Skip to content

NO-JIRA: Do not install weak dependencies such as logrotate#687

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift:masterfrom
Miciah:do-not-install-weak-dependencies
Mar 13, 2026
Merged

NO-JIRA: Do not install weak dependencies such as logrotate#687
openshift-merge-bot[bot] merged 1 commit intoopenshift:masterfrom
Miciah:do-not-install-weak-dependencies

Conversation

@Miciah
Copy link
Copy Markdown
Contributor

@Miciah Miciah commented Nov 11, 2025

When installing the haproxy-router image's package dependencies, specify --setopt=install_weak_deps=0 to avoid install weak dependencies.

In particular, this change avoids installing the rsyslog-logrotate package, which is a weak dependency of the rsyslog package. The rsyslog-logrotate package requires the logrotate package; the router does not need either of these packages. Installing these unnecessary packages enlarges the size and attack surface of the container image.

@Miciah
Do not install weak dependencies such as logrotate
b76cd01 
When installing the haproxy-router image's package dependencies, specify
--setopt=install_weak_deps=0 to avoid install weak dependencies.

In particular, this commit avoids installing the rsyslog-logrotate
package, which is a weak dependency of the rsyslog package.  The
rsyslog-logrotate package requires the logrotate package; the router
does not need either of these packages.  Installing these unnecessary
packages enlarges the size and attack surface of the container image.

* hack/Dockerfile.debug:
* images/router/haproxy/Dockerfile:
* images/router/haproxy/Dockerfile.ocp:
* images/router/haproxy/Dockerfile.rhel: Specify the
--setopt=install_weak_deps=0 option for yum install.
@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Nov 26, 2025

/assign

@openshift-bot
Copy link
Copy Markdown
Contributor

openshift-bot commented Feb 25, 2026

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

@openshift-ci openshift-ci Bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 25, 2026
@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Feb 25, 2026

/remove-lifecycle stale

@openshift-ci openshift-ci Bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 25, 2026
alebedev87
alebedev87 reviewed Feb 25, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@alebedev87 alebedev87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@openshift-ci openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Feb 25, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Feb 25, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alebedev87

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 25, 2026
@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Feb 25, 2026

/verified by CI

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Feb 25, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Feb 25, 2026

@alebedev87: This PR has been marked as verified by CI.

Details

In response to this:

/verified by CI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Feb 25, 2026

/retitle NO-JIRA: Do not install weak dependencies such as logrotate

@openshift-ci openshift-ci Bot changed the title Do not install weak dependencies such as logrotate NO-JIRA: Do not install weak dependencies such as logrotate Feb 25, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 25, 2026
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Feb 25, 2026

@Miciah: This pull request explicitly references no jira issue.

Details

In response to this:

When installing the haproxy-router image's package dependencies, specify --setopt=install_weak_deps=0 to avoid install weak dependencies.

In particular, this change avoids installing the rsyslog-logrotate package, which is a weak dependency of the rsyslog package. The rsyslog-logrotate package requires the logrotate package; the router does not need either of these packages. Installing these unnecessary packages enlarges the size and attack surface of the container image.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@alebedev87
Copy link
Copy Markdown
Contributor

alebedev87 commented Mar 10, 2026

/retest

@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 13, 2026

/retest-required

Remaining retests: 0 against base HEAD a6ba7dd and 2 for PR HEAD b76cd01 in total

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented Mar 13, 2026

@Miciah: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot Bot merged commit 1c68a10 into openshift:master Mar 13, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@davidesalerno davidesalerno Awaiting requested review from davidesalerno

@frobware frobware Awaiting requested review from frobware

1 more reviewer

@alebedev87 alebedev87 alebedev87 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@alebedev87 alebedev87

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Miciah @alebedev87 @openshift-bot @openshift-ci-robot