Bug 1947904

Summary: openssh uses Recommends for p11-kit
Product: Red Hat Enterprise Linux 9 Reporter: Jan Pazdziora <jpazdziora>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED CURRENTRELEASE QA Contact: Marek Havrila <mhavrila>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 9.0CC: dueno, jjelen, jpazdziora, mhavrila
Target Milestone: betaKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssh-8.6p1-5.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-07 21:42:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Pazdziora 2021-04-09 13:54:49 UTC 
Description of problem:

RHEL 9 Content Structure and Guidelines state that weak dependencies in BaseOS are allowed, but discouraged.

By using the Recommends weak dependencies especially for packages in @core group (Minimal host installation) or their direct dependencies, the recommended package gets pulled into the installed package set depending on the current configuration of the dnf transaction.

The openssh package Recommends p11-kit.

If that package is needed by openssh for correct operation, Requires should be used.

If p11-kit is essential in minimal host installations, it should be listed in the @core group in the comps file, not pulled in as a weak side-effect of having openssh in @core dependencies.

If it is listed primarily for convenience, Suggests might be better option. Or just drop the weak dependency completely.

Note that p11-kit gets installed on minimal host installation due to being (at least) dependency for systemd.

Version-Release number of selected component (if applicable):

openssh-8.5p1-2.el9.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1.rpm -q --recommends openssh

Actual results:

p11-kit

Expected results:

No output.

Additional info:
Comment 2 Jakub Jelen 2021-04-12 09:41:44 UTC 
AFAIK, p11-kit is essencial for the minimal host so it should be in the @core group in the comps file. Adding Daiki to confirm.
Comment 4 Daiki Ueno 2021-04-21 12:59:21 UTC 
I am not sure if the bug filing process takes into account of indirect dependencies, but p11-kit is indeed in the "Essential system packages" as a dependency:
http://dell-per930-01.4a2m.lab.eng.bos.redhat.com/content-resolver/workload-dependencies--sst_cs_infra_services-base-os-packages--c9s-base--repository-c9s--x86_64.html