buildah
buildah copied to clipboard
containers
dnf --installroot documentation needs updating for newer Fedora and DNF
Currently Buildah's documentation mentions two examples where dnf --installroot is used to generate a rootfs for Buildah:
Best I can tell this still works on EL9, EL10 as well as Fedora 40 and below. However, trying these on Fedora 41+, these commands don't actually work. Presumably this is because Fedora 41+ have switched to DNF5, which is not fully backwards compatible with earlier versions of DNF.
In my testing I needed to at least add the option --use-host-config to my dnf invocation to reproduce these commands on Fedora 41. That itself would be an easy fix, but I noticed at least on some Fedora 41 variants an additional workaround is necessary when attempting to do the rootless install the buildah unshare documentation describes. I'm not sure that's a workaround that'd be appropriate to include in documentation, or whether that points to an issue elsewhere.
I cannot build images from scratch since Fedora 42.
I used the following within a script that I run with buildah unshare:
dnf install \
--use-host-config \
--releasever 42 \
--assumeyes \
--noplugins \
--nodocs \
--setopt countme=false \
--setopt install_weak_deps=0 \
$PKGS
Since Fedora 42 I get the following errors:
>>> Finished pre-transaction scriptlet: filesystem-0:3.18-36.fc42.x86_64
>>> [RPM] Unable to get systemd shutdown inhibition lock: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
...
>>> Running sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> Error in sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> [RPM] %sysusers(setup-2.15.0-13.fc42.noarch) scriptlet failed, exit status 127
[10/72] Installing filesystem-0:3.18-36.fc42.x86_64 100% | 1.7 MiB/s | 212.4 KiB | 00m00s
>>> [RPM] setup-2.15.0-13.fc42.noarch: install failed
>>> [RPM] failed to open /etc/group for id/name lookup: No such file or directory
>>> [RPM] group mail does not exist - using root
...
Transaction failed: Rpm transaction failed.
Adding --setopt persistdir=$(mktemp -d) did not help.
Looks like the install is trying to communicate with systemd?
Could you try this in rootful mode?
@rhatdan Running the script with sudo works. I think the systemd warning was there before, but the image was created anyway. The issue since Fedora 42 seems to be the sysusers scriptlet.
buildah unshare plot.sh:
>>> Error in sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> [RPM] %sysusers(setup-2.15.0-13.fc42.noarch) scriptlet failed, exit status 127
[10/72] Installing filesystem-0:3.18-36.fc42.x86_64 100% | 1.7 MiB/s | 212.4 KiB | 00m00s
>>> [RPM] setup-2.15.0-13.fc42.noarch: install failed
>>> [RPM] failed to open /etc/group for id/name lookup: No such file or directory
>>> [RPM] group mail does not exist - using root
sudo -E plot.sh:
[ 8/85] Installing fedora-release-0:42-26.noarch 100% | 4.5 KiB/s | 124.0 B | 00m00s
>>> Running sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> Finished sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> Scriptlet output:
>>> Creating group 'adm' with GID 4.
>>> Creating group 'audio' with GID 63.
>>> Creating group 'bin' with GID 1.
>>> Creating group 'cdrom' with GID 11.
>>> Creating group 'clock' with GID 103.
>>> Creating group 'daemon' with GID 2.
>>> Creating group 'dialout' with GID 18.
>>> Creating group 'disk' with GID 6.
>>> Creating group 'floppy' with GID 19.
>>> Creating group 'ftp' with GID 50.
>>> Creating group 'games' with GID 20.
>>> Creating group 'input' with GID 104.
>>> Creating group 'kmem' with GID 9.
>>> Creating group 'kvm' with GID 36.
>>> Creating group 'lock' with GID 54.
>>> Creating group 'lp' with GID 7.
>>> Creating group 'mail' with GID 12.
>>> Creating group 'man' with GID 15.
>>> Creating group 'mem' with GID 8.
>>> Creating group 'nobody' with GID 65534.
>>> Creating group 'render' with GID 105.
>>> Creating group 'root' with GID 0.
>>> Creating group 'sgx' with GID 106.
>>> Creating group 'sys' with GID 3.
>>> Creating group 'tape' with GID 33.
>>> Creating group 'tty' with GID 5.
>>> Creating group 'users' with GID 100.
>>> Creating group 'utmp' with GID 22.
>>> Creating group 'video' with GID 39.
>>> Creating group 'wheel' with GID 10.
>>>
>>> Running sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> Finished sysusers scriptlet: setup-0:2.15.0-13.fc42.noarch
>>> Scriptlet output:
>>> Creating user 'adm' (adm) with UID 3 and GID 4.
>>> Creating user 'bin' (bin) with UID 1 and GID 1.
>>> Creating user 'daemon' (daemon) with UID 2 and GID 2.
>>> Creating user 'ftp' (FTP User) with UID 14 and GID 50.
>>> Creating user 'games' (games) with UID 12 and GID 20.
>>> Creating user 'halt' (halt) with UID 7 and GID 0.
>>> Creating user 'lp' (lp) with UID 4 and GID 7.
>>> Creating user 'mail' (mail) with UID 8 and GID 12.
>>> Creating user 'nobody' (Kernel Overflow User) with UID 65534 and GID 65534.
>>> Creating user 'operator' (operator) with UID 11 and GID 0.
>>> Creating user 'root' (Super User) with UID 0 and GID 0.
>>> Creating user 'shutdown' (shutdown) with UID 6 and GID 0.
>>> Creating user 'sync' (sync) with UID 5 and GID 0.
>>>
The relevant commands in the script:
_CONTAINER_REF=$(buildah from scratch)
_MOUNT_REF=$(buildah mount $_CONTAINER_REF)
dnf install \
--installroot ${_MOUNT_REF:?} \
--use-host-config \
--releasever 42 \
--assumeyes \
--noplugins \
--nodocs \
--setopt install_weak_deps=0 \
--setopt countme=false \
java-21-openjdk-headless curl ca-certificates
@rhatdan I have the same error but installing «mariadb-server» with the dependency on «systemd» package, it fails the installation using rootless buildah.
Distro: Fedora 42
Running transaction
[1/4] Verify package files 100% | 46.0 B/s | 2.0 B | 00m00s
[2/4] Prepare transaction 100% | 24.0 B/s | 2.0 B | 00m00s
>>> Running sysusers scriptlet: systemd-0:257.5-6.fc42.x86_64
>>> Error in sysusers scriptlet: systemd-0:257.5-6.fc42.x86_64
>>> [RPM] %sysusers(systemd-257.5-6.fc42.x86_64) scriptlet failed, exit status 127
>>> Running sysusers scriptlet: mariadb-server-3:10.11.11-6.fc42.x86_64
>>> Error in sysusers scriptlet: mariadb-server-3:10.11.11-6.fc42.x86_64
>>> [RPM] systemd-257.5-6.fc42.x86_64: install failed
>>> [RPM] %sysusers(mariadb-server-3:10.11.11-6.fc42.x86_64) scriptlet failed, exit status 127
Transaction failed: Rpm transaction failed.
I'm using this commands
$ container_name=$(buildah from registry.fedoraproject.org/fedora-minimal:42)
$ export container_name
$ buildah unshare
# container_mount_location=$(buildah mount ${container_name})
# dnf_configuration="--releasever=42 --disable-repo=updates-testing --nodocs --nogpgcheck --setopt install_weak_deps=false --installroot ${container_mount_location}"
# dnf ${dnf_configuration} -y install \
mariadb-server \
mariadb-server-utils \
unzip
rpm -q --scripts mariadb-server
postinstall scriptlet (using /bin/sh):
if [ $1 -eq 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
# Initial installation
/usr/lib/systemd/systemd-update-helper install-system-units mariadb.service || :
fi
preuninstall scriptlet (using /bin/sh):
if [ $1 -eq 0 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
# Package removal, not upgrade
/usr/lib/systemd/systemd-update-helper remove-system-units mariadb.service || :
fi
postuninstall scriptlet (using /bin/sh):
if [ $1 -ge 1 ] && [ -x "/usr/lib/systemd/systemd-update-helper" ]; then
# Package upgrade, not uninstall
/usr/lib/systemd/systemd-update-helper mark-restart-system-units mariadb.service || :
fi
Looks like one of these is failing.
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Given there's been a few additional reports, I think it's probably fair to say that this is both a documentation bug for Buildah (the current docs don't work for the current DNF5), as well as a bug in DNF5. I've opened https://github.com/rpm-software-management/dnf5/issues/2325 there.
A friendly reminder that this issue had no activity for 30 days.
So on the dnf side github.com/rpm-software-management/dnf5/issues/2325 has been accepted. The documentation with Buildah should be updated - so this issue is still valid - but we'll need to see what kind of exact solution the DNF project settles on.