Closed sozercan closed 2 months ago
This bug was introduced with PR #254 . Specifically, it's this commit https://github.com/adamperlin/dalec/commit/c91c9bae5812aacf34c8e2aedbef118e047658c3, although I can't yet fathom why
What is happening is that the presence of the %post
, %preun
, or %postun
causes /bin/sh
to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts.
without %post:
$ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
with %post:
$ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm
/bin/sh
/bin/sh
/bin/sh
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rpmlib(PayloadIsZstd) <= 5.4.18-1
The bash
package supplies /bin/sh
, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed.
The short-term solution is to not emit %post
, %preun
, or %postun
when no postinstall scripts or systemd services are specified.
The longer-term solution involves
noop
when the output is a containerI am not sure if tdnf
allows for the installation of a package without running postinstall scripts. If not, we should consider contributing that upstream while creating a workaround within dalec.
@adamperlin is this issue fixed? do we just need to add the tests? if so, i can close this issue and we'll have #303 tracking tests
@adamperlin is this issue fixed? do we just need to add the tests? if so, i can close this issue and we'll have #303 tracking tests
Yes this is fixed now due to #299! I think the fix in #299 is what we'll go with for the time being.
Ok closing this one. We'll continue in #303
Expected Behavior
minimal base image with only the component we are building and/or supplied in runtime
Actual Behavior
i expected a minimal base image but looking at the /usr/bin contents, there are a lot of files
https://oci.dag.dev/layers/sozercan/oras@sha256:0137bd96038e5a7edd4c3114e45997b27dcaed83b906230a3943b1c161b76d8b/usr/bin/
Steps To Reproduce
Are you willing to submit PRs to contribute to this bug fix?