fix: Don't emit rpm spec fields if empty in dalec spec #299
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR prevents the fields `%post`, `%preun`, and `%postun` from being written to the rpm SPEC unless they are specified in the dalec spec. This is a short-term solution to the problem specified in Azure#298. Please see that issue for more details on the long-term solution. A short summary of the problem follows: What is happening is that the presence of the `%post`, `%preun`, or `%postun` causes `/bin/sh` to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts. _without %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` _with %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm /bin/sh /bin/sh /bin/sh rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` The `bash` package supplies `/bin/sh`, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed. Signed-off-by: Peter Engelbert <[email protected]>
cpuguy83
requested changes
Jun 26, 2024
frontend/rpm/template.go
Outdated
| serviceName := filepath.Base(servicePath) | ||
| fmt.Fprintf(b, "%%systemd_preun %s\n", serviceName) | ||
| } | ||
| if w.Spec.Artifacts.Systemd == nil { |
There was a problem hiding this comment.
Nit: we can add a function like w.Spec.Artifacts.Systemd.IsEmpty()
That function can also do its own nil check.
There was a problem hiding this comment.
If w.Spec.Artifacts.Systemd is nil, the method IsEmpty can't be called on it, so it'll have to be a function and not a method.
There was a problem hiding this comment.
You can call a method on a nil pointer:
There was a problem hiding this comment.
You can call a method on a nil pointer:
TIL, thanks!
When the target is a container, we don't need to enable systemd services. It's very uncommon to run systemd in a container. If someone asks for this, we can implement it. Signed-off-by: Peter Engelbert <[email protected]>
This reverts commit 45a72c7. This is probably not needed, since most specs destined for a container will not have systemd scripts anyway. Signed-off-by: Peter Engelbert <[email protected]>
adamperlin
reviewed
Jun 26, 2024
Just a bit of tidying Signed-off-by: Peter Engelbert <[email protected]>
|
after this merges, can we cherry pick and create a patch release? |
cpuguy83
requested changes
Jun 28, 2024
We can test nil-ness inside the method.
cpuguy83
approved these changes
Jun 28, 2024
|
@sozercan 0.6.0 is released with this fix. |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR prevents the fields
%post,%preun, and%postunfrom being written to the rpm SPEC unless they are specified in the dalec spec.This is a short-term solution to the problem specified in #298. Please see that issue for more details on the long-term solution. A short summary of the problem follows:
What is happening is that the presence of the
%post,%preun, or%postuncauses/bin/shto be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts.without %post:
with %post:
The
bashpackage supplies/bin/sh, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed.What this PR does / why we need it:
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: