#29 container: update package list to match f39 more closely
Merged 10 months ago by ngompa. Opened 10 months ago by jcline.
jcline/fedora-kiwi-descriptions container-packages  into  rawhide

@@ -127,6 +127,9 @@ 

  	<packages type="bootstrap" profiles="Container-Base-Generic">

  		<ignore name="glibc-langpack-en"/>

  		<ignore name="langpacks-en"/>

+ 		<package name="bzip2"/>

+ 		<package name="gzip"/>

+ 		<package name="sudo"/>

  		<package name="rootfiles"/>

  		<package name="tar"/> <!-- https://bugzilla.redhat.com/show_bug.cgi?id=1409920 -->

  		<package name="vim-minimal"/>
@@ -134,6 +137,8 @@ 

  		<package name="dnf-yum"/> <!-- https://pagure.io/fesco/issue/1312#comment-30991 -->

  		<package name="glibc-minimal-langpack"/>

  		<package name="tzdata"/>

+ 		<package name="xz"/>

+ 		<package name="zstd"/>

  	</packages>

  	<packages type="bootstrap" patternType="plusRecommended" profiles="Container-Toolbox">

  		<ignore name="dosfstools"/>

Gary Buhrmaster noticed gzip was missing from the Fedora 40 container.
An extremely quick and gross diff produced by doing:

podman run -it --rm --entrypoint /usr/bin/rpm fedora:39 -qa \
| sort | uniq | awk '{ split($0,a,"-[0-9]"); print a[1] }' > f39.txt

shows the following for Fedora Minimal 39 -> 40:

-abattis-cantarell-vf-fonts
+audit-libs
-default-fonts-core-sans
-fonts-filesystem
-google-noto-fonts-common
-google-noto-sans-mono-vf-fonts
-google-noto-sans-vf-fonts
-google-noto-serif-vf-fonts
-gpg-pubkey
+gpg-pubkey-a15b79cc
+json-c
-langpacks-core-en
-langpacks-en
-langpacks-fonts-en
+libcap-ng
+libeconf
-libsigsegv
+libtool-ltdl
+pam-libs
-systemd-libs
-util-linux-core
-zlib
+zlib-ng-compat

For Fedora 39 -> 40:

-authselect
-authselect-libs
-cracklib
-gpg-pubkey
+gpg-pubkey-a15b79cc
-gzip
-libdb
-libpwquality
-libsigsegv
+libtool-ltdl
-pam
-sudo
-systemd-libs
-util-linux-core
-zlib
+zlib-ng-compat

This adds most of the missing packages, except those that look to be
replaced (zlib-ng-compat, for example) or probably aren't actually
wanted (fonts and such). I didn't spent tons of time deciding what
to add/remove so feedback more than welcome.

I don't know if we really need most of that in the base container. They're not super-useful since they're mostly login stack and physical system stuff. That said, adding gzip probably makes sense (as well as bzip2, xz, and zstd) to go alongside tar.

I kinda feel like people may run scripts that assume the presence of sudo inside containers, though. Even if it won't really do much useful, it might be a good idea for it to be there just so it can no-op. I'm less sure about stuff like pwquality and pam, which probably only make sense if we really need to use multiple privilege levels inside the container for some reason...

I think one could argue to remove all of them, of course, it's just a matter of how much you want to have people adjust their Containerfiles between 39 and 40. I think most people won't notice anything except sudo (and clearly gzip).

Alright, well I'll drop everything except sudo and gzip, and then add on bzip2, xz, and zstd to the non-minimal container and we'll see if anyone notices and has a good reason to bring back any of the other stuff.

As the original reporter, should it matter to the discussion, my use case is that I have a github actions workflow which runs a fedora rawhide container. The github checkout action pulls down a gzip'd tar file and then extracts it, which failed since gzip was not found (and then I did some research). I can change my workflow to explicitly install gzip, of course, although that lack of gzip will likely impact more users of various CI systems going forward, which is why I requested it be added back in if possible. If the decision is to remove gzip, I would request that it be added to the release notes.

rebased onto 319e5e8

10 months ago

Pull-Request has been merged by ngompa

10 months ago

I've merged this and cherry-picked it to f40.

Metadata