Bug 1632214

Summary: crypto-policies-20180921-2.git391ed9f.fc30 pulls in 34 new packages into minimal build root
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: crypto-policiesAssignee: Red Hat Crypto Team <crypto-team>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: crypto-team, lef, nmavrogi, tmraz, vondruch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20180925-1.git71ca85f.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-27 18:01:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Pisar 2018-09-24 11:17:23 UTC 
Koschei displays <https://apps.fedoraproject.org/koschei/build/5430532> 34 new packages (dracut, dbus, systemd etc.) that are transitively pulled into minimal build root ('/usr/bin/dnf' '--setopt=install_weak_deps=0' 'groupinstall' 'build') since upgrading crypto-policies package from 20180921-1.git391ed9f to 20180921-2.git391ed9f:

acl
cryptsetup-libs
dbus
dbus-common
dbus-daemon
dbus-libs
dbus-tools
device-mapper
device-mapper-libs
dracut
gettext
gettext-libs
gnutls
grub2-common
grub2-tools
grub2-tools-minimal
grubby
iptables-libs
json-c
kmod
kmod-libs
libargon2
libcroco
libgomp
libkcapi
libkcapi-hmaccalc
libpcap
libseccomp
nettle
os-prober
qrencode-libs
systemd
systemd-pam
systemd-udev

In my opinion this build root inflation is not reasonable. Could you please fix it?

The crypto-policies update contains only this commit:

commit 2486d13d3405e745c4b6d4f1fc3afc4127d0b764 (HEAD -> master, origin/master, origin/f29, origin/HEAD)
Author: Tomas Mraz <tmraz>
Date:   Fri Sep 21 16:02:41 2018 +0200

    Fix requires for grubby
[...]
-Requires: /usr/bin/grubby
+Requires: /usr/sbin/grubby

If crypto-policies indeed need grubby executable, then either split crypto-policies into more subpacakges or reassign this issues to grubby.
Comment 1 Vít Ondruch 2018-09-24 12:12:25 UTC 
Actually, this is the commit adding the dependency:

https://src.fedoraproject.org/rpms/crypto-policies/c/a705dd8ea52d5548492ec8c6e107b9740b7371da

I'd say that fips-mode-setup should go into subpackage or there should be just "Recommends: /usr/sbin/grubby".

BTW %{_sbindir}/grubby should be used in place of /usr/sbin/grubby.
Comment 2 Tomas Mraz 2018-09-25 07:21:10 UTC 
I will use weak dependencies then and handle eventually missing grubby in the script so the user is notified that he needs to install it for the bootloader configuration modification.
Comment 3 Vít Ondruch 2018-09-25 07:25:32 UTC 
Could you please elaborate why it should not go into subpackage? I don't think I am going to use FIPS on my Fedora any time soon, so I would not miss this command at all.
Comment 4 Tomas Mraz 2018-09-25 08:44:19 UTC 
Because the fips mode setup commands are two short simple shell scripts for example. And grubby is usually installed anyway (except for things such as the minimal buildroot which is solved by using the weak dependency).
Comment 5 Fedora Update System 2018-09-25 11:40:41 UTC 
crypto-policies-20180925-1.git71ca85f.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-95580e520c
Comment 6 Fedora Update System 2018-09-27 02:10:44 UTC 
crypto-policies-20180925-1.git71ca85f.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-95580e520c
Comment 7 Fedora Update System 2018-09-27 18:01:33 UTC 
crypto-policies-20180925-1.git71ca85f.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.