Koschei displays <https://apps.fedoraproject.org/koschei/build/5430532> 34 new packages (dracut, dbus, systemd etc.) that are transitively pulled into minimal build root ('/usr/bin/dnf' '--setopt=install_weak_deps=0' 'groupinstall' 'build') since upgrading crypto-policies package from 20180921-1.git391ed9f to 20180921-2.git391ed9f: acl cryptsetup-libs dbus dbus-common dbus-daemon dbus-libs dbus-tools device-mapper device-mapper-libs dracut gettext gettext-libs gnutls grub2-common grub2-tools grub2-tools-minimal grubby iptables-libs json-c kmod kmod-libs libargon2 libcroco libgomp libkcapi libkcapi-hmaccalc libpcap libseccomp nettle os-prober qrencode-libs systemd systemd-pam systemd-udev In my opinion this build root inflation is not reasonable. Could you please fix it? The crypto-policies update contains only this commit: commit 2486d13d3405e745c4b6d4f1fc3afc4127d0b764 (HEAD -> master, origin/master, origin/f29, origin/HEAD) Author: Tomas Mraz <tmraz> Date: Fri Sep 21 16:02:41 2018 +0200 Fix requires for grubby [...] -Requires: /usr/bin/grubby +Requires: /usr/sbin/grubby If crypto-policies indeed need grubby executable, then either split crypto-policies into more subpacakges or reassign this issues to grubby.
Actually, this is the commit adding the dependency: https://src.fedoraproject.org/rpms/crypto-policies/c/a705dd8ea52d5548492ec8c6e107b9740b7371da I'd say that fips-mode-setup should go into subpackage or there should be just "Recommends: /usr/sbin/grubby". BTW %{_sbindir}/grubby should be used in place of /usr/sbin/grubby.
I will use weak dependencies then and handle eventually missing grubby in the script so the user is notified that he needs to install it for the bootloader configuration modification.
Could you please elaborate why it should not go into subpackage? I don't think I am going to use FIPS on my Fedora any time soon, so I would not miss this command at all.
Because the fips mode setup commands are two short simple shell scripts for example. And grubby is usually installed anyway (except for things such as the minimal buildroot which is solved by using the weak dependency).
crypto-policies-20180925-1.git71ca85f.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-95580e520c
crypto-policies-20180925-1.git71ca85f.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-95580e520c
crypto-policies-20180925-1.git71ca85f.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.