-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Don't emit rpm spec fields if empty in dalec spec #299
fix: Don't emit rpm spec fields if empty in dalec spec #299
Conversation
This PR prevents the fields `%post`, `%preun`, and `%postun` from being written to the rpm SPEC unless they are specified in the dalec spec. This is a short-term solution to the problem specified in Azure#298. Please see that issue for more details on the long-term solution. A short summary of the problem follows: What is happening is that the presence of the `%post`, `%preun`, or `%postun` causes `/bin/sh` to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts. _without %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` _with %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm /bin/sh /bin/sh /bin/sh rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` The `bash` package supplies `/bin/sh`, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed. Signed-off-by: Peter Engelbert <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, just a minor suggestion.
frontend/rpm/template.go
Outdated
serviceName := filepath.Base(servicePath) | ||
fmt.Fprintf(b, "%%systemd_preun %s\n", serviceName) | ||
} | ||
if w.Spec.Artifacts.Systemd == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: we can add a function like w.Spec.Artifacts.Systemd.IsEmpty()
That function can also do its own nil check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If w.Spec.Artifacts.Systemd
is nil, the method IsEmpty
can't be called on it, so it'll have to be a function and not a method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can call a method on a nil pointer:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can call a method on a nil pointer:
TIL, thanks!
When the target is a container, we don't need to enable systemd services. It's very uncommon to run systemd in a container. If someone asks for this, we can implement it. Signed-off-by: Peter Engelbert <[email protected]>
This reverts commit 45a72c7. This is probably not needed, since most specs destined for a container will not have systemd scripts anyway. Signed-off-by: Peter Engelbert <[email protected]>
Just a bit of tidying Signed-off-by: Peter Engelbert <[email protected]>
after this merges, can we cherry pick and create a patch release? |
We can test nil-ness inside the method.
@sozercan 0.6.0 is released with this fix. |
This PR prevents the fields
%post
,%preun
, and%postun
from being written to the rpm SPEC unless they are specified in the dalec spec.This is a short-term solution to the problem specified in #298. Please see that issue for more details on the long-term solution. A short summary of the problem follows:
What is happening is that the presence of the
%post
,%preun
, or%postun
causes/bin/sh
to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts.without %post:
with %post:
The
bash
package supplies/bin/sh
, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed.What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: