: 0.5.2
PyYAML: 6.0.1
PyZMQ: 25.1.2
relenv: 0.22.4
smmap: 5.0.2
timelib: 0.3.0
Tornado: 6.5.5
ZMQ: 4.3.4
Salt Package Information:
Package Type: onedir
System Versions:
dist: fedora 44
locale: utf-8
machine: x86_64
release: 7.0.4-200.fc44.x86_64
system: Linux
version: Fedora Linux 44
What happened?
Version locking is broken on several levels with
dnf5.This state
yields the following error:
Fixing this by adding
addto the versionlock command, the state reports repeated changes because thednf versionlock listoutput has changed drastically. Confirm the issue by runningpkg.list_holds:I was able to fix this via the following patch, not sure if this should be in core as is:
Type of salt install
Official deb
Major version
3007.x
What supported OS are you seeing the problem on? Can select multiple. (If bug appears on an unsupported OS, please open a GitHub Discussion instead)
fedora-44
* I ran into this on Fedora 44, but I'm pretty sure this is an issue whenever
dnf5exists on the system, so should be present on Fedora 42 as well.salt --versions-report output
Salt Version: Salt: 3007.14 Python Version: Python: 3.10.19 (main, Feb 17 2026, 23:32:03) [GCC 11.2.0] Dependency Versions: cffi: 2.0.0 cherrypy: unknown cryptography: 46.0.5 dateutil: 2.8.2 docker-py: Not Installed gitdb: 4.0.12 gitpython: Not Installed Jinja2: 3.1.6 libgit2: Not Installed looseversion: 1.3.0 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.7 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 24.0 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.5.2 PyYAML: 6.0.1 PyZMQ: 25.1.2 relenv: 0.22.4 smmap: 5.0.2 timelib: 0.3.0 Tornado: 6.5.5 ZMQ: 4.3.4 Salt Package Information: Package Type: onedir System Versions: dist: fedora 44 locale: utf-8 machine: x86_64 release: 7.0.4-200.fc44.x86_64 system: Linux version: Fedora Linux 44