Why did NODEJS get installed during system upgrade?

Ask Fedora
1

My CoreOS box has a handful of layered packages. When I updated recently using rpm-ostree upgrade, I saw some new packages had been installed, none of which I have specifically asked for:

nodejs-docs-20.12.2-1.fc39.noarch
nodejs-libs-20.12.2-1.fc39.x86_64
nodejs-undici-6.11.1-2.fc39.noarch
nodejs-cjs-module-lexer-1.2.3-2.fc39.noarch
nodejs-full-i18n-20.12.2-1.fc39.x86_64
nodejs-npm-10.5.0-1.20.12.2.1.fc39.x86_64
nodejs-20.12.2-1.fc39.x86_64

I thought maybe these were new dependencies of some package I have already layered, but when I do a rpm -q --requires <package> for all of my layered packages, I do not see nodejs in any of them, nor any of the entries in rpm -q --provides nodejs.

This is hopefully a simple question: how do I determine which of my layered packages is responsible for pulling in these nodejs packages?

2

Could you please share the output of the rpm-ostree status command?

3

Here it is:

State: idle
Deployments:
● fedora:fedora/x86_64/coreos/stable
                  Version: 39.20240407.3.0 (2024-04-19T18:34:05Z)
               BaseCommit: 4f5997a887d92f19f6ce564069511115138916a37d7b30e2bfd027c5e5158e63
             GPGSignature: Valid signature by E8F23996F23218640CB44CBE75CF5AC418B8E74C
      RemovedBasePackages: nfs-utils-coreos 1:2.6.4-0.rc5.fc39
          LayeredPackages: alsa-utils aria2 binutils bluez drm-utils dvb-firmware feh ffmpeg flatpak freeimage fzf git igt-gpu-tools intel-media-driver iotop kodi kodi-inputstream-adaptive kodi-pvr-hts lftp libva-utils lz4 man-db man-pages
                           mesa-dri-drivers mesa-va-drivers mesa-vulkan-drivers moreutils mpv neovim netcat nfs-utils p7zip parallel parted pipewire pipewire-alsa pipewire-pulseaudio pipewire-utils retroarch ripgrep rpmfusion-free-release
                           rpmfusion-nonfree-release tcpdump tmux v4l-utils vlc-libs vulkan-tools wget wireplumber
4

If you just run this command it should tell you what is pulling it in:

sudo rpm -e nodejs
5

It turns out that by installing neovim pulls nodejs as a dependency, even though the query options of rpm, dnf, and a few other tools don’t recognize it as such.

6

This didn’t work unfortunately, it only listed nodejs-docs nodejs-npm nodejs-full.

7

Yes, I just tried installing neovim inside a Fedora container and it looks like nodejs is now a weak dependency of it.

Is there an ergonomic way to exclude specific weak dependencies when layering packages with rpm-ostree?

Is there a way to list all of the weak dependencies installed for a given package so that I might similarly review other layered packages?

8

Found it.

neovim recommends tree-sitter-cli which recommends nodejs.

I don’t think the packagers did anything wrong as the recommends vs suggests seem justified, but it’s still unfortunate. I’ll look into it.

I don’t know how ostree works so try to translate it, but on workstation you can safely remove nodejs dnf remove nodejs, or install neovim using dnf install neovim --setopt=install_weak_deps=False

9

AFAIK at least on the client side there isn’t.

The main purpose of FCOS is to provide a container host for running containerized workloads, and this is where it really shines. This is why you should generally prefer using podman containers over layering software. Necessary exceptions could be kernel modules, drivers, VPNs, etc., because they are harder to containerize.

Unfortunately,

sudo rpm-ostree uninstall --dry-run neovim

does not return the expected[1] output. A possible workaround that comes to mind is:

sudo rpm-ostree uninstall neovim && sudo rpm-ostree cleanup --pending

It’s not pretty, but at least it should work. You can extend it by adding grep to filter the output:

sudo rpm-ostree uninstall neovim | grep nodejs && sudo rpm-ostree cleanup --pending

  1. We should probably ask the developers. ↩︎