search

chainguard-dev / apko

Build OCI images from APK packages directly without Dockerfile
https://apko.dev
Apache License 2.0
1.21k stars 125 forks source link

conflicts not properly processed #687

Open kaniini opened 1 year ago

kaniini commented 1 year ago

consider the following configuration:

contents:
    keyring:
        - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
    repositories:
        - https://packages.wolfi.dev/os
    packages:
        - '!py3.10-installer'
        - binutils
        - build-base
        - busybox
        - ca-certificates-bundle
        - py3-gpep517
        - py3-setuptools
        - python3
        - scanelf
        - wget
        - wolfi-base

We get the error: buildImage failed: installing apk packages: error getting package dependencies: could not find package, alias or a package that provides !py3.10-installer in indexes

But !py3.10-installer is a valid dependency for /etc/apk/world, and should be taken as a constraint that py3.10-installer should never be installed.

deitch commented 1 year ago

I had thought this was handled, but I was incorrect. We handled the ! for a package's dependencies, not for the package itself.

What is the correct logic for handling this, and what would be valid tests? Obviously, testing includes a case that triggers "required not installed, yet installed" and another case that has "required not install, and was not installed". But how do we construct scenarios that trigger that?

should be taken as a constraint that py3.10-installer should never be installed.

What does "never" mean? That it cannot appear later in the list? Or that nothing can depend on it? Does it mean that we add it to the "conflicts" list, and if it comes up later (or earlier), we have an error?