azlinux: use weak dependency for prebuilt-ca-certificates#584
Merged
cpuguy83 merged 1 commit intoproject-dalec:mainfrom Mar 25, 2025
Merged
azlinux: use weak dependency for prebuilt-ca-certificates#584cpuguy83 merged 1 commit intoproject-dalec:mainfrom
cpuguy83 merged 1 commit intoproject-dalec:mainfrom
Conversation
cpuguy83
force-pushed
the
fix_azlinux_shell
branch
2 times, most recently
from
457dc69 to
db52491
Compare
MorrisLaw
approved these changes
Mar 25, 2025
As it turns out, the previous "fix" was causing dnf to *always* choose `ca-certificates`, presumably because it is what it sees first in the package repo. By using a weak dependency we can allow the built package to depend on ca-certificates and ignore the prebuilt-ca-certificates but by default install the prebuilt ones. The end result of the previous case is we end up with bash and some other tools int he final image, which is undesirable. Notably, mariner2 does not support weak deps so it will just install the recommended package and error out if someone tries to include ca-certificates. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
cpuguy83
force-pushed
the
fix_azlinux_shell
branch
from
db52491 to
b935042
Compare
Collaborator
Author
|
I updated this to skip the test that checks if |
Collaborator
Author
|
If it becomes a problem, and I doubt it would, we can do more like manually walking the dependency tree to see if we should install the prebuilt certs or not. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As it turns out, the previous "fix" was causing dnf to always choose
ca-certificates, presumably because it is what it sees first in the package repo.By using a weak dependency we can allow the built package to depend on ca-certificates and ignore the prebuilt-ca-certificates but by default install the prebuilt ones.
The end result of the previous case is we end up with bash and some other tools int he final image, which is undesirable.
ref: https://docs.fedoraproject.org/en-US/packaging-guidelines/WeakDependencies/