From 4f3dd0830dcaacd217f217c5f6978d04ee065c6f Mon Sep 17 00:00:00 2001
From: Serge Dubrouski <dubros@meta.com>
Date: Thu, 21 Sep 2023 08:38:01 -0700
Subject: [PATCH] [antlir2] Set default_dnf_excluded_rpms in Facebook flavors

Summary: This diff sets the default_dnf_excluded_rpms in Facebook flavors. It prohibits installation of `kernel-devel` and `kernel-headers` rpms as well as some other FB specific RPMs.  This can be overwritten using `dnf_excluded_rpms` parameter in the `image.layer` API call.

Test Plan: waitforsandcastle

Reviewed By: vmagro

Differential Revision: D49432775

fbshipit-source-id: 42bdd139de33ecbe44dd6c169d98545c3bb3edb8
---
 antlir/antlir2/bzl/image/layer.bzl | 1 +
 antlir/bzl/image_layer.bzl         | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/antlir/antlir2/bzl/image/layer.bzl b/antlir/antlir2/bzl/image/layer.bzl
index c443f37dea2..7addda99fbb 100644
--- a/antlir/antlir2/bzl/image/layer.bzl
+++ b/antlir/antlir2/bzl/image/layer.bzl
@@ -150,6 +150,7 @@ def _impl_with_features(features: ProviderCollection, *, ctx: AnalysisContext) -
     dnf_repodatas = repodata_only_local_repos(ctx, dnf_available_repos)
     dnf_versionlock = ctx.attrs.dnf_versionlock or flavor_info.dnf_info.default_versionlock
     dnf_excluded_rpms = ctx.attrs.dnf_excluded_rpms if ctx.attrs.dnf_excluded_rpms != None else flavor_info.dnf_info.default_excluded_rpms
+
     if dnf_excluded_rpms:
         dnf_excluded_rpms = ctx.actions.write_json("excluded_rpms.json", dnf_excluded_rpms)
     else:
diff --git a/antlir/bzl/image_layer.bzl b/antlir/bzl/image_layer.bzl
index a4b937977d2..f32c40bdaf1 100644
--- a/antlir/bzl/image_layer.bzl
+++ b/antlir/bzl/image_layer.bzl
@@ -146,6 +146,7 @@ def image_layer(
         if is_buck2():
             if not antlir2_allow_ignored_flavor_config_override and flavor_config_override:
                 fail("antlir2 does not support flavor_config_override: {}".format(flavor_config_override))
+
             antlir2_image.layer(
                 name = name + ".antlir2",
                 flavor = flavor,
@@ -154,6 +155,8 @@ def image_layer(
                 implicit_antlir2 = True,
                 compatible_with = antlir2_compatible_with,
                 visibility = get_visibility(image_layer_kwargs.get("visibility")),
+                # Antlir1 provisioning images explicitly install package-devel stub, we need to allow them here.
+                dnf_excluded_rpms = ["aziot-identity-service"],
             )
         else:
             antlir2_shim.fake_buck1_layer(name = name)