https://fedoraproject.org/wiki/Features/LimitScriptletUsage
== Summary ==
Remove direct scriptlet calls from "core packages" (those that are
used to build minimal container image). The packages can still affect
changes during installation by placing files in the correct locations
to trigger registered external programs.
== Owner ==
* Name: [[User:james| James Antill]]
== Detailed Description ==
Currently we know how to make an installable OS with packages that
doesn't require the use of scriptlets, indeed rpm-ostree and others
have already done this on a significantly bigger scale. So we plan to
remove direct scriptlets from most (if not all) of the packages in the
main fedora container image for Fedora 31. This means all four of:
%pre/%post/%preun/%postun. After this change it'd be good to have some
kind of temporary exception to be granted before those packages could
add a scriptlet back (post F31 work).
Almost all of the hard work is already done, as rpm can react to files
being dropped in specified places with known actions (Eg. In this way
systemd components can create users or files). There are a few minor
changes needed to packages to move from the old way of doing things
(Eg. calling adduser) to doing the new thing. Note that while a
program will still be run at installation time, those programs will be
few and easily audited (as against the 666 slightly different ways of
adding a user we currently have).
== Benefit to Fedora ==
At the moment all of the packages with scriptlets (and anything
installed with them) are basically opaque programs that happen to also
carry files that are installed, from the point of view of all of the
packaging tools (rpm, ostree, composer, etc.) . After this change the
entire installation of the main container image will be declarative,
and thus. understandable by all of those tools. This should make
things faster, and allow new optimizations and features.
This should also make packagers life easier in the long term, as
packaging becomes less unique.
== Scope ==
Proposal owners:
* James Antill
* 1 needs to get combine.d into the distribution, and then /etc/shells
can use that.
* 2 minor wrangling of package owners to tweak specfiles.
* Other developers:
* Policies and guidelines: We should work toward only allowing new
scriptlets to appear with policy exceptions, in any of the fixed
packages. This needs to be done somewhat carefully, and post F31.
== How To Test ==
All of the following should provide no output on a standard container:
* rpm -a --qf '%{preinprog}'
* rpm -a --qf '%{preunprog}'
* rpm -a --qf '%{postinprog}'
* rpm -a --qf '%{postunprog}'
* rpm -a --qf '%{pretransprog}'
* rpm -a --qf '%{posttransprog}'
== User Experience ==
There should be no significant difference to users, initially,
although package installation should be faster.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
Until higher level packaging/installation tooling starts to depend on
the scriptlets not being present it is always possible to just let
those packages which still have scriptlets continue, if it's required.
* Contingency mechanism: Just ship packages with scriptlets, as we
always have done.
* Contingency deadline: N/A
* Blocks release? No
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
If you have a Change proposal that requires a mass rebuild or are
categorized as a system-wide change, those proposals must be submitted
(i.e. in ChangeReadyForWrangler category) tomorrow, 2 July.
Self-contained change proposals are due on 23 July.
For more development milestones in the F31 schedule, see:
https://fedorapeople.org/groups/schedule/f-31/f-31-devel-tasks.html
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis