compose: Add --ex-lockfile-strict #1858
Conversation
|
There's possibly a cleaner way of doing this. One issue is that there's no "fail instead of installing dependencies" flag to give to libdnf. We could avoid depsolving entirely and let librpm depcheck the transaction, though we rely on the goal in a bunch of places too. |
|
We talked through this when the lockfile semantics were being added, today we match e.g. Probably what we want here is really for the *COS pipelines to use |
|
Right yeah, I'm open to switching the default vs flagged options around. |
I'm 👍 for either way as the default. |
|
☔ The latest upstream changes (presumably dbf28ac) made this pull request unmergeable. Please resolve the merge conflicts. |
jlebon
force-pushed
the
pr/strict-lockfile
branch
from
d1dccb0
to
b2b82b1
Compare
jlebon
changed the title
|
OK, reworked this! Commit message updated. |
jlebon
force-pushed
the
pr/strict-lockfile
branch
from
b2b82b1
to
7dd5352
Compare
|
Rebased! (And reworked the relaxed path to be more efficient.) |
|
Would appreciate some eyes on this and #2058 soon-ish! |
There was a problem hiding this comment.
Overall, this looks very good! That said, per our live discussion I am increasingly feeling that what we really want to do is reify this - we should extract something like:
rpm-ostree compose update-locked-rpmmd-repo --lockfile /path/to/lockfile.json --rpmmd-repo /path/to/repo
And we run that as a service that generates e.g. coreos-testing-devel.repo coreos-stable.repo etc.
This would make it trivial to use e.g. dnf download to get access to an RPM locked in this way, which would be generally useful.
And further then, this complex and subtle lockfile logic doesn't need to live in rpm-ostree, it could live in libdnf or some other tool/library that runs on the buildsystem side.
The huge difference between what we're doing and what Rust's cargo and other tools like that are doing is that we actually want to enforce a lot of uniformity in what we're locking, we don't expect many other consumers.
src/libpriv/rpmostree-core.c
Outdated
| g_autoptr(GHashTable) goal_nevras = | ||
| g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL); | ||
| for (guint i = 0; i < pkgs->len; i++) | ||
| g_hash_table_add (goal_nevras, g_strdup (dnf_package_get_nevra (pkgs->pdata[i]))); |
There was a problem hiding this comment.
(If we were writing this in Rust we could be confident to avoid a strdup because we could guarantee the lifetime of the hashset with nevra is <= lifetime of the pkgs list)
src/libpriv/rpmostree-core.c
Outdated
| return NULL; | ||
|
|
||
| if (g_str_equal (chksum, repodata_chksum)) | ||
| g_ptr_array_add (pkgs, g_object_ref (match)); |
There was a problem hiding this comment.
How about something like:
n_checksum_mismatches++;
and then below:
src/libpriv/rpmostree-core.c
Outdated
| g_ptr_array_add (pkgs, g_object_ref (match)); | ||
| } | ||
| } | ||
| if (old_pkgs_len == pkgs->len) |
There was a problem hiding this comment.
I think an if (matched) would be a bit clearer here.
src/libpriv/rpmostree-core.c
Outdated
| } | ||
| } | ||
| if (old_pkgs_len == pkgs->len) | ||
| return glnx_null_throw (error, "Couldn't find locked package '%s'%s%s", |
There was a problem hiding this comment.
(%d non-matching packages), n_checksum_mismatches or so?
| } | ||
| Map *map = dnf_packageset_get_map (pset); | ||
| map_setall (map); | ||
| map_subtract (map, dnf_packageset_get_map (locked_pset)); | ||
| dnf_sack_add_excludes (sack, pset); |
There was a problem hiding this comment.
This is fine as is, but it'd be clearer if there was an API like dnf_sack_include_only(locked_pset).
Today, lockfiles only restrict the NEVRA of specifc package names from which libsolv can pick. But nothing stops libsolv from picking entirely different packages which still satisfy the manifest requests. This was mostly a theoretical issue in Fedora CoreOS, but became reality with the addition of Fedora 32 packages in the pool. libsolv would happily try to pick e.g. `libcurl-minimal` from f32 instead of sticking with the f31 `libcurl` from the lockfiles: coreos/fedora-coreos-streams#75 (comment) (But more generally, see coreos/fedora-coreos-tracker#454). Let's add a `--ex-lockfile-strict` mode, which in CI and production pipeline build contexts will require that (1) *only* locked packages are considered by libsolv, and (2) *all* locked packages were marked for install. One important thing to note here is that we don't short-circuit libsolv and manually `hy_goal_install` lockfile packages. We want to make sure the treefile is still canonical. Strict mode simply ensures that the result agrees with the lockfile. That said, even in developer contexts, we don't want the `libcurl-minimal` issue that happened to be triggered. But we still want to allow flexibility in adding and removing packages to make hacking easier. I have some follow-up patches which will enable this.
jlebon
force-pushed
the
pr/strict-lockfile
branch
from
7dd5352
to
05d19ab
Compare
|
Updated for comments! I also ended up dropping |
|
/test sanity |
|
With nuking |
|
/test sanity |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, jlebon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Minor follow-up to coreos#1858. Make the help string here more helpful and accurate.
Minor follow-up to coreos#1858. Make the help string here more helpful and accurate.
Minor follow-up to #1858. Make the help string here more helpful and accurate.
Today, lockfiles only restrict the NEVRA of specifc package names from
which libsolv can pick. But nothing stops libsolv from picking entirely
different packages which still satisfy the manifest requests.
This was mostly a theoretical issue in Fedora CoreOS, but became reality
with the addition of Fedora 32 packages in the pool. libsolv would
happily try to pick e.g.
libcurl-minimalfrom f32 instead of stickingwith the f31
libcurlfrom the lockfiles:coreos/fedora-coreos-streams#75 (comment)
(But more generally, see
coreos/fedora-coreos-tracker#454).
Let's add a
--ex-lockfile-strictmode, which in CI and productionpipeline build contexts will require that (1) only locked packages are
considered by libsolv, and (2) all locked packages were marked for
install.
One important thing to note here is that we don't short-circuit libsolv
and manually
hy_goal_installlockfile packages. We want to make surethe treefile is still canonical. Strict mode simply ensures that the
result agrees with the lockfile.
That said, even in developer contexts, we don't want the
libcurl-minimalissue that happened to be triggered. But we still wantto allow flexibility in adding and removing packages to make hacking
easier. I have some follow-up patches which will enable this.
Note: part (2) above was no longer true when this PR was merged, but I forgot to fix the commit message. See #1858 (comment).