On Mon, Jul 01, 2019 at 04:26:07PM -0400, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Features/LimitScriptletUsage
>
> == Summary ==
> Remove direct scriptlet calls from "core packages" (those that are
> used to build minimal container image). The packages can still affect
> changes during installation by placing files in the correct locations
> to trigger registered external programs.
>
> == Owner ==
> * Name: [[User:james| James Antill]]
>
> == Detailed Description ==
>
> Currently we know how to make an installable OS with packages that
> doesn't require the use of scriptlets, indeed rpm-ostree and others
> have already done this on a significantly bigger scale. So we plan to
> remove direct scriptlets from most (if not all) of the packages in the
> main fedora container image for Fedora 31. This means all four of:
> %pre/%post/%preun/%postun. After this change it'd be good to have some
> kind of temporary exception to be granted before those packages could
> add a scriptlet back (post F31 work).
>
> Almost all of the hard work is already done, as rpm can react to files
> being dropped in specified places with known actions (Eg. In this way
> systemd components can create users or files). There are a few minor
> changes needed to packages to move from the old way of doing things
> (Eg. calling adduser) to doing the new thing. Note that while a
> program will still be run at installation time, those programs will be
> few and easily audited (as against the 666 slightly different ways of
> adding a user we currently have).
I love the goal, but this document says very little about the means to
achieve that goal. I would like to see specific solutions described
for each class of scriptlets that is present, including approximate
numbers of packages that are affected. As often, the devil is in the
details, and there indeed are classes of scriptlets which have been
successfully made obsolete and we now only need to get rid of the usage
usage in spec files, but then there are other classes of scriptlets
which might be very hard to replace.
As as example: how do you want to get rid of %systemd_postun_with_restart?
Also, this certainly is not a "self contained" change. Please upgrade
it to "system wide".
Zbyszek
PS.
> All of the following should provide no output on a standard container:
>
> * rpm -a --qf '%{preinprog}'
> * rpm -a --qf '%{preunprog}'
> * rpm -a --qf '%{postinprog}'
> * rpm -a --qf '%{postunprog}'
> * rpm -a --qf '%{pretransprog}'
> * rpm -a --qf '%{posttransprog}'
This needs "-q" and "| grep -v '(none)'". I changed the wiki page.
Zbyszek
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
