Arch Linux container's extra-packages doesn't need diffutils and keyutils

[averms]

Describe the bug

Both are already installed in the official docker.io/library/archlinux:base-devel container that we build off of because they are (transitive) dependencies of base and base-devel.

[debarshiray]

Unless this is breaking the build for the arch-toolbox image, I don't have an opinion. It's a trade-off between being defensive against intended packages going missing because of changes in other parts of the distribution and being too verbose. I will let @Foxboron decide.

One option, regardless of the above, is to add some tests to the image build to ensure that the intended files are really present. We have something similar for the fedora-toolbox images. We put a list of path globs in an file called ensure-files, and have this snippet in the Container/Dockerfile:

COPY ensure-files /
RUN ret_val=0; \
  while read file; do \
    if ! compgen -G "$file" >/dev/null; then \
      echo "$file: No such file or directory" >&2; \
      ret_val=1; \
      break; \
    fi; \
  done <ensure-files; \
  if [ "$ret_val" -ne 0 ]; then \
    false; \
  fi
RUN rm /ensure-files

Note that this assumes that the image layers are squashed as part of the build.

[Foxboron]

The packages are installed with --needed so we are not reinstalling packages that are already present on the image. Instead of depending on these being included transitively we should rather be explicit about what we actually need. Less headache for us when upstream (Arch) is changing stuff unexpectedly.

I don't really consider this a bug.

[averms]

Fair enough.