Bug 1942425

Summary: osbuild-composers fails when firewalld is added as blueprint component
Product: Red Hat Enterprise Linux 8 Reporter: W. de Heiden <wdh>
Component: osbuild-composerAssignee: Martin Sehnoutka <msehnout>
Status: CLOSED ERRATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact:
Priority: high    
Version: 8.3CC: akoutsou, elpereir, joedward, jrusz, lagordon, msehnout, obudai, sbarcomb, tbowling, tgunders
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 18:46:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description W. de Heiden 2021-03-24 10:53:36 UTC 
Description of problem:
building of RHEL8 will fail when firewalld is added as a blueprint component


Version-Release number of selected component (if applicable):
osbuild-composer-20.1-1.el8.x86_64

How reproducible:


Steps to Reproduce:
1: create a blue print
2: just add the Component "basesystem" --> creating the image (qemu-gcow2) goes well
3: add the component "firewalld", building will fail


Actual results:
journalctl -l -f -u osbuild-composer.service will tell:
Mar 24 11:39:19 builder.example.com osbuild-composer[4419]: All matches were filtered out by exclude filtering for argument: firewalld

Expected results:
Build will finish properly


Additional info:
Building RHEL8 as a Qemu Qcow2
Comment 1 Ondřej Budai 2021-06-18 07:31:49 UTC 
*** Bug 1973287 has been marked as a duplicate of this bug. ***
Comment 2 Ondřej Budai 2021-06-18 07:35:16 UTC 
A partial fix was merged upstream and we want to ship it in 8.5. Martin, AFAIK, there's a catch with dependencies in your patch, do you remember what is it?
Comment 3 Martin Sehnoutka 2021-06-22 07:47:31 UTC 
(In reply to Ondřej Budai from comment #2)
> A partial fix was merged upstream and we want to ship it in 8.5. Martin,
> AFAIK, there's a catch with dependencies in your patch, do you remember what
> is it?

Yes, the patch only works if none of the dependencies of firewalld is in the exclude list. If one of them is there, the blueprint must specify the excluded dependencies as well to remove them from the list of packages to exclude. 

For example if the image type specifies a list of packages to exclude like this:
 * firewalld
 * libfirewall
 * libunrelated

And firewalld depends on libfirewall, then the blueprint must excplicitly include both firewalld and its dependency: libfirewall.
Comment 4 Tom Gundersen 2021-07-07 20:33:32 UTC 
If this has been fixed upstream I think this can be closed as a duplicate of the rebase BZ, right?
Comment 5 Tom Gundersen 2021-07-07 20:35:01 UTC 
Scratch the previous comment, we still need to attach this to the errata.
Comment 10 Achilleas Koutsou 2021-09-07 09:44:04 UTC 
This was fixed in v31 as part of the RHEL 8.5 support.  The issue described in Comment 3 is also resolved.  Packages defined by users in the blueprint are depsolved separately now, so they're not affected by the package exclusion list of the base image package set.

Upstream PR: https://github.com/osbuild/osbuild-composer/pull/1536
Upstream commit: https://github.com/osbuild/osbuild-composer/commit/cba720e63fff2fcc4952794d017c89ba3a0d18da
Comment 15 errata-xmlrpc 2021-11-09 18:46:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (osbuild bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4273