From fae677fb68235fbd04dd3a53df42693474a81009 Mon Sep 17 00:00:00 2001 From: veilor-org Date: Tue, 5 May 2026 03:46:00 +0100 Subject: [PATCH] v0.5.28 (final): patch anaconda transaction_progress.py + exclude man-db MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit THE actual root cause of the man-db transaction failure that killed three consecutive VM installs (v0.5.26 / v0.5.27 / v0.5.28). Confirmed via 7-agent research wave: - Fedora 43 ships RPM 6.0, which changed scriptlet failure propagation. Scriptlets that previously emitted "Non-critical error" warnings now bubble up as transaction-level errors. dnf5 issue #2507 documents the change. Anaconda --cmdline mode treats any 'error' token from the dnf transaction as a fatal abort. - man-db's `transfiletriggerin` is the canonical trigger: it runs `systemd-run /usr/bin/systemctl start man-db-cache-update` which returns non-zero in the anaconda chroot (no PID 1 systemd) and is flagged as transaction-level error under RPM 6.0. - We previously patched anaconda's transaction_progress.py on the BUILD HOST so livecd-creator could finish its own transaction. That patch lives only on the host running the build — never landed in the live rootfs the user installs from. Reproduced 3 times: install-time anaconda on the live ISO is unpatched, hits the same code path, aborts at exactly "Configuring man-db.x86_64". Two-layer fix: 1. kickstart %post seds the file inside the live rootfs at build time so the user's install-time anaconda is patched. Sed downgrades the 'error' token from raise PayloadInstallationError to log.warning. 2. Generated install ks excludes man-db / man-pages / man-pages-overrides from %packages. Belt-and-braces — even if the patch has an edge case the trigger never fires because the package isn't installed. Users install man pages post-firstboot. Previous attempts that didn't work: dropping the updates repo (only narrowed the set of failing scriptlets, didn't fix the underlying RPM-6.0 propagation change); flipping SELinux to permissive (confirmed not the cause; kickstart's selinux directive only writes /etc/selinux/config in target root, doesn't affect installer-time). Follow-up for next release: replicate the transaction_progress patch in the CI workflow's container so the build itself is deterministic. Currently the workflow has been greening on luck. Files: kickstart/veilor-os.ks (+25 lines), overlay/usr/local/bin/veilor-installer (+10 lines). Verified: bash -n clean, ksvalidator clean. --- kickstart/veilor-os.ks | 39 ++++++++++++++++++++++++++ overlay/usr/local/bin/veilor-installer | 11 ++++++++ 2 files changed, 50 insertions(+) diff --git a/kickstart/veilor-os.ks b/kickstart/veilor-os.ks index 4603109..2ac860d 100644 --- a/kickstart/veilor-os.ks +++ b/kickstart/veilor-os.ks @@ -274,6 +274,45 @@ zram-size = min(ram, 8192) compression-algorithm = zstd EOF +# Patch anaconda's transaction_progress.py inside the live rootfs so that +# when the user clicks "Install" from the live ISO and anaconda runs in +# --cmdline mode, a non-fatal scriptlet warning (RC=5) does not get +# escalated to "An error occurred during the transaction" + abort. +# +# Why this is needed: Fedora 43 ships RPM 6.0, which changed scriptlet +# failure propagation (Fedora wiki Changes/RPM-6.0; dnf5 issue #2507). +# Scriptlets that previously emitted "Non-critical error" warnings now +# bubble up as transaction-level errors. man-db's +# `transfiletriggerin` is the most common trigger — `systemd-run +# /usr/bin/systemctl start man-db-cache-update` returns non-zero in +# the anaconda chroot, RPM-6.0-aware dnf5 reports it as transaction +# error, anaconda --cmdline aborts. +# +# We previously patched the same file on the BUILD HOST (build/build-iso.sh) +# so livecd-creator could finish its own transaction. That patch lives +# only on the host running the build — never landed in the live rootfs +# the user installs from. Reproduced 3 consecutive VM tests +# (v0.5.26 / v0.5.27 / v0.5.28) failing at exactly "Configuring +# man-db.x86_64". +# +# The patch downgrades the 'error' token in transaction progress +# callback to a warning log line. Confirmed working at build time +# (build/build-iso.sh:47-51). +TP=/usr/lib64/python3.14/site-packages/pyanaconda/modules/payloads/payload/dnf/transaction_progress.py +if [ -f "$TP" ]; then + cp -a "$TP" "${TP}.veilor-bak" + sed -i 's|raise PayloadInstallationError("An error occurred during the transaction: " + msg)|log.warning("veilor: ignoring non-fatal transaction error: %s", msg)|' "$TP" + if grep -q 'veilor: ignoring' "$TP"; then + echo "[OK] transaction_progress.py patched in live rootfs" + # Drop the cached .pyc so the patched .py is what runs. + rm -f /usr/lib64/python3.14/site-packages/pyanaconda/modules/payloads/payload/dnf/__pycache__/transaction_progress.*.pyc 2>/dev/null || true + else + echo "[WARN] transaction_progress.py patch did not apply — file format may have changed in this anaconda version" + fi +else + echo "[WARN] transaction_progress.py not found at expected path — anaconda may have moved it" +fi + # Enable services # veilor-firstboot.service NOT enabled on live ISO — it prompts admin pw # which makes no sense on a live boot. Real installs enable it in their diff --git a/overlay/usr/local/bin/veilor-installer b/overlay/usr/local/bin/veilor-installer index ddbe238..acc6f58 100644 --- a/overlay/usr/local/bin/veilor-installer +++ b/overlay/usr/local/bin/veilor-installer @@ -486,6 +486,17 @@ zram-generator -open-vm-tools-desktop -mlocate +# Belt-and-braces with the kickstart/veilor-os.ks transaction_progress +# patch: even with the patch, man-db's transfiletriggerin in the F43 +# RPM 6.0 toolchain dispatches a systemd-run that anaconda's chroot +# can race-with on exit. Excluding the package entirely guarantees the +# trigger never fires during install. Veilor users who want man pages +# install them post-firstboot via \`dnf install man-db man-pages\` or +# via the v0.6 \`veilor-postinstall\` welcome menu. +-man-db +-man-pages +-man-pages-overrides + %end # ── Post-install (nochroot): copy overlay + scripts + assets from boot ISO.