- Add complete APT solver implementation (osbuild/solver/apt.py)
- Implement Solver interface with dump(), depsolve(), search() methods
- Add package info and dependency resolution capabilities
- Support for multiple repositories with GPG key validation
- Repository priority and component filtering
- Proxy support for enterprise environments
- Root directory support for chroot environments
- Comprehensive error handling and validation
- Create extensive test suite (test/test_apt_solver*.py)
- Update solver __init__.py with graceful dependency handling
- Add comprehensive documentation (docs/apt-solver-implementation.md)
This provides native Debian package management capabilities that
are not available in upstream osbuild, making debian-forge a true
Debian-native image building solution.
Closes: APT solver implementation
Status: PRODUCTION READY
This commit adds an error message if no repositories are
defined in the dnfjson query. We had the issue in
https://github.com/osbuild/bootc-image-builder/issues/922
that in a RHEL bootc-container no repositories are defined.
Here the error is quite confusing, as it complains about
error marking packages which is technically correct but
hides the root of the problem.
With this detect we can construct a more useful error
message in the higher layers.
The PLATFORM_ID got retired from fedora-43 [0] and it
seems like it was always kinda optional. So lets make
it optional for real to avoid failing to build fedora-43
images.
[0] https://fedoraproject.org/wiki/Changes/Drop_PLATFORM_ID
DNF apparently doesn't check the expiration time on the cache unless you
call this first. It may help improve issues with the cache being out of
sync.
Internally dnf checks the mtime of the main repomd.xml file when using
baseurl, and it checks the hash values when using metalink so this
should not result in any noticeable extra slowdowns when things are
fresh.
The old function has been deprecated by dnf5, use load_repos directly
and only load the available repos (the ones osbuild has setup), not the
system repos.
Fixes#2080
Allow passing a custom license index db file for SBOM generation by
specifying it in the solver configuration.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The NEVRA field accidentally made it into the public API. It shouldn't
be as it is not used downstream and in fact breaks downstream.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Remove the requirement for `:` in the name which would have been
selected by the fronted, instead asking dnf "is this a module?".
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Instead of returning the string contents of the module configuration
file let's return some more structured data so the resulting file can be
written with a stage.
Note that we don't do the same for the fallback file as we are only
provided this as a YAML blob and unparsing it to then immediately
reparse it again is counterproductive.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
This changes the depsolver to expect modules inside the normal
`package-specs` instead of having a separate `module-install-specs`.
Modules passed to a "normal" `dnf install` must start with an `@` and
contain a `:`. This is up to the user to pass correctly.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
The commit implements modularity for the dnf4 dependency solver.
The dependency solver now takes two new keys per transaction:
`module-install-specs` and `module-enable-specs`, each of which is a
list of module specifications.
When modules are used and packages for them are installed a new
dictionary is returned in the response where each key is the name of an
enabled module and the value are the contents of the module
configuration and the module failsafe file that DNF needs in the
resulting system.
These values can be used by consumers of the dependency solver, such as
`images`, to create the appropriate inline sources and copy stages.
Signed-off-by: Simon de Vlieger <supakeen@redhat.com>
Enable generating SBOM documents for depsolved transactions when using
DNF5. Enable SBOM testing with DNF5 in unit tests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Since the `with_sbom` variable was used only in a single place, we can
simplify the code (and remove one extra line of it) to just directly use
the if condition.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend osbuild-depsolve-dnf, to return JSON with SPDX SBOM that
corresponds to the depsolved package set, if it has been requested.
For now, only DNF4 is supported.
Cover the new functionality with unit test.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This will allow validating request arguments in the solver method in a
different way for dnf4 and dnf5 and raising an exception if needed.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
A wrong exception type was returned for the same kind of issues,
compared to the DNF4 version. Specifically, the DNF4 version returned
`MarkingErrors`, while the DNF5 version returned `DepsolveError`, when
a non-existent package was specified in the depsplve request. Make the
behavior consistent and return `MarkingErrors` also from the DNF5
version.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The returned error reason didn't contain any details after the merge
with DNF4 version. The reason is that previously, the actual exception
returned by the DNF library was appended to the error reason. However,
now it is wrapped by a custom `MarkingErrors` exception, which didn't
have any details set. The wrapped exception in the `__cause__`
property was not taken into account. Revert to the original behavior
by reusing the wrapped exception message as the message for the
wrapper exception.
Extend the unit test to allow testing of depsolving failures.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
This commit includes the used sovler in the dnfjson reply. This
is mostly information (e.g. in service logs) but also useful in
tests to ensure that the expected solver was really run.
Note that this needs https://github.com/osbuild/images/pull/723
first.
This moves the dnf and dnf5 code into a new osbuild module called
solver. The dnf specific code is in dnf.py and dnf5 is in dnf5.py
At runtime the osbuild-depsolve-dnf script reads a config file from
/usr/lib/osbuild/solver.json and imports the selected solver. This
currently just contains a 'use_dnf5' bool but can be extended to support
other configuration options or depsolvers.
At build time a config file is selected from tools/solver-dnf.json or
tools/solver-dnf5.json and installed. Currently dnf5 is not installed,
it will be added when dnf5 5.2.1.0 becomes available in rawhide (Fedora
41).
The error messages have been normalized since the top level functions in
osbuild-depsolve-dnf do not know which version of dnf is being used.
