Bug 2044804

Summary: kexec-tools uses Recommends for zstd
Product: Red Hat Enterprise Linux 9 Reporter: Jan Pazdziora (Red Hat) <jpazdziora>
Component: kexec-toolsAssignee: ltao
Status: CLOSED ERRATA QA Contact: Jie Li <jieli>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: ruyang, xiawu
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kexec-tools-2.0.25-3.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 08:14:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2057980    
Bug Blocks:    

Description Jan Pazdziora (Red Hat) 2022-01-25 08:52:30 UTC 
Description of problem:

RHEL 9 Content Structure and Guidelines state that weak dependencies for packages found in the minimal installation is discouraged.

By using the Recommends weak dependencies especially for packages in @core group (Minimal host installation), the recommended package gets pulled into the installed package set depending on the current configuration of the dnf transaction. That in turn makes the package set that gets evaluated for example for security certifications volatile.

The kexec-tools package now added Recommends for zstd.

If that package is needed by kexec-tools for correct operation, Requires should be used.

If zstd is essential in minimal host installations, it should be listed in the @core group in the comps file, not pulled in as a weak side-effect of having kexec-tools in @core.

If it is listed primarily for convenience, Suggests might be better option. Or just drop the weak dependency completely.

Version-Release number of selected component (if applicable):

kexec-tools-2.0.23-5.el9.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. dnf install -y kexec-tools

Actual results:

Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 1:59:14 ago on Tue 25 Jan 2022 07:50:43 AM CET.
Dependencies resolved.
================================================================================
 Package          Arch     Version                     Repository          Size
================================================================================
Installing:
 kexec-tools      x86_64   2.0.23-5.el9                beaker-BaseOS      501 k
Installing dependencies:
 dracut-network   x86_64   055-10.git20210824.el9      beaker-BaseOS       79 k
 dracut-squash    x86_64   055-10.git20210824.el9      beaker-BaseOS       13 k
 ethtool          x86_64   2:5.10-4.el9                beaker-BaseOS      214 k
 lzo              x86_64   2.10-7.el9                  beaker-BaseOS       69 k
 snappy           x86_64   1.1.8-8.el9                 beaker-BaseOS       37 k
 squashfs-tools   x86_64   4.4-7.git1.el9              beaker-BaseOS      169 k
Installing weak dependencies:
 zstd             x86_64   1.5.0-2.el9                 beaker-AppStream   645 k

Expected results:

zstd not a weak dependency, since kexec-tools is in the @core group.

Additional info:

The kexec-tools Recommends grubby as well. The negative impact of that is mitigated by grubby being listed in the @core group in comps. But it could get removed (or changed to Requires) as well.
Comment 8 errata-xmlrpc 2023-05-09 08:14:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (kexec-tools bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:2463