Installability tests fail when testing core packages

[LecrisUT]

See for example systemd PR, most tests fail or are skipped because system-udev is pre-installed. Any ideas how to unblock these tests? What about running these in a chroot, rpm-ostree or any other way to isolate these environments.

[ppisar]

"dnf --installroot=/some/directory install system-udev" will install system-udev (and its dependecies) to an empty system. Empty from RPM and DNF point of view.

Though, I don't know whether it is implemented with chroot or whether it isolates another name spaces. That means fancy RPM scriptlets which inspect running processes or expect mounted /proc or /sys might fail.

Mock is good at creating an empty system (it populates /etc/localtime and maybe more). If you redefined what "mock init" does (config_opts['chroot_setup_cmd']) to "install system-udev", you would get a neat test.

Another option is install the packages with "dnf reinstall" command.

[ppisar]

Another option is install the packages with "dnf reinstall" command.
No. DNF errors if the package has not yet been installed.

[LecrisUT]

I think making sure to run dnf with --installroot would be the best solution. Afaik these changes need to be done in this repo. Would it work to override YUMDNFCMD to have the default flag? E.g. for commands like history?

mini-tps/mtps-setup

Lines 38 to 49 in 7bdb084

	YUMDNFCMD="${MINITPSYUMDNFCMD:-}"
	if [ -z "$YUMDNFCMD" ]; then
	if [ -f "/usr/bin/yum" ]; then
	YUMDNFCMD="yum"
	if [ -L "/usr/bin/yum" ]; then
	YUMDNFCMD="$(readlink "/usr/bin/yum")"
	fi
	else
	YUMDNFCMD="dnf"
	fi
	fi

How does the AVC check work with a different root?

[LecrisUT]

Oh, I actually meant to ping @jpopelka about these issues.

[ppisar]

I believe that "dnf --installroot" is a disguise for "rpm --root". rpm(8) reads:

       --root DIRECTORY
              Use the file system tree rooted at DIRECTORY for all operations.  Note that this means
              the  database within DIRECTORY will be used for dependency checks and any scriptlet(s)
              (e.g. %post if installing, or %prep if building, a package) will be run  after  a  ch‐
              root(2) to DIRECTORY.

              Note that rpm assumes the environment inside the root is set up by the caller, such as
              any mounts needed for the operation inside the root directory.

So it's a chroot.

Regarding AVC, SELinux evaluates rules on labels. Not on file names. The only place where file names are used are default file labels. But default labels are computed by userspace which will read them from the chrooted file system and evaluate relatively to its chroot. So I don't think it's a problem. I recommend contacting an RPM maintainer for more details.

[keszybz]

"dnf --installroot=/some/directory install system-udev" will install system-udev (and its dependecies) to an empty system. Empty from RPM and DNF point of view.

+1. I just wrote something similar on the mailing list before looking here.

My version:

dnf install --enablerepo=/path/to/repo/with/updates --installroot=/var/tmp/inst-package1
 /path/to/repo/with/updates/package1.rpm
dnf install --enablerepo=/path/to/repo/with/updates --installroot=/var/tmp/inst-package2
 /path/to/repo/with/updates/package2.rpm

The invocation of dnf should be wrapped in 'bwrap' to set up /dev, /proc for the invocation.