Nvidia container RPMs >= 1.18.1 breaking system installation #1550
Description
Since 1.18.1, if we include the RPMs in an ISO for system installation (Anaconda kickstart installer, in our case with Rocky Linux 8), then the ISO installation fails.
The root cause is a new %pretrans scriptlet that requires /bin/sh. I have noticed that the RPMs now contain several empty scriptlets that were not there in previous releases:
rpm -qp --scripts nvidia-container-toolkit-1.18.1-1.x86_64.rpm
pretrans program: /bin/sh
preinstall program: /bin/sh
[...]
preuninstall program: /bin/sh
[...]
verify program: /bin/sh
In particular, the pretrans scriptlet with a requirement for /bin/sh is an issue. The Fedora Packaging Guidelines give a good explanation why:
Note that the %pretrans scriptlet will, in the particular case of system installation, run before anything at all has been installed. This implies that it cannot have any dependencies at all. For this reason, %pretrans is best avoided, but if used it MUST (by necessity) be written in Lua.
After digging further, I am sure that this comes from re-packaging the RPMs with FPM, which has been introduced with the recent changes for 256 bit digests (e.g. 85cfb7f). When processing previous RPMs through FPM manually, I can see similar effects.
Other fields in the rpms are apparently altered by FPM, too, such as the changelog (is replaced with “Package created with FPM”) and the Obsoletes (is deleted).
I am wondering, I assume there is a reason why you don’t build the rpms is a newer build environment that would add the 256 bit payload digests directly?