ignore stanzas have no effect on bootstrap package sections

OSInside / kiwi

KIWI - Appliance Builder Next Generation

https://osinside.github.io/kiwi

GNU General Public License v3.0

300 stars 152 forks source link

ignore stanzas have no effect on bootstrap package sections #2499

Closed Conan-Kudo closed 6 months ago

Conan-Kudo commented 7 months ago

Problem description

When trying to declare a package to be excluded at bootstrap phase, kiwi ignores it and does not pass it on to the package manager.

Expected behavior

When adding an ignore stanza in a bootstrap package install section, it should take effect.

Steps to reproduce the behavior

Add an "ignore" stanza to the bootstrap package install section of a description.

One such example can be applied to fedora-kiwi-descriptions:

diff --git a/components/boot.xml b/components/boot.xml
index fb313fb..c330029 100644
--- a/components/boot.xml
+++ b/components/boot.xml
@@ -3,6 +3,9 @@
        <profile name="BootCore" description="Boot core packages"/>
        <profile name="BootCoreUKI" description="Boot core packages for UKI"/>
    </profiles>
+   <packages type="bootstrap" patternType="plusRecommended" profiles="BootCore,BootCoreUKI">
+       <ignore name="sdubby"/>
+   </packages>
    <packages type="image" patternType="plusRecommended" profiles="BootCore">
        <package name="grub2-efi-aa64" arch="aarch64"/>
        <package name="grub2-efi-aa64-modules" arch="aarch64"/>

OS and Software information

KIWI version: 9.25.21
Operating system host version: Fedora 40
Operating system target version: Fedora 40
Open Build Service version (N/A if not using OBS): N/A
Koji version (N/A if not using Koji): 1.34.0

debarshiray commented 7 months ago

I ran into this while testing the KIWI descriptions of the fedora-toolbox image.

The Kickstart equivalent of the fedora-toolbox images uses the -foo notation a lot, and, sometimes, it's more important than merely fine tuning the package set to balance features with size. eg., to make DNS resolution to work within the container across hosts that use and don't systemd-resolved(8).

One of the weak dependencies of the systemd RPM is systemd-resolved, and having it installed within the container messes up /etc/resolv.conf in a way that breaks DNS resolution inside the container on hosts that don't use systemd-resolved(8). One solution is to filter out the systemd-resolved RPM.

The other solution is to make the toolbox(1) binary more resilient. However, like anything with two moving parts, it's always better to fix both to maximize user satisfaction.

Conan-Kudo commented 7 months ago

A potential workaround for now would be to use the uninstall phase to clean out anything you don't want.

debarshiray commented 6 months ago

A potential workaround for now would be to use the uninstall phase to clean out anything you don't want.

This works for now.

It's worth noting that the outcome of not installing a package is different from installing it and then uninstalling. In the case of the systemd-resolved, if it's never installed then /etc/resolv.conf is a regular file, but if it's installed and then removed then there's no /etc/resolv.conf at all. This doesn't seem to break anything right now, but who knows what will happen in the future.

debarshiray commented 6 months ago

Is this really fixed?

The KIWI descriptions of the fedora-toolbox image have:

<packages type="bootstrap" patternType="plusRecommended" profiles="Container-Toolbox">
    <ignore name="pinentry"/>
    ...

... but I still see pinentry getting pulled into the image, which is latter uninstalled by the above workaround.

schaefi commented 6 months ago

Hmm, no it's not fixed, my bad

debarshiray commented 5 months ago

Just checked the images built with KIWI 10.0.11, and I can confirm that this is indeed fixed now. Thanks everybody!