depsolving: mark packages as user
#28
Conversation
supakeen
force-pushed
the
dnf-marking
branch
2 times, most recently
from
f5f4fb0 to
de60b1a
Compare
|
In the current state, this would add a stage like so for (for example) |
supakeen
force-pushed
the
dnf-marking
branch
2 times, most recently
from
84b6e90 to
451d44b
Compare
|
This PR has been updated to pull the information from Do we want to drop the mark |
supakeen
force-pushed
the
dnf-marking
branch
11 times, most recently
from
405a598 to
c192748
Compare
|
This PR has been updated to work around problems with chain-depsolving marking packages as |
supakeen
force-pushed
the
dnf-marking
branch
2 times, most recently
from
64a5f81 to
982b708
Compare
|
I've marked this PR ready for review as I'd really like some input. This will initially generate a dnf marking stage for the disk image types (which all use Note that this PR cannot be merged before the actual |
|
I realized that I forgot a thing. A package can be conditionally upgraded to
|
|
Love it! |
pkg/osbuild/dnf_mark_stage.go
Outdated
| type DNFMarkStagePackageOptions struct { | ||
| Name string `json:"name"` | ||
| Mark string `json:"mark"` | ||
| Group string `json:"group,omitempty"` |
There was a problem hiding this comment.
I think that the latest version of the osbuild PR doesn't have group in the stage options.
pkg/runner/fedora.go
Outdated
| @@ -15,5 +15,6 @@ func (p *Fedora) GetBuildPackages() []string { | |||
| "glibc", // ldconfig | |||
| "systemd", // systemd-tmpfiles and systemd-sysusers | |||
| "python3", // osbuild | |||
| "dnf", // temporary | |||
There was a problem hiding this comment.
temporary? What does this mean?
There was a problem hiding this comment.
Ah yes, good that this was caught. I am wondering if it's correct to add dnf to the build packages here.
There was a problem hiding this comment.
If we're going to be marking packages for all fedora builds, then we'll need it in the build root unconditiaonally, yes.
|
PR rebased and updated both concerns addressed and the comment changed to clarify that the package is added to the build root for marking. Is it possible to have a stage conditionally add something to the build root? |
Not stage, but the pipeline implementation can do it based on its configuration which also affects if a stage is added to the pipeline or not. See https://github.com/osbuild/images/blob/main/pkg/manifest/os.go#L262 |
Since we have the option set on the |
|
Nice; then I've moved DNF from the runner into the getBuildPackages for the os pipeline :) |
There was a problem hiding this comment.
Overall nice work. I added a few inline comments. Most notably, I don't think that putting the option into DiskImage is the right place. Instead, it should be part of the ImageConfig which then translates to OSCustomizations... Distro / image type - specific ImageConfig can be then used in Fedora to enable this feature where needed.
pkg/manifest/os.go
Outdated
| @@ -157,6 +157,8 @@ type OS struct { | |||
| containerSpecs []container.Spec | |||
| ostreeParentSpec *ostree.CommitSpec | |||
|
|
|||
| MarkPackages bool | |||
There was a problem hiding this comment.
Could you please elaborate on the reasoning behind putting the option into the pipeline options, instead of putting it into OSCustomizations?
pkg/image/disk.go
Outdated
| @@ -25,6 +25,7 @@ type DiskImage struct { | |||
| Workload workload.Workload | |||
| Filename string | |||
| Compression string | |||
| MarkPackages bool | |||
There was a problem hiding this comment.
I would argue that marking packages is not really specific to DiskImage, since we may want to do this for any other type of images. It is IMO specific to the OS pipeline, which builds the base OS tree, regardless of the artifact format. Making the option specific to the OS pipeline (by putting it to OSCustomizations), removes the need to pass this option in each image type implementation which uses the OS pipeline. We also already have functions, which transform the ImageConfig to OSCustomizations, which would make it easy to make this image type / distro (version) specific thing...
There was a problem hiding this comment.
I've moved this into ImageConfig and then set it to true by default in fedora/images.go.
| @@ -0,0 +1,64 @@ | |||
| package osbuild | |||
There was a problem hiding this comment.
nitpick: Any reason to not put the 4 into the file name as well? 🤔
There was a problem hiding this comment.
Oh, I wanted to put both the dnf4 and dnf5 stage in dnf_mark_stage.go. I'll rename it to be specific since it only has 4 for now.
pkg/distro/fedora/images.go
Outdated
| @@ -252,6 +252,10 @@ func diskImage(workload workload.Workload, | |||
|
|
|||
| img.Filename = t.Filename() | |||
|
|
|||
| distro := t.Arch().Distro() | |||
|
|
|||
| img.MarkPackages = true | |||
There was a problem hiding this comment.
This IMO scatters the image configuration into multiple places, while in reality it should be IMO part of the default distro ImageConfig or image type specific ImageConfig.
There was a problem hiding this comment.
In addition, package marking is enabled for all Fedora version AFAICT, which contradicts the commit message which states that it should be enabled only for rawhide.
There was a problem hiding this comment.
Updated the commit message; I'm going to move all of this into ImageConfig(s).
supakeen
force-pushed
the
dnf-marking
branch
5 times, most recently
from
43163ab to
ec6c5cf
Compare
| if !t.rpmOstree { | ||
| osc.MarkPackages = true | ||
| } |
There was a problem hiding this comment.
I think that the correct way would be to unconditionally set osc.MarkPackages = imageConfig.MarkPackages.
Then set to true in
images/pkg/distro/fedora/distro.go
Lines 404 to 407 in d9e892f
ImageConfig.
In addition, it may make sense to extend the osCustomizations() in each distro even if not used there, to prevent any surprises in the future (since ImageConfig and OS pipeline implementation are used globally).
Add the dnf marking stage that can be used to mark packages in the dnf state database.
Package marking is enabled per image type and propagated down to the OS pipeline. The package marking information is output by `dnf-json` based on what `dnf` gave as reasons during the depsolve transactions. This is stored on the `rpmmd.PackageSpec`. Note that we currently output 'user' for any 'group'-installed package. There's also a bit of complication here; as `dnf-json` does chain depsolving it marks all packages from the previous transaction for `install`. This leads to all packages from the previous transaction being marked as `user`-installed. To circumvent this we keep track of the reasons a package was selected and the oldest one wins. Another complication is that a package could be initially resolved as a dependency but be user-requested in a follow up transaction. Some logic is involved to allow upgrades from dependency and weak-dependency to user. We also blanket-allow upgrading weak-dependency to dependency. Package marking is enabled for all Fedora image types.
|
This PR is stale because it has been open 30 days with no activity. Remove "Stale" label or comment or this will be closed in 7 days. |
|
This PR is stale because it has been open 30 days with no activity. Remove "Stale" label or comment or this will be closed in 7 days. |
|
This PR was closed because it has been stalled for 30+7 days with no activity. |
When DNF installs packages it marks the reason a package was installed. The available reasons are:
user: directly requested by the user (e.g:dnf install vim, marksvimasuserand all dependencies asdependency).group: top packages in a group directly requested by the user (e.g:dnf install @coremarksvim,foo, andbarasgroup).There's also
dependencyandweak-dependencywhich are more self-explanatory.This PR introduces this concept to
dnf-jsonso we can propagate the information toosbuildwhich can then mark packages with the correct reasons after installing them asrpms.Not marking packages correctly can lead to issues; the default behavior by
dnfis to have packages unknown to it be marked asdependency. This means that when the user installs a package on one of our images (marked asuser) then removes that package that dependencies of that package might be cleaned up as there are no leaf nodes withuserorgroupanymore; alternatively packages might not be removed when they should.The elephant in the room are
groupmarkings. When a package is marked asgroupit also marks for which group. This information is currently unavailable in bothdnfanddnf5. I've got an open report; currently I've chosen to mark packages that aregroupasuser. This isn't ideal as one can't do adnf remove @coreand have it remove that comps packages however this will let us put this in end-to-end. I've written this PR in such a way that if/when we have a way to get this information onlydnf-jsonneeds to be adjusted.A fun complication is that a package can be marked as
dependencyin the first resolve of a transaction chain; however it can then be directly selected (user) in the second transaction chain. This conditional reason-upgrade is allowed (and should also be applied togroup). Similarly, we also allow upgradingweak-dependencytodependency.