Bug 2124927

Summary: nss_wrapper pulls in cmake by default, enlarging the footprint too much
Product: Red Hat Enterprise Linux 9 Reporter: Andreas Schneider <asn>
Component: nss_wrapperAssignee: Andreas Schneider <asn>
Status: CLOSED CURRENTRELEASE QA Contact: Denis Karpelevich <dkarpele>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: aboscatt, andrew.slice, asn, chris.bandy, dkarpele, jhrozek, madam, sssd-qe
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2124635 Environment:
Last Closed: 2022-11-03 08:26:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2124635    
Bug Blocks:    

Description Andreas Schneider 2022-09-07 13:45:24 UTC 
+++ This bug was initially created as a clone of Bug #2124635 +++

This bug was initially created as a copy of Bug #2028819

I am copying this bug because: 



This could help decrease RHEL-9 containers a bit.

+++ This bug was initially created as a clone of Bug #2023435 +++

Description of problem:

nss_wrapper is used in non-root containers to create missing user entries:
https://src.fedoraproject.org/container/postgresql/blob/rawhide/f/root/usr/share/container-scripts/postgresql/common.sh#_183

And in containers, every MB is counted. nss_wrapper by default pulls in cmake and many other packages, because it ships cmake config file. In total, it's around 100MB unpacked.

Version-Release number of selected component (if applicable):
nss_wrapper-1.1.11-6.fc35

How reproducible:
easily

Steps to Reproduce:
1. podman run -ti --rm fedora bash -c 'yum install -y nss_wrapper'

Actual results:
  <other dnf output snipped>
Install  78 Packages
  <other dnf output snipped>
Installed size: 109 M
  <other dnf output snipped>

Expected results:
Ideally only nss_wrapper library is installed.

Additional info:

I'd suggest to introduce a nss_wrapper-devel package that can ship the cmake config file and the necessary dependencies, and only users/components that need those would install that.

This change might need 3 other components to update the spec, as they might currently count with cmake config to be installed:

$> dnf repoquery --repoid=fedora-source --whatrequires nss_wrapper
cyrus-sasl-0:2.1.27-8.fc34.src
libssh-0:0.9.5-2.fc34.src
sssd-0:2.4.2-3.fc34.src

--- Additional comment from Honza Horak on 2021-11-15 17:35:50 UTC ---

I've had second thoughts and realized due to the backward compatibility and because there is also a perl tool that is not something to the devel package, introducing nss_wrapper-libs that would only provide the library itself is likely better way how to deal with this. A PR is prepared:

https://src.fedoraproject.org/rpms/nss_wrapper/pull-request/1
Comment 6 Andreas Schneider 2022-11-03 08:26:39 UTC 
This has already been addressed in RHEL 9.1. See bug #2028819