Description of problem: During a customized installation anaconda does not exclude certain packages though they are marked as not to be installed in the packages section of the kickstart configuration. It seems some are 'reselected' as dependencies. I.e. ppp is selected again as dependency of NetworkManager. But firewalld is logged as 'deselected' and a few lines below without obvious log message as to why it is again 'selected' for installation. Version-Release number of selected component (if applicable): anaconda 19.30.13-1.fc19 How reproducible: On every test installation I've done. Steps to Reproduce: 1. create a ks configuration with the following package selection: %packages @core @standard ypbind autofs cfengine xorg-x11-xauth vim yum-cron ntp rwho munin-node iptables-services htop tcsh zsh -firewalld -ppp -wpa_supplicant -openrdate -wireless-tools -coolkey -fprintd -irda-utils -rdist -rsh -pcsc-lite -pcsc-lite-ccid %end 2. run the install and during the package installation take a look at /tmp/packaging.log 3. Even though deselected in the kickstart configuration firewalld and others get installed. Actual results: Packages that are deselected are installed anyway. Expected results: I would expect that packages marked as 'not to be installed' should not be installed. even if that may brake dependencies.
The installer always pulls in some packages:[1] $ less -N anaconda-19.30.13-1/pyanaconda/install.py ... 152 # anaconda requires storage packages in order to make sure the target 153 # system is bootable and configurable, and some other packages in order 154 # to finish setting up the system. 155 packages = storage.packages + ["authconfig", "firewalld"] + ksdata.realm.packages ... The post-installation section of the kickstart file could probably be used to remove some packages: 15.7. Post-installation Script http://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/s1-kickstart2-postinstallconfig.html Disclaimer: I have not actually used the post-installation kickstart feature. [1] The installer source is here: https://git.fedorahosted.org/git/anaconda.git
Installation Guide RFE: Bug 988328 - RFE: some packages cannot be excluded using a kickstart file
(In reply to Steve Tyler from comment #1) > The post-installation section of the kickstart file could probably be used > to remove some packages: > Disclaimer: I have not actually used the post-installation kickstart feature. Thanks for the details! I'm doing exactly that right now - that works ok. But since the feature exists to exclude packages it's kind of annoying to have to crosscheck what may get pulled back.
(In reply to Steve Tyler from comment #1) ... > 155 packages = storage.packages + ["authconfig", "firewalld"] + > ksdata.realm.packages ... The installer could probably write its "package" list to a log file, or the Installation Guide could list them.
(In reply to Steve Tyler from comment #4) > (In reply to Steve Tyler from comment #1) > ... > > 155 packages = storage.packages + ["authconfig", "firewalld"] + > > ksdata.realm.packages > ... > > The installer could probably write its "package" list to a log file, or the > Installation Guide could list them. Absolutely. If those default packages would be listed in the manual or possibly flagged in the package log file as 'default' it would be much easier than searching in the sources.
The installer may already be listing them. This group of four packages matches what the source says: Snippet from anaconda.packaging.log: ... 20:56:31,053 DEBUG packaging: select package grub2 20:56:31,055 DEBUG packaging: select package e2fsprogs 20:56:31,056 DEBUG packaging: select package authconfig 20:56:31,056 DEBUG packaging: select package firewalld ...
Since firewalld is a systemd service, another way is to make sure it is disabled after installation: $ sudo systemctl disable firewalld
From the packaging.log it's only clear that those are the 'default' packages if you already know that since a lot of others are selected in close proximity to those entries as well. Disabling the service would also be a good way to get rid of it. Thanks! I'm uninstalling this and other packages from within postinstall: %post #!/bin/bash yum -q -y remove firewalld and_others_too %end
(In reply to Steve Tyler from comment #7) > Since firewalld is a systemd service, another way is to make sure it is > disabled after installation: > $ sudo systemctl disable firewalld The kickstart "services" option can do exactly that: "--disabled — Disable the services given in the comma separated list." See also the "firewall" option: "firewall --enabled|--disabled [--trust=] <device> [--port=]" 15.4. Kickstart Options http://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/s1-kickstart2-options.html
Adding this to a test kickstart file with your exact package list almost works: services --disabled firewalld --enabled iptables The firewalld service is disabled: # systemctl status firewalld The iptables service is enabled. # systemctl status iptables But "iptables -L" shows no rules. This could be new bug. Tested with: $ qemu-kvm -m 4096 -hda f19-test-3.img -cdrom ~/xfr/fedora/F19/Fedora-19-x86_64-DVD.iso -vga std -boot menu=on
(In reply to Steve Tyler from comment #4) ... > The installer could probably write its "package" list to a log file, or the > Installation Guide could list them. I modified install.py on the Live image to log the "packages" variable: 23:10:40,579 INFO anaconda: pre-configured packages: ['grub2', 'e2fsprogs', 'lvm2', 'authconfig', 'firewalld'] == diff -u ... == --- install.py 2013-06-27 08:31:06.000000000 -0700 +++ install.py 2013-07-25 20:15:31.387147358 -0700 @@ -153,6 +153,7 @@ # system is bootable and configurable, and some other packages in order # to finish setting up the system. packages = storage.packages + ["authconfig", "firewalld"] + ksdata.realm.packages + log.info("pre-configured packages: " + str(packages)) # don't try to install packages from the install class' ignored list packages = [p for p in packages if p not in instClass.ignoredPackages] == Tested with: $ qemu-kvm -m 4096 -hda f19-test-3.img -cdrom ~/xfr/fedora/F19/Fedora-Live-Desktop-x86_64-19-1.iso -vga std -boot menu=on
Closing this bug since bug 988328 has been opened for the documentation issue. firewalld is the now the default firewall solution for Fedora and is always installed, see https://fedoraproject.org/wiki/Features/firewalld-default
Comment 11 was proposing that the anaconda-required packages be logged. As my testing shows, the implementation should be very easy. Should I open a new bug for that as an RFE?
Bug 993503 - RFE: log packages required by installer