search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:
https://repo.saltproject.io/
Apache License 2.0
13.98k stars 5.47k forks source link

[BUG] salt v3007.1 onedir rpm package dependencies break the system #66604

Open danny-smit opened 1 month ago

danny-smit commented 1 month ago

Description

The salt 3007.1 onedir rpm package comes with a big list of provides:

$> rpm -q --provides salt
config(salt) = 3007.1-0
lib_pydantic_core.so()(64bit)
libbz2.so.1.0()(64bit)
libcom_err.so.3()(64bit)
libcom_err.so.3(HIDDEN)(64bit)
libcom_err.so.3(com_err_3_MIT)(64bit)
libcrypt.so.1()(64bit)
libcrypt.so.1(GLIBC_2.2.5)(64bit)
libcrypt.so.1(OW_CRYPT_1.0)(64bit)
libcrypt.so.1(XCRYPT_2.0)(64bit)
libcrypt.so.1(XCRYPT_4.3)(64bit)
libcrypt.so.1(XCRYPT_4.4)(64bit)
libcrypto.so.3()(64bit)
libcrypto.so.3(OPENSSL_3.0.0)(64bit)
libcrypto.so.3(OPENSSL_3.0.3)(64bit)
libcrypto.so.3(OPENSSL_3.0.8)(64bit)
libcrypto.so.3(OPENSSL_3.0.9)(64bit)
libcrypto.so.3(OPENSSL_3.1.0)(64bit)
libcrypto.so.3(OPENSSL_3.2.0)(64bit)
libcryptography_rust.so()(64bit)
libffi.so.8()(64bit)
libffi.so.8(LIBFFI_BASE_8.0)(64bit)
libffi.so.8(LIBFFI_CLOSURE_8.0)(64bit)
libffi.so.8(LIBFFI_COMPLEX_8.0)(64bit)
libffi.so.8(LIBFFI_GO_CLOSURE_8.0)(64bit)
libformw.so.6()(64bit)
libgdbm.so.6()(64bit)
libgdbm_compat.so.4()(64bit)
libgssapi_krb5.so.2()(64bit)
libgssapi_krb5.so.2(HIDDEN)(64bit)
libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
libgssrpc.so.4()(64bit)
libgssrpc.so.4(HIDDEN)(64bit)
libgssrpc.so.4(gssrpc_4_MIT)(64bit)
libhistory.so.8()(64bit)
libk5crypto.so.3()(64bit)
libk5crypto.so.3(HIDDEN)(64bit)
libk5crypto.so.3(k5crypto_3_MIT)(64bit)
libkadm5clnt_mit.so.12()(64bit)
libkadm5clnt_mit.so.12(HIDDEN)(64bit)
libkadm5clnt_mit.so.12(kadm5clnt_mit_12_MIT)(64bit)
libkadm5srv_mit.so.12()(64bit)
libkadm5srv_mit.so.12(HIDDEN)(64bit)
libkadm5srv_mit.so.12(kadm5srv_mit_12_MIT)(64bit)
libkdb5.so.10()(64bit)
libkdb5.so.10(HIDDEN)(64bit)
libkdb5.so.10(kdb5_10_MIT)(64bit)
libkrad.so.0()(64bit)
libkrad.so.0(HIDDEN)(64bit)
libkrad.so.0(krad_0_MIT)(64bit)
libkrb5.so.3()(64bit)
libkrb5.so.3(HIDDEN)(64bit)
libkrb5.so.3(krb5_3_MIT)(64bit)
libkrb5support.so.0()(64bit)
libkrb5support.so.0(HIDDEN)(64bit)
libkrb5support.so.0(krb5support_0_MIT)(64bit)
liblzma.so.5()(64bit)
liblzma.so.5(XZ_5.0)(64bit)
liblzma.so.5(XZ_5.1.2alpha)(64bit)
liblzma.so.5(XZ_5.2)(64bit)
liblzma.so.5(XZ_5.2.2)(64bit)
liblzma.so.5(XZ_5.4)(64bit)
libmenuw.so.6()(64bit)
libncursesw.so.6()(64bit)
libpanelw.so.6()(64bit)
libreadline.so.8()(64bit)
libsqlite3.so.0()(64bit)
libssl.so.3()(64bit)
libssl.so.3(OPENSSL_3.0.0)(64bit)
libssl.so.3(OPENSSL_3.2.0)(64bit)
libtinfow.so.6()(64bit)
libtirpc.so.3()(64bit)
libtirpc.so.3(TIRPC_0.3.0)(64bit)
libtirpc.so.3(TIRPC_0.3.1)(64bit)
libtirpc.so.3(TIRPC_0.3.2)(64bit)
libtirpc.so.3(TIRPC_0.3.3)(64bit)
libtirpc.so.3(TIRPC_PRIVATE)(64bit)
libuuid.so.1()(64bit)
libverto.so.0()(64bit)
libverto.so.0(HIDDEN)(64bit)
libverto.so.0(verto_0_MIT)(64bit)
libz.so.1()(64bit)
libz.so.1(ZLIB_1.2.0)(64bit)
libz.so.1(ZLIB_1.2.0.2)(64bit)
libz.so.1(ZLIB_1.2.0.8)(64bit)
libz.so.1(ZLIB_1.2.12)(64bit)
libz.so.1(ZLIB_1.2.2)(64bit)
libz.so.1(ZLIB_1.2.2.3)(64bit)
libz.so.1(ZLIB_1.2.2.4)(64bit)
libz.so.1(ZLIB_1.2.3.3)(64bit)
libz.so.1(ZLIB_1.2.3.4)(64bit)
libz.so.1(ZLIB_1.2.3.5)(64bit)
libz.so.1(ZLIB_1.2.5.1)(64bit)
libz.so.1(ZLIB_1.2.5.2)(64bit)
libz.so.1(ZLIB_1.2.7.1)(64bit)
libz.so.1(ZLIB_1.2.9)(64bit)
libzmq.cpython-310-x86_64-linux-gnu.so()(64bit)
salt = 3007.1
salt = 3007.1-0
salt(x86-64) = 3007.1-0

However these dependencies are hidden in the onedir structure and therefore not really available for the OS after installation of the salt package.

In fact, whenever an OS package is installed that requires one of the dependencies that salt claims to fulfill in this list of "provides", the salt package is installed instead of the OS package. This leads to a broken system. Especially when salt is installed together with the other OS packages during the kickstart phase of a new OS installation, it then even breaks the rpm command itself.

Setup

Tested both on both older and newer OS versions: CentOS 7, Almalinux 9

Steps to Reproduce the behavior

Expected behavior

The onedir rpm package should not claim to "provide" all kinds of libraries that are not available for the OS.

Versions Report

salt v3007.1

Additional context

Maybe this change is related: https://github.com/saltstack/salt/commit/975c2a439b2b77d6acec6271321f9fb56cf10139

76creates commented 1 month ago

Looks like similar issue happens when running bootstrap script on Ubuntu 24 fails as well with:

Hit:1 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu noble InRelease
Hit:2 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:3 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu noble-security InRelease
Ign:5 https://repo.saltproject.io/salt/py3/ubuntu/24.04/amd64/minor/3007.1 trusty InRelease
Err:6 https://repo.saltproject.io/salt/py3/ubuntu/24.04/amd64/minor/3007.1 trusty Release
  404  Not Found [IP: 143.204.98.62 443]
Reading package lists...
 * ERROR: Failed to run install_ubuntu_onedir_deps()!!!

Also as Im new to Salt, I have to add that I ran ./bootstrap-salt.sh -M -P stable 3007.1, I saw "onedir" release option but used "stable" not sure if this is related, but leaving this here as extra info.

danny-smit commented 1 month ago

Looks like similar issue happens when running bootstrap script on Ubuntu 24 fails as well with:

It is not the same, the bootstrap script doesn't support Ubuntu 24 yet. There is an open pull request to implement that: https://github.com/saltstack/salt-bootstrap/pull/2001

76creates commented 1 month ago

Looks like similar issue happens when running bootstrap script on Ubuntu 24 fails as well with:

It is not the same, the bootstrap script doesn't support Ubuntu 24 yet. There is an open pull request to implement that: saltstack/salt-bootstrap#2001

Ah ok, thank you, just starting out using Salt and this bootstrap script ⚡

jcpearson commented 4 weeks ago

This problem also effects v3006.8 ...

No idea how something as fundamental as this got past QA ???

whytewolf commented 4 weeks ago

@dwoz pretty sure the spec change in https://github.com/saltstack/salt/pull/66403 is what broke it.

TOoSmOotH commented 4 weeks ago

We are seeing this as well in 3006.8 when we were staging it for an upgrade.

dwoz commented 4 weeks ago

@dwoz pretty sure the spec change in #66403 is what broke it.

Seems legit. Though not entirely sure why since all those shared objects should be under lib/

jcpearson commented 4 weeks ago

The update in https://github.com/saltstack/salt/pull/66403 changes the regexs from ^.*\\.so.*$ to ^lib/.*\\.so.*$ - shouldn't that be to ^lib.*\\.so.*$ ?

i.e. is it matching filenames of the type libxyz.so.N ?

Or if matching files in a lib/ sub directory, then shouldn't it be to ^.*/lib/.*\\.so.*$ (or ^.*/lib/lib.*\\.so.*$) ?