1

I'm working on a Redhat Ubi8-minimal Container. My goal is to install an .rpm from file together with its dependencies. Ubi8-minimal only provides microdnf which cannot install local .rpm's. So I installed yum using microdnf install yum which runs through fine. Among the output it shows that libmodulemd is being updated:

Updating: libmodulemd;2.13.0-2.fc34;x86_64;Clients_Fedora_34_Fedora_34_Updates

But with the first invocation of yum I get:

[root@7fc9c0e586b1]# yum --version
Traceback (most recent call last):
  File "/usr/bin/yum", line 57, in <module>
    from dnf.cli import main
  File "/usr/lib/python3.9/site-packages/dnf/__init__.py", line 30, in <module>
    import dnf.base
  File "/usr/lib/python3.9/site-packages/dnf/base.py", line 29, in <module>
    import libdnf.transaction
  File "/usr/lib64/python3.9/site-packages/libdnf/__init__.py", line 12, in <module>
    from . import conf
  File "/usr/lib64/python3.9/site-packages/libdnf/conf.py", line 13, in <module>
    from . import _conf
ImportError: /lib64/libmodulemd.so.2: undefined symbol: g_ptr_array_extend_and_steal

After that microdnf too has this problem and is no longer usable:

[root@7fc9c0e586b1]# microdnf --version
microdnf: symbol lookup error: /lib64/libmodulemd.so.2: undefined symbol: g_ptr_array_extend_and_steal

so I cannot manage any packages and installations anymore.

How can I fix this and get yum to work on Ubi8?

Details

Here is what I find in a fresh container after running podman --it --rm docker.io/redhat/ubi8-minimal bash

/etc/yum.repos.d/ubi.repo

Here is the contents of /etc/yum.repos.d/ubi.repo.

[ubi-8-baseos]
name = Red Hat Universal Base Image 8 (RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-baseos-debug]
name = Red Hat Universal Base Image 8 (Debug RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-baseos-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - BaseOS
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/baseos/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-appstream]
name = Red Hat Universal Base Image 8 (RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-appstream-debug]
name = Red Hat Universal Base Image 8 (Debug RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-appstream-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - AppStream
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/appstream/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-codeready-builder]
name = Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/os
enabled = 1
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-codeready-builder-debug]
name = Red Hat Universal Base Image 8 (Debug RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/debug
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

[ubi-8-codeready-builder-source]
name = Red Hat Universal Base Image 8 (Source RPMs) - CodeReady Builder
baseurl = https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/$basearch/codeready-builder/source/SRPMS
enabled = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
gpgcheck = 1

This is also the only .repo file in the directory. I have not actively enabled any other repos.

microdnf repolist --enabled

Here is the output of the microdnf repolist --enabled command.

repo id                                                                                            repo name
Clients_Extra-Software_Fedora                                                                      Fedora
Clients_Fedora_34_Fedora_34_Everything                                                             Fedora 34 Everything
Clients_Fedora_34_Fedora_34_Updates                                                                Fedora 34 Updates
Clients_RPM_Fusion_Fedora_34_RPM_Fusion_Free_OS                                                    RPM Fusion Free OS 34
Clients_RPM_Fusion_Fedora_34_RPM_Fusion_Free_Updates                                               RPM Fusion Free Updates 34
Clients_RPM_Fusion_Fedora_34_RPM_Fusion_Nonfree_OS                                                 RPM Fusion Nonfree OS 34
Clients_RPM_Fusion_Fedora_34_RPM_Fusion_Nonfree_Updates                                            RPM Fusion Nonfree Updates 34
Clients_Trinity_Desktop_Environment_Fedora_34_Trinity_Desktop_Environment_Fedora_34_noarch         Trinity Desktop Environment Fedora 34 noarch
Clients_Trinity_Desktop_Environment_Fedora_34_Trinity_Desktop_Environment_Fedora_34_x86_64         Trinity Desktop Environment Fedora 34 x86_64
ubi-8-appstream                                                                                    Red Hat Universal Base Image 8 (RPMs) - AppStream
ubi-8-baseos                                                                                       Red Hat Universal Base Image 8 (RPMs) - BaseOS
ubi-8-codeready-builder                                                                            Red Hat Universal Base Image 8 (RPMs) - CodeReady Builder

Which is quite confusing to me, as it doesn't match the contents of ubi.repo.

ThomasH
  • 121
  • 6
  • Of course I could use the full `ubi8` that already contains `yum` in the first place. But the question is how can I successfully install `yum` on a `ubi8-minimal`. – ThomasH Aug 11 '22 at 13:21

2 Answers2

2

When any dnf command results in an undefined symbol, your package manager is badly broken. fc34 tag implies Fedora 34 based updates, which is not going to work with an el8 based distro. Find out what is using Fedora repos here.

Review documentation for hints as to how to run a full dnf command on a container. RHEL 8 on building containers makes use of yum's install into a chroot feature to do this even with micro containers. From the host:

yum install \
    --installroot $micromount \
    --releasever 8 \
    --setopt install_weak_deps=false \
    --nodocs -y \
    httpd

Where $micromount is a mounted container root file system, --releasever 8 is the el version of the continer, and httpd is the package you want to install. Also repair your dnf install, possibly with yum reinstall libmodulemd microdnf

John Mahowald
  • 30,009
  • 1
  • 17
  • 32
  • Thanks, that's very interesting. I wasn't aware that you could install into containers from outside. But just starting a `docker.io/redhat/ubi8-minimal` image, the contained `/etc/yum.repos.d/ubi.repo` only contains repos pointing to `cdn-ubi.redhat.com/*/ubi8/` . Yet, issuing `microdnf install yum` lists multiple packages that have `Clients_Fedora_34_Fedora_34_*` repositories: ```Installing: dbus-1:1.12.20-3.fc34.x86_64 Clients_Fedora_34_Fedora_34_Everything 155.1 kB deltarpm-3.6.2-8.fc34.x86_64 Clients_Fedora_34_Fedora_34_Everything 91.7 kB ...```. So I guess this is by design? – ThomasH Aug 20 '22 at 11:02
  • Please edit your question to add the contents of `/etc/yum.repos.d/ubi.repo` and the config for any other enabled repo (`dnf repolist --enabled`) I have not investigated ubi repos in depth, but in https://cdn-ubi.redhat.com/content/public/ubi/dist/ubi8/8/x86_64/baseos/os/Packages/l/ libmodulemd is tagged for el8, not fc34. – John Mahowald Aug 20 '22 at 14:53
  • Also try starting from scratch, starting from a clean ubi base image. Install only packages in the ubi repo (aka a subset of RHEL 8) at the beginning. Your "need to install local rpm" requirement could mean some other thing you installed broke your repos. Some instructions to install Fedora things from rpms perhaps? – John Mahowald Aug 20 '22 at 14:57
  • I've updated the question with technical details. This is what I get starting from scratch, after doing `podman pull ubi8-minimal` a few weeks ago chosing the docker.io image, then issuing `podman run --it --rm redhat/ubi8-minimal bash`. The only installation changing command I then gave was `microdnf install yum` to produce the error, so no other package has been installed in between, and no other repo has been added manually. – ThomasH Aug 22 '22 at 06:16
  • Something weird is going on on my side. I've re-pulled the `ubi8-minimal` image, to make sure I'm up-to-date. Now, `/etc/yum.repos.d/` has a new file, `redhat.repo`, which contains all those `Clients_*_Fedora` repos. Strangely, all their URLs point to a host on our corporate internal network. When I edit this file, or remove it, it reappears in its original form after the next `microdnf` command. Can you manipulate an image in such a way? Is this done on an internal host of our network, when I thought I was pulling directly from `docker.io`? – ThomasH Aug 22 '22 at 07:38
  • Ok, things seem to clear up: It appears there is an interaction between the running ubi8 container and the `subscription-manager` on the host system. Maybe I oversaw the `redhat.repo` file at first and it was there all the time, which would explain all those `Clients_*_Fedora` repos being involved. – ThomasH Aug 22 '22 at 09:21
0

Thanks to hints from John Mahowald pointing at fc34 repos getting involved, a workaround solution is to exclude the Fedora repos when installing yum:

microdnf install --disablerepo="Clients_*" yum

This leads to a working yum installation:

[root@4f6b589029d5]# yum --version
4.7.0
  Installed: dnf-0:4.7.0-8.el8.noarch at Mon Aug 22 06:56:42 2022
  Built    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> at Fri Mar 18 15:21:28 2022

  Installed: rpm-0:4.14.3-23.el8.x86_64 at Tue Jul 26 12:26:21 2022
  Built    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> at Tue Apr  5 18:38:09 2022

The reason why this is necessary in the first place seems to be an interaction of the container with the subscription-manager of the host system which projects subscription information into the running container. Besides mentionings of other users and my own experience I haven't found any primary documentation on this, though.

ThomasH
  • 121
  • 6