fedora: allow disabling weak dependencies

[supakeen]

Weak dependency resolution is hardcoded per imagetype. This commit changes it so weak dependency resolution can be turned off per image.

We guard on the Fedora version to ensure we don't accidentally change older images.

This commit also disables weak dependency resolution for Fedora Minimal which I have mentioned here.

[schuellerf]

The inverted logic is necessary for "backwards compatibility" or just to map the default behavior better? I.e. disableWeakDeps=false is actually weakDeps=true

[supakeen]

The inverted logic is necessary for "backwards compatibility" or just to map the default behavior better? I.e. disableWeakDeps=false is actually weakDeps=true

I did it because the imageType struct has no constructor and the default value for a boolean is false. It also maps pretty well on the behavior I'd like; fetch weak deps by default but explicitly disallow them per-image :)

[supakeen]

I'll be moving this to draft so it can be rewritten to use image config(s) as per @thozza / @achilleas-k 's request.

[supakeen]

Undrafting again. I gave it some thought and I'd prefer to merge as-is unless there are problems.

Moving this to image configs in a nice way requires a bunch of thought and it'd be nice to build images more quickly in the shorter term, especially with risc-v cross compilation and then do a follow up after :)

[schutzbot]

A previous version of this PR changed the images API or behaviour causing integration issues with osbuild-composer.
This is now fixed.

[supakeen]

This PR changes the images API or behaviour causing integration failures with osbuild-composer. The next update of the images dependency in osbuild-composer will need work to adapt to these changes.

This is simply a notice. It will not block this PR from being merged.

Huh, why? :)

[thozza]

I'd suggest to move the option to ImageConfig and have the logic to not install weak deps in the image type generator function (which does not exist yet in Fedora).

[thozza]

I don't like these conditionals in the ImageKind generator function. Especially since this will become a problem once we consolidate the implementation across fedora and rhel.

I'd suggest to move this to the ImageConfig and instead set it in the image type's default ImageConfig.

[supakeen]

I've adjusted this PR to move InstallWeakDeps into the ImageConfig instead.

[supakeen]

So, I'm a bit confused here @thozza this PR seems like it really shouldn't touch RHEL yet we now have a missing package (or script) on RHEL which makes it seem that crypto-policies-scripts is no longer installed.

The same happens for Fedora. I'm not entirely sure because the default is still the same and I'm only setting this to false on minimal?

My guess is something about how the OSCustomizations get applied after NewOS and overwrite the default?

---

As an aside, it seems wise if the FIPS customization would add crypto-policies-scripts to the package sets since it depends on it.

[supakeen]

I've adjusted the code to always take InstallWeakDeps from ImageConfig. The only failures left now are RHEL 8.9, and RHEL 8.10 in Schutzbot.

[supakeen]

Cool, all is good in this PR now as far as I can see :)