1104138 – certmonger requires systemd-sysv when it wouldn't need to

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1104138 - certmonger requires systemd-sysv when it wouldn't need to

Summary: certmonger requires systemd-sysv when it wouldn't need to

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	certmonger
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Kaleem
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-06-03 11:08 UTC by Jan Pazdziora
Modified:	2015-03-05 10:02 UTC (History)
CC List:	7 users (show)
Fixed In Version:	certmonger-0.75.14-1.el7
Doc Type:	Bug Fix
Doc Text:	Cause: The certmonger package incorrectly included a dependency on the systemd-sysv package, and attempted to use the systemd-sysv-convert command to preserve the state of whether or not the service was enabled when the package was upgraded, from earlier releases. This is not a supported upgrade method, so the attempt was futile. Consequence: Additional dependencies could be installed, despite being largely unnecessary. Fix: The requirement is no longer specified in the package, and it no longer attempts to invoke the systemd-sysv-convert command during upgrades. Result:
Clone Of:
Environment:
Last Closed:	2015-03-05 10:02:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0437	0	normal	SHIPPED_LIVE	certmonger bug fix and enhancement update	2015-03-05 14:38:29 UTC

Internal Links: 1122252

Description Jan Pazdziora 2014-06-03 11:08:47 UTC

Description of problem:

The certmonger package has

  Requires(post): systemd-sysv

even if it probably is not needed.

Version-Release number of selected component (if applicable):

certmonger-0.70-2.el7.x86_64

How reproducible:

Deterministic.

Steps to Reproduce:
1. Have RHEL 7 installation without systemd, for example in a Docker container with fakesystemd.
2. Run yum install -y certmonger.

Actual results:

Transaction check error:
  file /usr/lib/rpm/macros.d/macros.systemd from install of systemd-208-11.el7.x86_64 conflicts with file from package fakesystemd-1-14.el7.x86_64

Expected results:

The installation passes, certmonger does not force the systemd-sys (and thus systemd) installation.

Additional info:

Of course, it is possible to do

   yum swap -y -- remove fakesystemd -- install systemd systemd-libs

but it increases the image size unnecessarily.

Comment 5 John Fulton 2014-07-22 19:14:47 UTC

Ran into a similar problem but with tomcat in place of certmonger. Filed BZ 1122252 for it.

Comment 6 Nalin Dahyabhai 2014-07-22 20:17:03 UTC

The systemd-sysv package used to contain the systemd-sysv-convert tool, but it was phased out in Fedora 20 and I based on that I assume it will be after 7.x as well.  If your package's scriptlets don't call the tool, or will be modified to not call it (IIRC, current packaging guidelines no longer require you to use it) you won't need it.

Comment 7 Václav Pavlín 2014-08-20 12:20:35 UTC

I think the simplest solution is to let fakesystemd also provide "systemd-sysv" as proposed in BZ #1126409.

systemd-sysv-convert will obviously fail but that shouldn't affect the result of the package installation.

Feel free to prove me wrong,
Vaclav

*** This bug has been marked as a duplicate of bug 1126409 ***

Comment 8 Jan Pazdziora 2014-08-20 12:34:45 UTC

Reopening. I don't think it's correct to use bug 1126409 as the sole vehicle to address the issue. Yes, fakesystemd can provide systemd-sysv but if there's generic problem of packages like certmonger requiring something it does not need to, we should fix those packages as well -- the dependency cruft has the potential to bite us not just in the specific case of fakesystemd.

Running

rpm -qp --scripts certmonger-0.70-2.el7.i686.rpm  | grep systemd-sysv-convert

does not find anything so I assume (correct me if I'm wrong) that certmonger's Requires can be safely changed.

Comment 9 Nalin Dahyabhai 2014-08-20 13:54:19 UTC

It was called in a trigger, so that query won't show it -- try --triggers instead of --scripts.

I think the proper thing is to just use the fact that we know a given release will no longer includes systemd-sysv-convert, and update the packaging to not bother trying to call it when we know we're being built for such a release.

Comment 10 Jan Pazdziora 2014-08-20 14:00:05 UTC

(In reply to Nalin Dahyabhai from comment #9)
> It was called in a trigger, so that query won't show it -- try --triggers
> instead of --scripts.

You are right, it's in --triggers:

$ rpm -qp --triggers certmonger-0.70-2.el7.i686.rpm  | grep systemd-sysv-convert
#   "systemd-sysv-convert --apply certmonger".
/usr/bin/systemd-sysv-convert --save certmonger >/dev/null 2>&1 ||:

> I think the proper thing is to just use the fact that we know a given
> release will no longer includes systemd-sysv-convert, and update the
> packaging to not bother trying to call it when we know we're being built for
> such a release.

I concur.

Comment 11 Nalin Dahyabhai 2014-08-28 18:26:43 UTC

Unfortunately, in my latest 7.x tree, systemd-sysv-convert is still present, which means it's not as clear cut as I'd like

Our choices appear to be to either defer this to the next major release, or to stop trying to support the upgrade scenario that systemd-sysv-convert is meant to help us with in this release, even though it's there.

I lean slightly toward the first option, but I could be talked out of it.  Is this going to break things horribly if left as-is, or is this a would-be-nice item that can be left for later?

Comment 14 Nalin Dahyabhai 2014-09-05 14:10:38 UTC

Okay, conditional logic which uses systemd-sysv-convert is conditionalized to Fedora releases 16 through 19, inclusive, and not for any RHEL release.

Comment 16 Kaleem 2014-12-04 11:36:31 UTC

How to verify this?

Checking only that dependency on systemd-sysv removed from certmonger deplist?

Comment 17 Nalin Dahyabhai 2014-12-04 16:09:08 UTC

(In reply to Kaleem from comment #16)
> How to verify this?
> 
> Checking only that dependency on systemd-sysv removed from certmonger
> deplist?

That, and verifying that none of the package's scripts or triggers attempt to use facilities that only are provided by systemd-sysv, so that the dependency isn't merely hidden, but is actually gone.

Comment 18 Kaleem 2014-12-11 11:09:22 UTC

Verified

certmonger version:
------------------
[root@dhcp207-1 ~]# rpm -q certmonger
certmonger-0.75.14-2.el7.x86_64
[root@dhcp207-1 ~]# 

snip from automation log:
=========================
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: certmonger_1104138 - certmonger requires systemd-sysv when it wouldn't need to
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: restarting ipa service :: actually running 'service ipa restart'
Redirecting to /bin/systemctl restart  ipa.service
:: [   PASS   ] :: restarting ipa service (Expected 0, got 0)
:: [  BEGIN   ] :: certmonger's triggers does not uses systemd-sysv-convert :: actually running 'rpm -q --triggers certmonger | grep systemd-sysv-convert'
:: [   PASS   ] :: certmonger's triggers does not uses systemd-sysv-convert (Expected 1, got 1)
:: [  BEGIN   ] :: certmonger's scripts does not uses systemd-sysv-convert :: actually running 'rpm -q --scripts certmonger | grep systemd-sysv-convert'
:: [   PASS   ] :: certmonger's scripts does not uses systemd-sysv-convert (Expected 1, got 1)

Comment 20 errata-xmlrpc 2015-03-05 10:02:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0437.html

Note You need to log in before you can comment on or make changes to this bug.