[BUG] minimal base is not used #298
Comments
|
This bug was introduced with PR #254 . Specifically, it's this commit https://github.com/adamperlin/dalec/commit/c91c9bae5812aacf34c8e2aedbef118e047658c3, although I can't yet fathom why |
|
What is happening is that the presence of the without %post: with %post: The |
|
The short-term solution is to not emit The longer-term solution involves
I am not sure if |
This PR prevents the fields `%post`, `%preun`, and `%postun` from being written to the rpm SPEC unless they are specified in the dalec spec. This is a short-term solution to the problem specified in Azure#298. Please see that issue for more details on the long-term solution. A short summary of the problem follows: What is happening is that the presence of the `%post`, `%preun`, or `%postun` causes `/bin/sh` to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts. _without %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` _with %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm /bin/sh /bin/sh /bin/sh rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` The `bash` package supplies `/bin/sh`, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed. Signed-off-by: Peter Engelbert <[email protected]>
This PR prevents the fields `%post`, `%preun`, and `%postun` from being written to the rpm SPEC unless they are specified in the dalec spec. This is a short-term solution to the problem specified in #298. Please see that issue for more details on the long-term solution. A short summary of the problem follows: What is happening is that the presence of the `%post`, `%preun`, or `%postun` causes `/bin/sh` to be baked into the dependencies of the rpm. This makes sense because a shell is needed to execute the postinstall scripts, and would be needed to run pre- or post- uninstall scripts. _without %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` _with %post_: ``` $ rpm -q --requires /tmp/out/RPMS/x86_64/oras-v1.2.0-1.cm2.x86_64.rpm /bin/sh /bin/sh /bin/sh rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(PayloadIsZstd) <= 5.4.18-1 ``` The `bash` package supplies `/bin/sh`, and all of its dependencies are installed into the container as well. So the distroless minimal image is used, but it has a bunch of extra stuff installed. Signed-off-by: Peter Engelbert <[email protected]>
|
@adamperlin is this issue fixed? do we just need to add the tests? if so, i can close this issue and we'll have #303 tracking tests |
Yes this is fixed now due to #299! I think the fix in #299 is what we'll go with for the time being. |
|
Ok closing this one. We'll continue in #303 |
|
This doesn't seem to be fixed or there was a regression non-runtime packages like |
|
For posterity, we discussed this: Also opened a PR (#424) to include this by default in container images along with some other base things defined by the azlinux team. |
Expected Behavior
minimal base image with only the component we are building and/or supplied in runtime
Actual Behavior
i expected a minimal base image but looking at the /usr/bin contents, there are a lot of files
https://oci.dag.dev/layers/sozercan/oras@sha256:0137bd96038e5a7edd4c3114e45997b27dcaed83b906230a3943b1c161b76d8b/usr/bin/
Steps To Reproduce
docker build -t oras:latest -f https://gist.githubusercontent.com/sozercan/1f856f629ba85b9a223dfff1f5cb5f2a/raw/794e8ebf0fb0c9d5581050a51e8a70156c901340/oras.yaml --load . --target mariner2/container --progress plainAre you willing to submit PRs to contribute to this bug fix?
The text was updated successfully, but these errors were encountered: