core: Use SOLVER_LOCK for locking base packages #2125

jlebon · 2020-06-09T17:29:58Z

For the Fedora CoreOS extensions work, when layering packages, we need
to be able to tell libsolv to pick the packages which will go with the
base packages. IOW, it needs to know that the base packages shouldn't be
uninstalled.

While investigating
coreos/fedora-coreos-tracker#525, I realized
that libsolv does have a flag which allows us to express this:
SOLVER_LOCK.

This then allows libsolv to choose the right package for us (if found).
And in the case where it can't find a matching package, libsolv itself
will print exactly what the conflict is, which is more informative than
the "forbidden replacements" error we currently print out.

Update submodule: libdnf

openshift-ci-robot · 2020-06-09T17:30:00Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

jlebon · 2020-06-09T17:30:10Z

Requires: rpm-software-management/libdnf#974

dustymabe · 2020-06-09T17:39:53Z

and lets libsolv/libdnf print exactly what the conflict
is.

well that would be amazing!

jlebon · 2020-06-09T17:43:51Z

Sample output in coreos/fedora-coreos-tracker#525 (comment).

jlebon · 2020-06-09T17:45:39Z

It also helps to more easily diagnose the split base/layered problem too (#415). Here the machine has gnutls-3.6.13 installed, but gnutls-3.6.14 is in the repos. Let's try to add gnutls-utils which is version-locked with gnutls:

[root@cosa-devsh ~]# rpm-ostree install gnutls-utils
Checking out tree 08040be... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora fedora-modular updates-modular
rpm-md repo 'fedora-cisco-openh264' (cached); generated: 2020-03-17T20:10:45Z
rpm-md repo 'updates' (cached); generated: 2020-06-07T18:20:54Z
rpm-md repo 'fedora' (cached); generated: 2020-04-22T22:22:36Z
rpm-md repo 'fedora-modular' (cached); generated: 2020-04-22T21:03:13Z
rpm-md repo 'updates-modular' (cached); generated: 2020-06-05T04:14:06Z
Importing rpm-md... done
Resolving dependencies... done
error: Could not depsolve transaction; 1 problem detected:
 Problem: conflicting requests
  - package gnutls-utils-3.6.14-1.fc32.x86_64 requires libgnutls.so.30(GNUTLS_3_6_14)(64bit), but none of the providers can be installed
  - package gnutls-utils-3.6.14-1.fc32.x86_64 requires gnutls(x86-64) = 3.6.14-1.fc32, but none of the providers can be installed
  - package gnutls-utils-3.6.13-1.fc32.x86_64 requires gnutls(x86-64) = 3.6.13-1.fc32, but none of the providers can be installed
  - cannot install both gnutls-3.6.14-1.fc32.x86_64 and gnutls-3.6.13-4.fc32.x86_64
  - cannot install both gnutls-3.6.13-1.fc32.x86_64 and gnutls-3.6.13-4.fc32.x86_64

src/libpriv/rpmostree-core.c

This will be useful in rpm-ostree for us to express the fact that base packages by default should be "locked"; i.e. we don't want libsolv to try to update them. For more information, see: coreos/rpm-ostree#2125

This will be useful in rpm-ostree for us to express the fact that base packages by default should be "locked"; i.e. we don't want libsolv to try to update them. For more information, see: coreos/rpm-ostree#2125 Closes: #974 Approved by: kontura

For the Fedora CoreOS extensions work, when layering packages, we need to be able to tell libsolv to pick the packages which will go with the base packages. IOW, it needs to know that the base packages shouldn't be uninstalled. While investigating coreos/fedora-coreos-tracker#525, I realized that libsolv does have a flag which allows us to express this: `SOLVER_LOCK`. This then allows libsolv to choose the right package for us (if found). And in the case where it can't find a matching package, libsolv itself will print exactly what the conflict is, which is more informative than the "forbidden replacements" error we currently print out. Update submodule: libdnf

jlebon · 2020-08-27T13:11:06Z

Ready for review and now with (passing) tests!

jlebon · 2020-08-27T13:24:46Z

The added test describes what is now possible, but just for a more realistic example, here's an older f32-based FCOS stable release trying to overlay systemd-journal-remote before and after this patch using Dusty's POC archive repo.

Before:

# rpm-ostree install systemd-journal-remote
...
Forbidden base package replacements:
  systemd 245.6-2.fc32 -> 245.7-1.fc32 (updates)
  systemd-libs 245.6-2.fc32 -> 245.7-1.fc32 (updates)
  systemd-container 245.6-2.fc32 -> 245.7-1.fc32 (updates)
  systemd-pam 245.6-2.fc32 -> 245.7-1.fc32 (updates)
  systemd-rpm-macros 245.6-2.fc32 -> 245.7-1.fc32 (updates)
  systemd-udev 245.6-2.fc32 -> 245.7-1.fc32 (updates)
This likely means that some of your layered packages have requirements on newer or older versions of some base packages. Doing `rpm-ostreResolving dependencies... done
error: Some base packages would be replaced

After, without the archive repo:

# rpm-ostree install systemd-journal-remote
...
Resolving dependencies... done
error: Could not depsolve transaction; 1 problem detected:
 Problem: conflicting requests
  - package systemd-journal-remote-245.7-1.fc32.x86_64 requires systemd(x86-64) = 245.7-1.fc32, but none of the providers can be installed
  - package systemd-journal-remote-245.4-1.fc32.x86_64 requires systemd(x86-64) = 245.4-1.fc32, but none of the providers can be installed
  - cannot install both systemd-245.7-1.fc32.x86_64 and systemd-245.6-2.fc32.x86_64
  - cannot install both systemd-245.4-1.fc32.x86_64 and systemd-245.6-2.fc32.x86_64

It's a little verbose, but it contains more precise information about the issue: systemd-journal-remote wants newer systemd, and libsolv refuses to install both the old and new systemd at the same time. Ideally, libsolv/libdnf would improve the error message here so that it explicitly also says e.g. "cannot uninstall locked package systemd-245.6-2.fc32.x86_64".

But this is still a major improvement because we can actually trace which packages we're trying to layer wants the base to move.

And now, retrying the same operation, but with Dusty's archive repo containing older packages:

# rpm-ostree install systemd-journal-remote
...
Added:
  info-6.7-6.fc32.x86_64
  libmicrohttpd-1:0.9.71-1.fc32.x86_64
  systemd-journal-remote-245.6-2.fc32.x86_64
Run "systemctl reboot" to start a reboot

IOW, libsolv correctly picks the older systemd-journal-remote which matches the systemd from the base layer. So this in effect solves #415.

dustymabe · 2020-08-27T13:27:46Z

But this is still a major improvement because we can actually trace which packages we're trying to layer wants the base to move.

It is a MAJORRRRR improvement!

And now, retrying the same operation, but with Dusty's archive repo containing older packages:
# rpm-ostree install systemd-journal-remote
...
Added:
  info-6.7-6.fc32.x86_64
  libmicrohttpd-1:0.9.71-1.fc32.x86_64
  systemd-journal-remote-245.6-2.fc32.x86_64
Run "systemctl reboot" to start a reboot
IOW, libsolv correctly picks the older systemd-journal-remote which matches the systemd from the base layer. So this in effect solves #415.

🎉🎉🎉🎉

cgwalters · 2020-08-28T16:30:19Z

/lgtm
Very nice and simple!

openshift-ci-robot · 2020-08-28T16:30:22Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, jlebon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [cgwalters,jlebon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

This is the culmination of a lot of work to make package layering more reliable. This archive repo provides all packages that have ever been in the updates repository, which means there should always be a solution that will depsolve given the existing set of base layer packages. Pairing this along with coreos/rpm-ostree#2125 means that we should finally see less of the split base layer vs update repo problem and see less `Forbidden base package replacements` errors. Fixes: coreos/fedora-coreos-tracker#400

This is the culmination of a lot of work to make package layering more reliable. This archive repo provides all packages that have ever been in the updates repository, which means there should always be a solution that will depsolve given the existing set of base layer packages. Pairing this along with coreos/rpm-ostree#2125 means that we should finally see less of the split base layer vs update repo problem and see less `Forbidden base package replacements` errors. For context see coreos/fedora-coreos-tracker#400 (cherry picked from commit 5ee6bce)

This is the culmination of a lot of work to make package layering more reliable. This archive repo provides all packages that have ever been in the updates repository, which means there should always be a solution that will depsolve given the existing set of base layer packages. Pairing this along with coreos/rpm-ostree#2125 means that we should finally see less of the split base layer vs update repo problem and see less `Forbidden base package replacements` errors. Fixes: coreos/fedora-coreos-tracker#400

This is the culmination of a lot of work to make package layering more reliable. This archive repo provides all packages that have ever been in the updates repository, which means there should always be a solution that will depsolve given the existing set of base layer packages. Pairing this along with coreos/rpm-ostree#2125 means that we should finally see less of the split base layer vs update repo problem and see less `Forbidden base package replacements` errors. For context see coreos/fedora-coreos-tracker#400

openshift-ci-robot added the do-not-merge/work-in-progress label Jun 9, 2020

openshift-ci-robot requested review from ashcrow and cgwalters June 9, 2020 17:30

openshift-ci-robot added the approved label Jun 9, 2020

jlebon mentioned this pull request Jun 9, 2020

package layering fails on f32 base with modular packages coreos/fedora-coreos-tracker#525

Closed

jlebon mentioned this pull request Jun 9, 2020

split base/layered versionlocked package problem (krb5-workstation) #415

Closed

ashcrow requested review from miabbott and removed request for ashcrow June 9, 2020 18:48

lucab reviewed Jun 10, 2020

View reviewed changes

dustymabe mentioned this pull request Aug 21, 2020

support a framework for "reliable extensions" to the base OS coreos/fedora-coreos-tracker#401

Closed

jlebon force-pushed the pr/wip-lock branch from 8d916d3 to 5812912 Compare August 26, 2020 21:13

jlebon changed the title ~~WIP: Use SOLVER_LOCK for locking base packages~~ core: Use SOLVER_LOCK for locking base packages Aug 26, 2020

jlebon force-pushed the pr/wip-lock branch from 5812912 to f055334 Compare August 27, 2020 02:09

jlebon marked this pull request as ready for review August 27, 2020 13:10

openshift-ci-robot removed the do-not-merge/work-in-progress label Aug 27, 2020

openshift-ci-robot assigned cgwalters Aug 28, 2020

openshift-ci-robot added the lgtm label Aug 28, 2020

openshift-merge-robot merged commit 71992e3 into coreos:master Aug 28, 2020

cgwalters mentioned this pull request Sep 3, 2020

[testing-devel] overrides: fast-track podman-2.0.6-1.fc32, ostree-2020.6-2.fc32 coreos/fedora-coreos-config#596

Merged

dustymabe mentioned this pull request Oct 7, 2020

manifests: fedora-coreos: add archive repo to FCOS coreos/fedora-coreos-config#673

Merged

jlebon mentioned this pull request Feb 27, 2023

rpm-ostree should show problematic packages when depsolve fails #4316

Open

jlebon deleted the pr/wip-lock branch April 23, 2023 23:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

core: Use SOLVER_LOCK for locking base packages #2125

core: Use SOLVER_LOCK for locking base packages #2125

jlebon commented Jun 9, 2020 •

edited

Loading

openshift-ci-robot commented Jun 9, 2020

jlebon commented Jun 9, 2020

dustymabe commented Jun 9, 2020

jlebon commented Jun 9, 2020

jlebon commented Jun 9, 2020 •

edited

Loading

jlebon commented Aug 27, 2020

jlebon commented Aug 27, 2020

dustymabe commented Aug 27, 2020

cgwalters commented Aug 28, 2020

openshift-ci-robot commented Aug 28, 2020

core: Use SOLVER_LOCK for locking base packages #2125

core: Use SOLVER_LOCK for locking base packages #2125

Conversation

jlebon commented Jun 9, 2020 • edited Loading

openshift-ci-robot commented Jun 9, 2020

jlebon commented Jun 9, 2020

dustymabe commented Jun 9, 2020

jlebon commented Jun 9, 2020

jlebon commented Jun 9, 2020 • edited Loading

jlebon commented Aug 27, 2020

jlebon commented Aug 27, 2020

dustymabe commented Aug 27, 2020

cgwalters commented Aug 28, 2020

openshift-ci-robot commented Aug 28, 2020

jlebon commented Jun 9, 2020 •

edited

Loading

jlebon commented Jun 9, 2020 •

edited

Loading