RFE: Test/quality request - package installation with dangling symlinks should fail build

[smoser]

When a package is installed it should not have any dangling symlinks. Any dangling symlinks represent either pure broken package or missing dependency.

I saw such a thing today with google-cloud-sdk.

$ apk add google-cloud-sdk
$ apk list --installed google-cloud-sdk
google-cloud-sdk-469.0.0-r0 x86_64 {google-cloud-sdk} (Apache-2.0) [installed]

$ cd /
$ for f in $(apk info -L google-cloud-sdk); do
   [ -e "$f" ] || echo "$f"; done
usr/bin/anthoscli
usr/bin/gcloud-crc32c

$ ls -l usr/bin/anthoscli usr/bin/gcloud-crc32c
lrwxrwxrwx    1 root     root            41 May  8 19:41 usr/bin/anthoscli -> /usr/share/google-cloud-sdk/bin/anthoscli
lrwxrwxrwx    1 root     root            45 May  8 19:41 usr/bin/gcloud-crc32c -> /usr/share/google-cloud-sdk/bin/gcloud-crc32c

[smoser]

Some discussion in slack pointed at https://github.com/wolfi-dev/os/blob/main/java-common.yaml and https://github.com/wolfi-dev/os/blob/3e3471639307ac214e23b90f7839a859ae4e118c/keda-2.14.yaml#L70-L81 as examples.

java-common provides symlinks into /usr/bin for a bunch of things. keda-compat puts symlinks into / pointing at /usr/bin/keda. There are multiple things (fips) that implement keda, so you can re-use the keda-compat package.

I think there is still value here and we should allow metadata to override that. some allow-dangling-symlinks: keda, foo, bar