Implement dnf5 needs-restarting plugin

[evan-goode]

I'd like the DNF 5 needs-restarting command to behave a bit different from dnf4 needs-restarting. Here's what I propose:

• dnf5 needs-restarting (no flag): I'd like this to simply report whether the system needs to be restarted. If there are "core packages" (such as kernel or glibc) that have been updated since boot, or if any advisory with the reboot_suggested flag applies to any of the packages that have been updated/installed since boot, dnf5 needs-restarting will list these packages and exit with code 1 to indicate a reboot is needed. Otherwise, it will exit with code 0. This proposed behavior is the same as the current behavior of dnf4 needs-restarting -r, but it would properly honor the reboot_suggested advisory rather than simply checking the hardcoded list of "core packages".

  I think this should be the default behavior of needs-restarting (rather than being behind a flag) because it's probably the most common use case. Here's an example of a user running needs-restarting when they needed needs-restarting -r: https://bugzilla.redhat.com/show_bug.cgi?id=2237223.

• Regarding the behavior of dnf4 needs-restarting (no flag): currently, this command lists processes with open outdated files and recommends the user restart them. I think we should leave this behavior out of dnf5 needs-restarting for two reasons. First, tracer and dnf-plugins-extras-tracer implement this approach well, and we don't need to duplicate their functionality. Second, this whole strategy of looking for open files is a bit of a hack and IMO shouldn't be included in the core DNF plugins. It might work most of the time, but there are nuances and edge cases here, e.g. when a process maps a library without opening it: https://bugzilla.redhat.com/show_bug.cgi?id=1131307, or if, hypothetically, a process reads a file into memory, closes it, then encrypts the copy in memory. There's just no way to tell that the process is "using" that outdated file.

• dnf5 needs-restarting -s: I'd like this to list systemd services that need to be restarted, but rather than check whether the service has any open outdated files, check the dependencies of the package that provides the service. I haven't implemented this yet in this PR, but here's an outline:

for each running systemd $service
    find the $package that provides the unit file for $service, if any
        recursively get all $dependencies of $package
        if $package or any $dependency has been updated since $service started
            recommend restart of $service

For #743

Resolves #587

[ppisar]

dnf5 needs-restarting will list these packages and exit with code 1 to indicate a reboot is needed.

Would it be possible the reverse the exit codes? Now the codes match to "does-not-need-restart" question.

[evan-goode]

dnf5 needs-restarting will list these packages and exit with code 1 to indicate a reboot is needed.

Would it be possible the reverse the exit codes? Now the codes match to "does-not-need-restart" question.

Hmm, yes using code 0 (truthy) to mean "no restart" does make scripts read a bit awkward, I see your point:

if dnf5 needs-restarting; then
  echo The system DOES NOT need a reboot
fi

Similar tools like tracer, Debian's checkrestart, and dnf4 needs-restarting use these exit codes though, so I think still it would be best to keep consistent with them. checkrestart mentions the exit code may be consumed by monitoring tools like Nagios, where the convention is "exit zero is good".

I think of "no reboot needed" as the default, unsurprising, comfortable result and "reboot needed" as the less common result that needs to be handled. The exit codes make more sense from that perspective.

[evan-goode]

Alright, I think this is ready for review now.

[jan-kolarik]

LGTM, thanks for the cooperation! 🙂

One more thing: as already mentioned, the existing tests in the CI stack do not cover all functionalities provided by this new DNF5 version of the needs-restarting plugin, particularly regarding the reboot suggested packages. I believe the updateinfo metadata can be mocked for this purpose, allowing us to create testing data and write the necessary tests using the current state of the CI stack.

Please create a follow-up issue in the CI stack to ensure we address this.

[jan-kolarik]

Oh, I just realized that the existing tests aren't being executed for dnf5 at the moment. We should attempt to reuse at least some of them.

[evan-goode]

CI PR: rpm-software-management/ci-dnf-stack#1403

[kontura]

Just a couple minor typos, otherwise LGTM.

Also I believe the changes in rpm/nevra.hpp are technically not longer needed but we can keep them if you think they might be useful in the future.

[evan-goode]

Just a couple minor typos, otherwise LGTM.

Also I believe the changes in rpm/nevra.hpp are technically not longer needed but we can keep them if you think they might be useful in the future.

True, I think we might as well keep them.

[jan-kolarik]

I just noticed the tmp commit present in the PR, probably an oversight... 🙂

[evan-goode]

I just noticed the tmp commit present in the PR, probably an oversight... 🙂

Sigh... thank you. One more force push...

[jan-kolarik]

I just noticed the tmp commit present in the PR, probably an oversight... 🙂

Sigh... thank you. One more force push...

Great and thank you for your patience with such an exhaustive review 🙂 I believe we can proceed with the merge now, as Ales mentioned only minor typos.