Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1551279 - authselect pulls in a LOT of extra dependencies than authconfig
authselect pulls in a LOT of extra dependencies than authconfig
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: authselect (Show other bugs)
28
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Pavel Březina
Fedora Extras Quality Assurance
AcceptedFreezeException
:
Depends On:
Blocks: F11MinimalPlatform depchain IoT F28BetaFreezeException
  Show dependency treegraph
 
Reported: 2018-03-04 06:32 EST by Peter Robinson
Modified: 2018-03-26 18:28 EDT (History)
6 users (show)

See Also:
Fixed In Version: authselect-0.3.2-1.fc28
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-26 18:28:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Robinson 2018-03-04 06:32:10 EST
authselect appears to pull in all possible means of doing authentication to ensure everything is available rather than just being able to configure the options that are actually available.

This is a change in how authconfig worked previously and pulls in a lot of extra dependencies bloating things like minimal images and potentially containers.

# dnf upgrade
Last metadata expiration check: 1:19:21 ago on Sun 04 Mar 2018 10:11:22 AM UTC.
Dependencies resolved.
================================================================================
 Package                  Arch       Version                    Repository
                                                                           Size
================================================================================
Upgrading:
 realmd                   armv7hl    0.16.3-11.fc28             fedora    208 k
Installing dependencies:
 authselect               armv7hl    0.3-3.fc28                 fedora     24 k
 authselect-compat        armv7hl    0.3-3.fc28                 fedora     29 k
     replacing  authconfig.armv7hl 7.0.1-5.fc28
 authselect-libs          armv7hl    0.3-3.fc28                 fedora     46 k
 avahi-libs               armv7hl    0.7-8.fc28                 fedora     54 k
 cups-libs                armv7hl    1:2.2.6-11.fc28            fedora    383 k
 cyrus-sasl-gssapi        armv7hl    2.1.26-37.fc28             fedora     45 k
 libipa_hbac              armv7hl    1.16.0-12.fc28             fedora     84 k
 libsmbclient             armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    126 k
 libwbclient              armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    104 k
 oddjob                   armv7hl    0.34.4-4.fc28              fedora     75 k
 psmisc                   armv7hl    23.1-3.fc28                fedora    146 k
 python2                  armv7hl    2.7.14-13.fc28             fedora    101 k
 python2-libs             armv7hl    2.7.14-13.fc28             fedora    5.8 M
 python2-pip              noarch     9.0.1-16.fc28              fedora    1.8 M
 python2-setuptools       noarch     38.4.0-3.fc28              fedora    622 k
 python2-talloc           armv7hl    2.1.11-5.fc28              fedora     23 k
 samba-client-libs        armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    4.3 M
 samba-common             noarch     2:4.8.0-0.4.rc3.fc28       fedora    202 k
 samba-common-libs        armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    150 k
 samba-common-tools       armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    409 k
 samba-libs               armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    254 k
 samba-winbind-modules    armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    111 k
 sssd-ad                  armv7hl    1.16.0-12.fc28             fedora    193 k
 sssd-common-pac          armv7hl    1.16.0-12.fc28             fedora    137 k
 sssd-ipa                 armv7hl    1.16.0-12.fc28             fedora    278 k
 sssd-krb5                armv7hl    1.16.0-12.fc28             fedora    117 k
 sssd-krb5-common         armv7hl    1.16.0-12.fc28             fedora    144 k
 sssd-ldap                armv7hl    1.16.0-12.fc28             fedora    186 k
Installing weak dependencies:
 adcli                    armv7hl    0.8.0-6.fc28               fedora     88 k
 oddjob-mkhomedir         armv7hl    0.34.4-4.fc28              fedora     46 k
 samba-winbind            armv7hl    2:4.8.0-0.4.rc3.fc28       fedora    490 k
 sssd                     armv7hl    1.16.0-12.fc28             fedora     75 k
 sssd-proxy               armv7hl    1.16.0-12.fc28             fedora    110 k

Transaction Summary
================================================================================
Install  33 Packages
Upgrade   1 Package

Total download size: 17 M
Is this ok [y/N]:
Comment 1 Pavel Březina 2018-03-05 09:42:21 EST
It installs this as part of authselect-compat weak dependency (Recommends), I think it would be fine to use Suggests instead as we do in authselect package.
Comment 2 Fedora Update System 2018-03-06 06:33:51 EST
authselect-0.3.2-1.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9853e65a1
Comment 3 Fedora Update System 2018-03-08 10:25:44 EST
authselect-0.3.2-1.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9853e65a1
Comment 4 Adam Williamson 2018-03-26 11:41:42 EDT
Proposing as a freeze exception for Beta, avoiding this bloat in minimal images seems worthwhile.
Comment 5 Stephen Gallagher 2018-03-26 12:36:17 EDT
I took a look at the changes to the dependencies that were made in 0.3.1 and 0.3.2 and I think they're wrong. Suggests: dependencies are useless in this context; there is no UI in DNF or PackageKit to actually provide feedback to the user.

The use of Recommends: was, in fact, the correct behavior. Recommends: essentially means "we think a default install of this package should require this, but in limited situations they could function without it."

Suggests: is actually only used when the depsolver needs to resolve two different packages that can both satisfy a virtual dependency and when neither is already part of the transaction or currently-installed set. So having them here is completely non-functional.

So either these weak dependencies should be left as Recommends: (because you think the average user of the system should have them if they install authselect), or they should be removed entirely.[*]


Peter, I think what you are looking for in minimal images would have been already satisfied by `dnf --setopt=install_weak_deps=False upgrade realmd`.  That usage of DNF really is how it should always be invoked in minimal environments.


[*] A future enhancement could be for authselect to do as realmd does and automatically install the necessary packages based on the auth mechanism the user has selected.
Comment 6 Adam Williamson 2018-03-26 12:41:55 EDT
"The use of Recommends: was, in fact, the correct behavior. Recommends: essentially means "we think a default install of this package should require this, but in limited situations they could function without it.""

I'm not sure I agree this is correct, at least in context. The typical case in Fedora is not *really* going to be "the user chooses to install authselect", after all. In practice, it's just going to get installed as part of initial system install, or on upgrade of an existing install, as in Peter's example. And we really don't want it to pull in all this stuff to minimal installs in that case, I don't think. I don't expect to do a 'minimal' install of Fedora from the network install image and have all that stuff pulled in.
Comment 7 Stephen Gallagher 2018-03-26 12:50:57 EDT
(In reply to Adam Williamson from comment #6)
> "The use of Recommends: was, in fact, the correct behavior. Recommends:
> essentially means "we think a default install of this package should require
> this, but in limited situations they could function without it.""
> 

Oops; I was typing in stream-of-consciousness and meant to go back and change this line. It should have read more like "Recommends: was closer to the correct behavior, in that it essentially means "we think a default install of this package should require this, but in limited situations they could function without it."

However, looking closer into the actual way that authselect seems to work, I think the final, more correct approach would be to drop these dependencies *entirely*. Making them Suggests: doesn't result in them ever being pulled in anyway (and just grows the repodata).
Comment 8 Geoffrey Marr 2018-03-26 14:43:27 EDT
Discussed during the 2018-03-26 blocker review meeting: [1]

The decision to classify this bug as an AcceptedFreezeException was made as it's desirable to remove the unwanted bits from the images that this addresses.

[1] https://meetbot.fedoraproject.org/fedora-blocker-review/2018-03-26/f28-blocker-review.2018-03-26-16.01.txt
Comment 9 Fedora Update System 2018-03-26 18:28:50 EDT
authselect-0.3.2-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.