amazon-linux-2023 icon indicating copy to clipboard operation
amazon-linux-2023 copied to clipboard
verified publisher icon amazonlinux

[Bug] - The `java-*-headless` packages should have weak dependencies on `fontconfig`

Open muru opened this issue 8 months ago • 8 comments

Describe the bug

In Ubuntu, the openjdk-*-jre-headless package only have "Recommends" dependencies on libfontconfig1, and only Suggests dependencies on specific font packages (example: openjdk-17-jre-headless on Ubuntu 24.04). On a ubuntu:24.04 Docker container, apt install openjdk-17-jre-headless adds 269 MB compared to 205 MB for apt install --no-install-recommends openjdk-17-jre-headless.

So on Amazon Linux 2023, for the corresponding package for Corretto, I'd expect weak dependencies on fontconfig (so that --setopt=install_weak_deps=False would skip installing fontconfig and other font packages). However, currently these seem to be normal dependencies instead. So with or without --setopt=install_weak_deps=False, about ~270 MB is added when installing java-17-amazon-corretto-headless.

To Reproduce Steps to reproduce the behavior: The following command will ask to install fontconfig and other font packages:

dnf install java-17-amazon-corretto-headless --setopt=install_weak_deps=False

Expected behavior The following command does not involve fontconfig or other font packages:

dnf install java-17-amazon-corretto-headless --setopt=install_weak_deps=False

muru avatar Apr 09 '25 03:04 muru

Thanks. We will pass this along to the Corretto team

ozbenh avatar Apr 09 '25 04:04 ozbenh

Just wanted to note that with microdnf (AL2023-Minimal Container) you need to use --setopt=install_weak_deps=0, it doesn't use "False". If i recall correctly, it silently "fails" with --setopt=install_weak_deps=False and installs everything.

r-heimann avatar Apr 09 '25 10:04 r-heimann

@muru since AL2023 is closer to Fedora than Ubuntu the former should be used for comparison!

Here are the dependencies when trying to install on Fedora:

elsaco@cernobyl:~$ sudo dnf install java-17-openjdk-headless
[sudo] password for elsaco:
Updating and loading repositories:
 Fedora 41 - x86_64 - Updates                                                   100% | 133.9 KiB/s |  29.6 KiB |  00m00s
 Docker CE Stable - x86_64                                                      100% |  75.2 KiB/s |   3.5 KiB |  00m00s
 Fedora 41 - x86_64 - Updates                                                   100% |   2.8 MiB/s |   2.8 MiB |  00m01s
Repositories loaded.
Package                                 Arch       Version                                 Repository               Size
Installing:
 java-17-openjdk-headless               x86_64     1:17.0.14.0.7-6.fc41                    updates             183.7 MiB
Installing dependencies:
 alsa-lib                               x86_64     1.2.13-3.fc41                           updates               1.4 MiB
 javapackages-filesystem                noarch     6.2.0-14.fc41                           fedora                1.9 KiB
 lksctp-tools                           x86_64     1.0.20-1.fc41                           updates             267.0 KiB
 tzdata-java                            noarch     2025b-1.fc41                            updates             100.1 KiB

Transaction Summary:
 Installing:         5 packages

Total size of inbound packages is 45 MiB. Need to download 45 MiB.
After this operation, 185 MiB extra will be used (install 185 MiB, remove 0 B).
Is this ok [y/N]:

Adding --setopt=install_weak_deps=False option makes no difference.

For what java-17-amazon-corretto-headless requires see:

https://github.com/corretto/corretto-17/blob/3077f94b3cbf26f6f061854bb4a1c12e4e6a1012/installers/linux/al2/spec/java-amazon-corretto.spec.template#L173

elsaco avatar Apr 10 '25 00:04 elsaco

@elsaco thanks for the data point! If I used Fedora, I'd raise a bug with them too, but for now I use only Ubuntu and AL2023 at work.

muru avatar Apr 10 '25 03:04 muru

I was trying to emphasize that Fedora gets its java-headless packaging done right, only the required dependencies would be installed and not font packages and other non-essential stuff. Since AL2023 grew out of Fedora's spec files the expectation was that it might follow Fedora's path. Corretto team disagrees!

elsaco avatar Apr 10 '25 16:04 elsaco

We have engaged the Corretto team. There is some concern that changing this might break existing expectations by some users, that said since dnf install will install the Recommends: by default, I suspect the risk is fairly low. I'll keep you updated

ozbenh avatar Apr 11 '25 00:04 ozbenh

@elsaco ah, got it. I saw it trying to install ALSA, which is also just a Recommends dependency in Ubuntu 24.04, and I thought the Fedora guys had got it wrong too. My bad!

Thanks for the update, @ozbenh!

muru avatar Apr 11 '25 03:04 muru

We have engaged the Corretto team. There is some concern that changing this might break existing expectations by some users, that said since dnf install will install the Recommends: by default, I suspect the risk is fairly low. I'll keep you updated

Having to deal with less packages for the same functionality in corretto-headless would be a big win for customers, especially when said packages might contain future security vulnerabilities. Here's hoping it will get "fixed"!

r-heimann avatar Apr 11 '25 05:04 r-heimann