Recently I went through the regular dnfragora updates process, and noticed that some of the software to update were packages my installation does not need, and another that definitely I had not installed. The “packages to update” included several Intel Wireless packages (my machine is a desktop without wireless), and then also included TigerVNC, which I never selected for installation.
I have noticed this in the past as well, that the update process installs packages I do not need, and did not have installed to begin with.
Is there any reason for this behaviour ? How can I opt out of installing these and have them not appear as needed updates in subsequent updates ?
Intel Wireless firmware is part of the default installation. The reason to include firmware even for hardware that is not present on your system, is that you can plug in whatever (network) hardware you want, reboot, and the newly added hardware works out of the box (bring you online).
If you don’t like the way the distribution is set up, you can remove those packages. However, except for 50-100 MB disk space, you are not gonna gain anything.
if you are short on bandwidth or your data is capped, it could make sense to remove everything unwanted in order to reduce the download size when updating. But if that is the case, Fedora won’t make you happy, as many other distros, the way of distributing packages has been and will be further shifted to flatpaks, which result in huge downloads and large updates.
The Tiger VNC packages are:
tigervnc – A TigerVNC remote display System
tigervnc-icons
tigervnc-licence
tigervnc-server-minimal
I did not have this installed and not sure why updates needs to install it ?
tigerVNC is a remote access software
I now understand the Intel Wireless updates.
…thought I make distinction that this is an update of F34, not an upgrade. I already have F34 installed, and when fresh installed it did not include either the Intel wireless, nor the TigerVNC packages. dnfdfragona is asking I install these as new, from a regular package update session.
Number of packages does not necessarily equate to bloat and in fact, often goes the other direction. By splitting a package up, a user may be able to only install the extra features and plugins they need or if another package depends on a library, then dnf can install just the dependent library without requiring the whole application, too. Because some users value a more minimal setup and others don’t, you’ll someone see packages such as vim-minimal, which just gets you the most basic vim where others might prefer a larger set of defaults, for example.
…am not necessaryly worried about the “number” of packages, I am concerned that all of a sudden I am being asked to install those mentioned above, especially from a security viewpoint – why do I need to install a remote desktop access package as part of an “update” ? when I did not have it installed before ?
Packages can gain dependencies in new versions to support new functions (they can also lose deps and get split into smaller packages). So it’s possible that a package that you had installed gained tigervnc as a dependency in a new version.
For a package that was installed already, you can check your dnf transaction history to see what packages were updated and what packages were pulled in as deps:
sudo dnf history list
and then
sudo dnf history info <transaction id>
another simple way to figure this out is simply to try to remove the packages and see what other packages are pulled into the transaction:
sudo dnf remove \*tigervnc\*
I don’t know if dnfdragora shows you the complete transaction information. You can try dnf check-update, and that’ll show you what packages are being updated and what extra packages are being pulled in as dependencies.
Thank you Ankur. I may try that. It just seemed quite odd that any packages would have a remote desktop access package (tigervnc) as a requirement – speaking from a security viewpoint. I may allow the installation of it, and then maybe I will remove it and see what breaks. So far I updated everything else but the tigervnc packages, and I have not gotten any errors.
Still not sure I am happy with having to install tigervnc, even if it is a dependency of something else I have installed, seems tigervnc should be quite stand-alone, being what the package does. It is a little creepy that I am being asked to install it.
I’m very curious to know what is pulling it in. Can you please give us the output of sudo dnf update --refresh (but hit N to not let it complete)?
I’m running a full Gnome Workstation install here with all the bells and whistles, but tigervnc has not been installed for me. I even have the sharing options enabled so I can see and control my computer from another over the network, but that uses freerdp as far as I know.
Also note that having a package installed does not mean that whatever it contains is running. We’ll have lots of packages installed that may not necessarily be used (see the output of rpm -qa), but that’s the point of a distribution packaging—install stuff that is also optional so that users don’t have to figure these out and spend time installing tools themselves.
sorry for the delay, had to be out of town yesterday.
After my last post I went ahead and allowed the update of the TigerVNC packages. This morning I just tried what you suggested – sudo dnf update – refresh, and the response was
BIGG apology – I have another user on this machine, who apparently had indeed installed TigerVNC to learn how to use. So sorry for the tail chasing. I should have checked the installed packages in between the update requirements and my posting this thread – I was sure I had not installed that package, but…
