chef 19.2.12 → 19.3.14

data/lib/chef/property.rb

@@ -698,7 +698,7 @@ class Chef
       # Weeding out class methods avoids unnecessary deprecations such Chef::Resource
       # defining a `name` property when there's an already-existing `name` method
       # for a Module.
-      return false unless declared_in.instance_methods.include?(name)
+      return false unless declared_in.method_defined?(name)
 
       # Only emit deprecations for some well-known classes. This will still
       # allow more advanced users to subclass their own custom resources and

data/lib/chef/provider/file/content.rb

@@ -24,9 +24,10 @@ class Chef
     class File
       class Content < Chef::FileContentManagement::ContentBase
         def file_for_provider
-          if @new_resource.content
+          content = @new_resource.content
+          if content
             tempfile = Chef::FileContentManagement::Tempfile.new(@new_resource).tempfile
-            tempfile.write(@new_resource.content)
+            tempfile.write(content)
             tempfile.close
             tempfile
           else

data/lib/chef/provider/file.rb

@@ -197,7 +197,7 @@ class Chef
       # be overridden in subclasses.
       def managing_content?
         return true if new_resource.checksum
-        return true if !new_resource.content.nil? && @action != :create_if_missing
+        return true if new_resource.property_is_set?(:content) && @action != :create_if_missing
 
         false
       end
@@ -472,11 +472,14 @@ class Chef
       end
 
       def load_resource_attributes_from_file(resource)
-        if ChefUtils.windows?
+        if ChefUtils.windows? && !Chef::Config.target_mode?
           # This is a work around for CHEF-3554.
           # OC-6534: is tracking the real fix for this workaround.
           # Add support for Windows equivalent, or implicit resource
           # reporting won't work for Windows.
+          # In target mode on Windows, we still read remote attributes via
+          # TargetIO (ScanAccessControl is TargetIO-aware), so idempotency
+          # checks work correctly when targeting a remote Linux host.
           return
         end
 

data/lib/chef/provider/ifconfig/redhat.rb

@@ -22,7 +22,7 @@ class Chef
   class Provider
     class Ifconfig
       class Redhat < Chef::Provider::Ifconfig
-        provides :ifconfig, platform_family: "fedora_derived", target_mode: true
+        provides :ifconfig, platform_family: %w{fedora rhel amazon}, target_mode: true
 
         def initialize(new_resource, run_context)
           super(new_resource, run_context)

data/lib/chef/provider/package/dnf/dnf_helper.py

@@ -1,22 +1,97 @@
 #!/usr/bin/env python3
-# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4
+#
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright:: Copyright (c) 2026 Meta Platforms, Inc.
+# Copyright:: Copyright (c) 2026 Phil Dibowitz
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
 
 import sys
-import dnf
-import hawkey
 import signal
 import os
 import json
 
+# to enable debug logging, set the CHEF_DNF_HELPER_DEBUG_FILE environment
+# variable to a file path
+DEBUG_FILE = os.environ.get("CHEF_DNF_HELPER_DEBUG_FILE", None)
+
+# Try to import dnf5 first, fall back to dnf4
+try:
+    import libdnf5
+    import rpm
+
+    DNF_VERSION = 5
+except ImportError:
+    try:
+        import dnf
+        import hawkey
+
+        DNF_VERSION = 4
+    except ImportError:
+        raise RuntimeError(
+            "Neither dnf5 (libdnf5) nor dnf4 (dnf) libraries are available"
+        )
+
 base = None
 
-def get_sack():
+
+def get_base_dnf5(command):
+    global base
+    if base is None:
+        base = libdnf5.base.Base()
+
+        # Load configuration
+        base.load_config()
+
+        # Set up vars
+        base.setup()
+
+        # Load repositories
+        repo_sack = base.get_repo_sack()
+        repo_sack.create_repos_from_system_configuration()
+
+        if "repos" in command:
+            for repo_pattern in command["repos"]:
+                if "enable" in repo_pattern:
+                    query = libdnf5.repo.RepoQuery(base)
+                    query.filter_id(
+                        repo_pattern["enable"], libdnf5.common.QueryCmp_GLOB
+                    )
+                    for repo in query:
+                        repo.enable()
+                if "disable" in repo_pattern:
+                    query = libdnf5.repo.RepoQuery(base)
+                    query.filter_id(
+                        repo_pattern["disable"], libdnf5.common.QueryCmp_GLOB
+                    )
+                    for repo in query:
+                        repo.disable()
+
+        # Load repositories and create solv files
+        repo_sack.load_repos()
+
+    return base
+
+
+def get_sack_dnf4(command):
     global base
     if base is None:
         base = dnf.Base()
         conf = base.conf
         conf.read()
-        conf.installroot = '/'
+        conf.installroot = "/"
         conf.assumeyes = True
         subst = conf.substitutions
         subst.update_from_etc(conf.installroot)
@@ -28,136 +103,350 @@ def get_sack():
         base.read_all_repos()
         repos = base.repos
 
-        if 'repos' in command:
-            for repo_pattern in command['repos']:
-                if 'enable' in repo_pattern:
-                    for repo in repos.get_matching(repo_pattern['enable']):
+        if "repos" in command:
+            for repo_pattern in command["repos"]:
+                if "enable" in repo_pattern:
+                    for repo in repos.get_matching(repo_pattern["enable"]):
                         repo.enable()
-                if 'disable' in repo_pattern:
-                    for repo in repos.get_matching(repo_pattern['disable']):
+                if "disable" in repo_pattern:
+                    for repo in repos.get_matching(repo_pattern["disable"]):
                         repo.disable()
 
         try:
             base.configure_plugins()
         except AttributeError:
             pass
-        base.fill_sack(load_system_repo='auto')
+        base.fill_sack(load_system_repo="auto")
     return base.sack
 
-# FIXME: leaks memory and does not work
-def flushcache():
-    try:
-        os.remove('/var/cache/dnf/@System.solv')
-    except OSError:
-        pass
-    get_sack().load_system_repo(build_cache=True)
+
+def get_sack(command):
+    if DNF_VERSION == 5:
+        return get_base_dnf5(command)
+    else:
+        return get_sack_dnf4(command)
+
 
 def version_tuple(versionstr):
-    e = '0'
+    e = "0"
     v = None
     r = None
-    colon_index = versionstr.find(':')
+    colon_index = versionstr.find(":")
     if colon_index > 0:
         e = str(versionstr[:colon_index])
-    dash_index = versionstr.find('-')
+    dash_index = versionstr.find("-")
     if dash_index > 0:
-        tmp = versionstr[colon_index + 1:dash_index]
-        if tmp != '':
+        tmp = versionstr[colon_index + 1 : dash_index]
+        if tmp != "":
             v = tmp
-        arch_index = versionstr.rfind('.', dash_index)
+        arch_index = versionstr.rfind(".", dash_index)
         if arch_index > 0:
-            r = versionstr[dash_index + 1:arch_index]
+            r = versionstr[dash_index + 1 : arch_index]
         else:
-            r = versionstr[dash_index + 1:]
+            r = versionstr[dash_index + 1 :]
     else:
-        tmp = versionstr[colon_index + 1:]
-        if tmp != '':
+        tmp = versionstr[colon_index + 1 :]
+        if tmp != "":
             v = tmp
     return (e, v, r)
 
-def versioncompare(versions):
-    sack = get_sack()
+
+# If we pass in 0:1.10 and 1.2 to the dnf5 libraries, it won't compare
+# them correctly, they both need to have epochs or not have epochs. However,
+# unlike dnf4 libraries, it they don't take tuples, so use version_tuple to
+# canonicalize the parts of the version, then reassemble them into a full EVR
+# string.
+def version_canonicalize(versionstr):
+    e, v, r = version_tuple(versionstr)
+    return f"{e}:{v}-{r}"
+
+
+def versioncompare(command):
+    versions = command["versions"]
+    sack = get_sack(command)
     if (versions[0] is None) or (versions[1] is None):
-        outpipe.write('0\n')
+        outpipe.write("0\n")
         outpipe.flush()
     else:
-        evr_comparison = dnf.rpm.rpm.labelCompare(version_tuple(versions[0]), version_tuple(versions[1]))
-        outpipe.write('{}\n'.format(evr_comparison))
+        if DNF_VERSION == 4:
+            evr_comparison = dnf.rpm.rpm.labelCompare(
+                version_tuple(versions[0]), version_tuple(versions[1])
+            )
+            outpipe.write("{}\n".format(evr_comparison))
+        else:
+            # dnf5 version comparison - rpmvercmp handles full EVR strings
+            cmp_result = libdnf5.rpm.rpmvercmp(
+                version_canonicalize(versions[0]),
+                version_canonicalize(versions[1]),
+            )
+            outpipe.write("{}\n".format(cmp_result))
         outpipe.flush()
 
-def query(command):
-    sack = get_sack()
 
-    subj = dnf.subject.Subject(command['provides'])
+def query_dnf4(command):
+    sack = get_sack(command)
+
+    subj = dnf.subject.Subject(command["provides"])
     q = subj.get_best_query(sack, with_provides=True)
 
-    if command['action'] == "whatinstalled":
+    if command["action"] == "whatinstalled":
         # When attempting to figure out what is installed, we should ignore any
         # excludes that are configured, otherwise the "best" query for a given
         # subject may refer to a package that is installed that provides that
         # subject, but we really want to know if a package by that name exists
         # in any available repository
-        q = subj.get_best_query(sack, with_provides=True, query=sack.query(flags=hawkey.IGNORE_EXCLUDES))
-
+        q = subj.get_best_query(
+            sack,
+            with_provides=True,
+            query=sack.query(flags=hawkey.IGNORE_EXCLUDES),
+        )
         q = q.installed()
 
-    if command['action'] == "whatavailable":
+    if command["action"] == "whatavailable":
         q = q.available()
 
-    if 'epoch' in command:
+    if "epoch" in command:
         # We assume that any glob is "*" so just omit the filter since the dnf libraries have no
         # epoch__glob filter.  That means "?" wildcards in epochs will fail.  The workaround is to
         # not use the version filter here but to put the version with all the globs in the package name.
-        if not dnf.util.is_glob_pattern(command['epoch']):
-            q = q.filterm(epoch=int(command['epoch']))
-    if 'version' in command:
-        if dnf.util.is_glob_pattern(command['version']):
-            q = q.filterm(version__glob=command['version'])
+        if not dnf.util.is_glob_pattern(command["epoch"]):
+            q = q.filterm(epoch=int(command["epoch"]))
+    if "version" in command:
+        if dnf.util.is_glob_pattern(command["version"]):
+            q = q.filterm(version__glob=command["version"])
         else:
-            q = q.filterm(version=command['version'])
-    if 'release' in command:
-        if dnf.util.is_glob_pattern(command['release']):
-            q = q.filterm(release__glob=command['release'])
+            q = q.filterm(version=command["version"])
+    if "release" in command:
+        if dnf.util.is_glob_pattern(command["release"]):
+            q = q.filterm(release__glob=command["release"])
         else:
-            q = q.filterm(release=command['release'])
+            q = q.filterm(release=command["release"])
 
-    if 'arch' in command:
-        if dnf.util.is_glob_pattern(command['arch']):
-            q = q.filterm(arch__glob=command['arch'])
+    if "arch" in command:
+        if dnf.util.is_glob_pattern(command["arch"]):
+            q = q.filterm(arch__glob=command["arch"])
         else:
-            q = q.filterm(arch=command['arch'])
+            q = q.filterm(arch=command["arch"])
 
     # only apply the default arch query filter if it returns something
-    archq = q.filter(arch=[ 'noarch', hawkey.detect_arch() ])
+    archq = q.filter(arch=["noarch", hawkey.detect_arch()])
     if len(archq.run()) > 0:
         q = archq
 
     pkgs = q.latest(1).run()
 
     if not pkgs:
-        outpipe.write('{} nil nil\n'.format(command['provides'].split().pop(0)))
+        outpipe.write("{} nil nil\n".format(command["provides"].split().pop(0)))
         outpipe.flush()
     else:
         # make sure we picked the package with the highest version
         pkgs.sort
         pkg = pkgs.pop()
-        outpipe.write('{} {}:{}-{} {}\n'.format(pkg.name, pkg.epoch, pkg.version, pkg.release, pkg.arch))
+        outpipe.write(
+            "{} {}:{}-{} {}\n".format(
+                pkg.name, pkg.epoch, pkg.version, pkg.release, pkg.arch
+            )
+        )
+        outpipe.flush()
+
+
+def log(message):
+    if DEBUG_FILE is None:
+        return
+    with open(DEBUG_FILE, "a") as f:
+        f.write(message + "\n")
+
+
+def query_dnf5(command):
+    """
+    Query dnf5 for package information based on the command dict.
+
+    This method does a fair amount of work to try to mimic the behavior
+    of "dnf install <foo>". In the DNF4 world, this functionality was
+    exposed through the dnf.subject.Subject class. In DNF5, this functionality
+    is internal to the Goal class, which you can use, but then you can't get
+    a list of matching packages out of - you can simply ask the goal to be
+    resolved to a package transaction, and then run or not run that transaction.
+
+    So instead we combine the nevra filtering and provides filtering to mimic
+    the behavior of being able to handle anything that could be passed to
+    "dnf install <foo>".
+
+    Some of the cases we handle are:
+    - name only: "foo"
+    - name and arch: "foo.x86_64"
+    - name and version: "foo-1.2"
+    - name, version, release: "foo-1.2-3"
+    - name, version, release, arch: "foo-1.2-3.x
+    - name with version constraint: "foo >= 1.2"
+    - globs: "foo*", "foo-1.2*", "foo-1.2-3*", "foo-1*.*", etc.
+
+    A full exercising of this functionality testing all known cases is
+    in the unittest for the DNF provider.
+    """
+    base = get_sack(command)
+    q = libdnf5.rpm.PackageQuery(base)
+
+    # First, we need to know if this parses as a nevra or not, which will
+    # inform the rest of our decision tree.
+    provides_str = command["provides"]
+    try:
+        nevra_vector = libdnf5.rpm.Nevra.parse(provides_str)
+    except libdnf5.exception.RpmNevraIncorrectInputError:
+        # when parse() throws an this exception, it's because there's spaces,
+        # or other special characters in it, and the only valid things passed
+        # to us that fit that category are constrains like: "foo >= 1.2". So
+        # parse it as one of those, add the constraint to the query, and update
+        # the name we search for to the parsed name
+        nevra_vector = []
+        reldep = libdnf5.rpm.Reldep(base, provides_str)
+        provides_str = reldep.get_name()
+        q.filter_provides(reldep)
+
+    # unlike the old subject based query, filter_nevra doesn't handle
+    # the <name>.<arch> case properly. Further, adding * to arch causes
+    # weirdness. So, we detect the arch suffix, and strip it off and add
+    # it to the direct arch filter.
+    #
+    # Unfortunately, since we want to support nearly any possible combination
+    # of name, version, release, arch with globs, we have to do some extra work
+    # here. parse() will give us an iterable list of possible interpretations
+    # of the string. That can include dumb things like for "foo-1.2" the
+    # possibility that "2" is an arch. So, we take the arch and see if it's
+    # a compatible arch with us (e.g. x86_64 and i686 on x86_64 systems). If
+    # we find one that matches, we use that, rip the arch off, add it to the
+    # filters.
+    #
+    # While there may be other entries in the list that are (more) correct,
+    # it doesn't matter, we're only need to detect if a valid arch was specified
+    # so we can handle that manually.
+    nevra = None
+    for n in nevra_vector:
+        log(
+            f"  => Possible interpretation: n:{n.get_name()} v:{n.get_version()} r:{n.get_release()} a:{n.get_arch()}"
+        )
+        arch = n.get_arch()
+        if arch != "" and rpm.archscore(arch) > 0:
+            log(f"  => Selected interpretation with arch: {arch}")
+            nevra = n
+            break
+
+    # if we found a nevra with a valid arch, use that arch
+    if nevra is not None:
+        arch = nevra.get_arch()
+        name = nevra.get_name()
+        if arch and provides_str.endswith(arch):
+            command["arch"] = nevra.get_arch()
+            # strip of ".<arch>" from the end of provides_str
+            provides_str = provides_str[: -(len(arch) + 1)]
+
+    # in order to get the behavior of "dnf install <blah>" we have to add
+    # '*' to the end in order to make stuff like "chef_rpm-1.2" work.
+    if not provides_str.endswith("*"):
+        provides_str += "*"
+
+    log(f"  => provides_str after processing: {provides_str}")
+    log(f"  => command after processing: {command}")
+    if command["action"] == "whatinstalled":
+        q.filter_installed()
+
+    if command["action"] == "whatavailable":
+        q.filter_available()
+
+    # Apply version filters
+    if "epoch" in command:
+        if "*" not in command["epoch"] and "?" not in command["epoch"]:
+            q.filter_epoch(int(command["epoch"]))
+
+    if "version" in command:
+        if "*" in command["version"] or "?" in command["version"]:
+            q.filter_version(command["version"], libdnf5.common.QueryCmp_GLOB)
+        else:
+            q.filter_version(command["version"])
+
+    if "release" in command:
+        if "*" in command["release"] or "?" in command["release"]:
+            q.filter_release(command["release"], libdnf5.common.QueryCmp_GLOB)
+        else:
+            q.filter_release(command["release"])
+
+    if "arch" in command:
+        if "*" in command["arch"] or "?" in command["arch"]:
+            q.filter_arch(command["arch"], libdnf5.common.QueryCmp_GLOB)
+        else:
+            q.filter_arch(command["arch"])
+
+    # now, we try by nevra search, and *IF* that returns nothing, then
+    # do a provides search. Combined with the work above to handle various
+    # name conventions, this gets is roughly compatible with the old
+    # dnf4 "subject" calls.
+    nevra_q = libdnf5.rpm.PackageQuery(q)
+    nevra_q.filter_nevra(provides_str, libdnf5.common.QueryCmp_GLOB)
+    if not nevra_q.empty():
+        q = nevra_q
+    else:
+        q.filter_provides(provides_str, libdnf5.common.QueryCmp_GLOB)
+
+    # Filter by architecture (prefer noarch and native arch)
+    # Get the system architecture from vars
+    detected_arch = base.get_vars().get_value("arch")
+    archq = libdnf5.rpm.PackageQuery(q)
+    archq.filter_arch(["noarch", detected_arch])
+
+    if not archq.empty():
+        q = archq
+
+    # Get latest packages
+    q.filter_latest_evr()
+
+    pkgs = list(q)
+    log(f"  => pkgs from query: {pkgs}")
+
+    if not pkgs:
+        outpipe.write("{} nil nil\n".format(command["provides"].split().pop(0)))
         outpipe.flush()
+    else:
+        # Sort and get the highest version
+        pkgs.sort(
+            key=lambda p: (p.get_epoch(), p.get_version(), p.get_release()),
+            reverse=True,
+        )
+        pkg = pkgs[0]
+        outpipe.write(
+            "{} {}:{}-{} {}\n".format(
+                pkg.get_name(),
+                pkg.get_epoch(),
+                pkg.get_version(),
+                pkg.get_release(),
+                pkg.get_arch(),
+            )
+        )
+        outpipe.flush()
+
+
+def query(command):
+    if DNF_VERSION == 5:
+        query_dnf5(command)
+    else:
+        query_dnf4(command)
+
 
 # the design of this helper is that it should try to be 'brittle' and fail hard and exit in order
 # to keep process tables clean.  additional error handling should probably be added to the retry loop
 # on the ruby side.
 def exit_handler(signal, frame):
-    if base is not None:
+    if DNF_VERSION == 4 and base is not None:
         base.close()
     sys.exit(0)
 
+
 def setup_exit_handler():
     signal.signal(signal.SIGINT, exit_handler)
     signal.signal(signal.SIGHUP, exit_handler)
     signal.signal(signal.SIGPIPE, exit_handler)
     signal.signal(signal.SIGQUIT, exit_handler)
 
+
 if len(sys.argv) < 3:
     inpipe = sys.stdin
     outpipe = sys.stdout
@@ -185,14 +474,15 @@ try:
         except ValueError:
             raise RuntimeError("bad json parse")
 
-        if command['action'] == "whatinstalled":
+        log(f"COMMAND: {command}")
+        if command["action"] == "whatinstalled":
             query(command)
-        elif command['action'] == "whatavailable":
+        elif command["action"] == "whatavailable":
             query(command)
-        elif command['action'] == "versioncompare":
-            versioncompare(command['versions'])
+        elif command["action"] == "versioncompare":
+            versioncompare(command)
         else:
             raise RuntimeError("bad command")
 finally:
-    if base is not None:
+    if DNF_VERSION == 4 and base is not None:
         base.close()

data/lib/chef/provider/package/dnf/python_helper.rb

@@ -1,5 +1,8 @@
+#!/usr/bin/env python3
 #
 # Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright:: Copyright (c) 2026 Meta Platforms, Inc.
+# Copyright:: Copyright (c) 2026 Phil Dibowitz
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,10 +44,10 @@ class Chef
 
           def dnf_command
             # platform-python is used for system tools on RHEL 8 and is installed under /usr/libexec
+            py_cmd = "try:\n    import libdnf5\nexcept ImportError:\n    import dnf"
             @dnf_command ||= begin
-                               cmd = which("platform-python", "python", "python3", "python2", "python2.7", extra_path: "/usr/libexec") do |f|
-                                 shell_out("#{f} -c 'import dnf'").exitstatus == 0
-                               end
+                               executables = where("platform-python", "python", "python3", "python2", "python2.7", extra_path: "/usr/libexec")
+                               cmd = executables.find { |f| shell_out("#{f} -c '#{py_cmd}'").exitstatus == 0 }
                                raise Chef::Exceptions::Package, "cannot find dnf libraries, you may need to use yum_package" unless cmd
 
                                "#{cmd} #{DNF_HELPER}"

data/lib/chef/provider/package/dnf.rb

@@ -1,5 +1,7 @@
 #
 # Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright:: Copyright (c) 2026 Meta Platforms, Inc.
+# Copyright:: Copyright (c) 2026 Phil Dibowitz
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -62,6 +64,13 @@ class Chef
           @python_helper ||= PythonHelper.instance
         end
 
+        def dnf5?
+          @dnf5 ||= begin
+            dnf_version = shell_out!("dnf --version").stdout
+            dnf_version =~ /dnf5/i
+          end
+        end
+
         def load_current_resource
           flushcache if new_resource.flush_cache[:before]
 
@@ -138,14 +147,19 @@ class Chef
         # NB: the dnf_package provider manages individual single packages, please do not submit issues or PRs to try to add wildcard
         # support to lock / unlock.  The best solution is to write an execute resource which does a not_if `dnf versionlock | grep '^pattern`` kind of approach
         def lock_package(names, versions)
-          dnf("-d0", "-e0", "-y", options, "versionlock", "add", resolved_package_lock_names(names))
+          default_opts = dnf5? ? [] : %w{-d0 -e0}
+          dnf(default_opts, options, "versionlock", "add", resolved_package_lock_names(names))
         end
 
         # NB: the dnf_package provider manages individual single packages, please do not submit issues or PRs to try to add wildcard
         # support to lock / unlock.  The best solution is to write an execute resource which does a only_if `dnf versionlock | grep '^pattern`` kind of approach
         def unlock_package(names, versions)
-          # dnf versionlock delete on rhel6 needs the glob nonsense in the following command
-          dnf("-d0", "-e0", "-y", options, "versionlock", "delete", resolved_package_lock_names(names).map { |n| "*:#{n}-*" })
+          if dnf5?
+            dnf("-y", options, "versionlock", "delete", resolved_package_lock_names(names))
+          else
+            # dnf versionlock delete on rhel6 needs the glob nonsense in the following command
+            dnf("-d0", "-e0", "-y", options, "versionlock", "delete", resolved_package_lock_names(names).map { |n| "*:#{n}-*" })
+          end
         end
 
         private
@@ -167,8 +181,13 @@ class Chef
           @locked_packages ||=
             begin
               locked = dnf("versionlock", "list")
-              locked.stdout.each_line.map do |line|
-                line.sub(/-[^-]*-[^-]*$/, "").split(":").last.strip
+              if dnf5?
+                locked.stdout.each_line.select { |x| x.start_with?("Package name:") }
+                  .map { |line| line.split(": ").last.strip }
+              else
+                locked.stdout.each_line.map do |line|
+                  line.sub(/-[^-]*-[^-]*$/, "").split(":").last.strip
+                end
               end
             end
         end