Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ignore stanzas have no effect on bootstrap package sections #2499

Closed
Conan-Kudo opened this issue Mar 5, 2024 · 6 comments · Fixed by #2513 or #2521
Closed

ignore stanzas have no effect on bootstrap package sections #2499

Conan-Kudo opened this issue Mar 5, 2024 · 6 comments · Fixed by #2513 or #2521
Assignees
@schaefi
Labels
Bug
Projects
Fedora KIWI adoption

Comments

@Conan-Kudo
Copy link
Member

Problem description

When trying to declare a package to be excluded at bootstrap phase, kiwi ignores it and does not pass it on to the package manager.

Expected behavior

When adding an ignore stanza in a bootstrap package install section, it should take effect.

Steps to reproduce the behavior

Add an "ignore" stanza to the bootstrap package install section of a description.

One such example can be applied to fedora-kiwi-descriptions:

diff --git a/components/boot.xml b/components/boot.xml
index fb313fb..c330029 100644
--- a/components/boot.xml
+++ b/components/boot.xml
@@ -3,6 +3,9 @@
 		<profile name="BootCore" description="Boot core packages"/>
 		<profile name="BootCoreUKI" description="Boot core packages for UKI"/>
 	</profiles>
+	<packages type="bootstrap" patternType="plusRecommended" profiles="BootCore,BootCoreUKI">
+		<ignore name="sdubby"/>
+	</packages>
 	<packages type="image" patternType="plusRecommended" profiles="BootCore">
 		<package name="grub2-efi-aa64" arch="aarch64"/>
 		<package name="grub2-efi-aa64-modules" arch="aarch64"/>

OS and Software information

  • KIWI version: 9.25.21
  • Operating system host version: Fedora 40
  • Operating system target version: Fedora 40
  • Open Build Service version (N/A if not using OBS): N/A
  • Koji version (N/A if not using Koji): 1.34.0
@Conan-Kudo Conan-Kudo added the Bug label Mar 5, 2024
@debarshiray
Copy link

I ran into this while testing the KIWI descriptions of the fedora-toolbox image.

The Kickstart equivalent of the fedora-toolbox images uses the -foo notation a lot, and, sometimes, it's more important than merely fine tuning the package set to balance features with size. eg., to make DNS resolution to work within the container across hosts that use and don't systemd-resolved(8).

One of the weak dependencies of the systemd RPM is systemd-resolved, and having it installed within the container messes up /etc/resolv.conf in a way that breaks DNS resolution inside the container on hosts that don't use systemd-resolved(8). One solution is to filter out the systemd-resolved RPM.

The other solution is to make the toolbox(1) binary more resilient. However, like anything with two moving parts, it's always better to fix both to maximize user satisfaction.

@Conan-Kudo
Copy link
Member Author

A potential workaround for now would be to use the uninstall phase to clean out anything you don't want.

@debarshiray
Copy link

debarshiray commented Mar 11, 2024
edited

A potential workaround for now would be to use the uninstall phase to clean out anything you don't want.

This works for now.

It's worth noting that the outcome of not installing a package is different from installing it and then uninstalling. In the case of the systemd-resolved, if it's never installed then /etc/resolv.conf is a regular file, but if it's installed and then removed then there's no /etc/resolv.conf at all. This doesn't seem to break anything right now, but who knows what will happen in the future.

sharpenedblade pushed a commit to t2linux/fedora-iso that referenced this issue Mar 16, 2024
@debarshiray
teams/cloud/container: Install languages & weak dependencies for Toolbx
e448566 
The Container/Dockerfile and Kickstart equivalents of the fedora-toolbox
OCI images installed all locale definitions, translations, and weak
dependencies (barring exceptions) [1,2].  In fact, the Containerfile
tried very hard to restore any content that was stripped out by the
fedora base image.  Hence, the KIWI descriptions should do the same.

Sometimes, like in the case of the gawk and gawk-all-langpacks RPMs,
skipping weak dependencies also strips out translations.

The Kickstart files did this by decoupling fedora-container-common.ks
from fedora-container-common.ks [3], and this is the KIWI equivalent of
the same change.

The separate 'packages' elements of types 'bootstrap' and 'image' [4]
are no longer needed and have been fused into one.  This avoids the need
to specify the 'ignore' child elements separately.

This change has two workarounds that deserve mention.

First, enabling weak dependencies for the packages that used to come
from the ContainerCore profile pulls in systemd, and config.xml
specifies a keytable for all the KIWI descriptions.  These two combined
makes KIWI try to set the keymap/keytable using systemd-firstboot(1),
and it fails the build with:
  [ INFO    ]: Setting up keytable:
  [ DEBUG   ]: EXEC: [chroot /path/to/image-root systemd-firstboot --help]
  [ DEBUG   ]: EXEC: [chroot /path/to/image-root systemd-firstboot --keymap=us]
  [ DEBUG   ]: EXEC: Failed with stderr: Keymap us is not installed.
  , stdout: (no output on stdout)
  [ ERROR   ]: KiwiCommandError: chroot: stderr: Keymap us is not installed.
  , stdout: (no output on stdout)

This has been worked around by making the keymaps available during the
image build through the kbd-misc RPM, which is later uninstalled.

Second, KIWI isn't passing the 'ignore' child elements to DNF [5], and
hence they currently have no effect.  This has been worked around by
uninstalling the RPMs later.

Some noteworthy changes in the list of RPMs in the fedora-toolbox image
after this change:
   ...
  +gawk-all-langpacks-5.3.0-3.fc40.x86_64
   ...
  -glibc-2.39.9000-5.fc41.i686
  -glibc-gconv-extra-2.39.9000-5.fc41.i686
  -glibc-minimal-langpack-2.39.9000-5.fc41.x86_64
   ...
  -libgcc-14.0.1-0.8.fc41.i686
   ...
  +python-unversioned-command-3.12.2-2.fc41.noarch

They are all in line with the latest Kickstart equivalent of the image.

[1] https://src.fedoraproject.org/container/fedora-toolbox
    https://github.com/containers/toolbox/tree/main/images/fedora

[2] https://pagure.io/fedora-kickstarts/blob/main/f/fedora-container-toolbox.ks

[3] fedora-kickstarts commit 30f76d387d9e7f5c
    https://pagure.io/fedora-kickstarts/c/30f76d387d9e7f5c
    https://pagure.io/fedora-kickstarts/pull-request/1002

[4] https://osinside.github.io/kiwi/concept_and_workflow/packages.html

[5] OSInside/kiwi#2499

https://pagure.io/fedora-kiwi-descriptions/pull-request/21
@schaefi schaefi self-assigned this Mar 22, 2024
schaefi added a commit that referenced this issue Mar 22, 2024
@schaefi
Allow ignore stanza in bootstrap
1385187 
So far the <ignore> stanza was only effective when placed
as part of the type="image" packages section. This commit
allows to place it also to the type="bootstrap" packages.
This Fixes #2499
@schaefi schaefi mentioned this issue Mar 22, 2024
Merged
@debarshiray
Copy link

debarshiray commented Apr 2, 2024
edited

Is this really fixed?

The KIWI descriptions of the fedora-toolbox image have:

<packages type="bootstrap" patternType="plusRecommended" profiles="Container-Toolbox">
    <ignore name="pinentry"/>
    ...

... but I still see pinentry getting pulled into the image, which is latter uninstalled by the above workaround.

@schaefi
Copy link
Collaborator

schaefi commented Apr 3, 2024

Hmm, no it's not fixed, my bad

@schaefi schaefi reopened this Apr 3, 2024
schaefi added a commit that referenced this issue Apr 3, 2024
@schaefi
Make excludes in bootstrap effective for dnf
8f39d7f 
Followup fix to really use the ignore information in the dnf
package manager implementation. This Fixes #2499
@schaefi schaefi mentioned this issue Apr 3, 2024
Merged
@debarshiray
Copy link

Just checked the images built with KIWI 10.0.11, and I can confirm that this is indeed fixed now. Thanks everybody!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@schaefi schaefi

Labels
Bug
Projects
No open projects
Fedora KIWI adoption
Awaiting triage
Milestone
No milestone
3 participants
@Conan-Kudo @schaefi @debarshiray