Bug 1947871
| Summary: | crypto-policies-scripts uses Recommends for grubby | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Jan Pazdziora (Red Hat) <jpazdziora> |
| Component: | crypto-policies | Assignee: | Alexander Sosedkin <asosedki> |
| Status: | CLOSED ERRATA | QA Contact: | Ondrej Moriš <omoris> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 9.0 | CC: | jpazdziora, jwboyer, omoris, pvrabec |
| Target Milestone: | beta | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | crypto-policies-20210628-1.gitdd7d273.el9 | Doc Type: | No Doc Update |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 15:54:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan Pazdziora (Red Hat)
2021-04-09 12:57:57 UTC
> If that package is needed by crypto-policies-scripts for correct operation, Requires should be used. > If grubby essential in minimal host installations, it should be listed in the @core group in the comps file, not pulled in as a weak side-effect of having crypto-policies-scripts in @core. > If it is listed primarily for convenience, Suggests might be better option. Or just drop the weak dependency completely. IMO neither of these three apply 100%, can I just CLOSE WONTFIX this bug? So what is the reason for that Recommends? Doesn't pulling in grubby make sense for example only when kernel is installed, so boolean dependencies would be more appropriate? For reconfiguring the kernel cmdline as part of fips-mode-setup; not used outside of switching into FIPS mode. So would Requires: (grubby if kernel) be a more precise and descriptive representation of the intent? No, most of the customers aren't FIPS-aware and crypto-policies has no need to depend on any bootloader configuration tools for switching policies other than FIPS. So Recommends: (grubby if kernel) ? Note that currently crypto-policies-scripts depends on grubby in most deployments because few admins disable weak dependencies. Yes, the admin can remove grubby (either from the installation transaction or ex-post) but it will get installed again during crypto-policies-scripts. Making the dependency conditional on the package that the tooling is expected to manage seems very much what the boolean dependencies are for. Josh, what is your opinion about boolean dependencies for situations like this? (In reply to Jan Pazdziora from comment #7) > So > > Recommends: (grubby if kernel) > > ? > > Note that currently crypto-policies-scripts depends on grubby in most > deployments because few admins disable weak dependencies. Yes, the admin can > remove grubby (either from the installation transaction or ex-post) but it > will get installed again during crypto-policies-scripts. > > Making the dependency conditional on the package that the tooling is > expected to manage seems very much what the boolean dependencies are for. > > Josh, what is your opinion about boolean dependencies for situations like > this? The boolean seems to make sense to me. Stepping back and looking at the overall scenario, grubby is going to be on 90% of systems anyway. I'm OK with the `Recommends: (grubby if kernel)` suggestion; note that it keeps the Recommends though. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: crypto-policies), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3953 |