fix: use same package manager for k3s-selinux removal as for installation

[becarusys]

Proposed Changes

This PR introduces generating the k3s-selinux uninstallation section in k3s-uninstall.sh based on the package manager which was used to install it in the first place.

Currently the k3s-uninstall.sh script just checks if yum, rpm-ostree or zypper is installed (in this order) and uses the first one it finds. This is problematic when you have multiple of them are installed, e.g. on Fedora CoreOS 43 both yum (dnf) and rpm-ostree are available by default, but only rpm-ostree can be used for successful package removal.

Types of Changes

Bugfix: k3s-uninstall.sh: fix removal of k3s-selinux package on Fedora CoreOS (change only affects new installations)

Verification

• install k3s using the updated script
• reboot node (if distribution is immutable, like CoreOS)
• check end of script for package removal section:

$ tail -n 4 /usr/local/bin/k3s-uninstall.sh
rm -f /usr/local/bin/k3s-killall.sh
# uninstall k3s-selinux rpm
rpm-ostree uninstall --idempotent k3s-selinux
rm -f /etc/yum.repos.d/rancher-k3s-common*.repo

• run k3s-uninstall.sh and check output for successful package removal

+ rm -f /usr/local/bin/k3s-killall.sh
+ rpm-ostree uninstall --idempotent k3s-selinux
Checking out tree f2b9b6a... done
Resolving dependencies... done
Checking out packages... done
Running systemd-sysusers... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Freed: 29.2 MB (pkgcache branches: 0)
Upgraded:
  python-unversioned-command 3.14.2-1.fc43 -> 3.14.3-1.fc43
  python3 3.14.2-1.fc43 -> 3.14.3-1.fc43
  python3-libs 3.14.2-1.fc43 -> 3.14.3-1.fc43
Removed:
  k3s-selinux-1.6-1.coreos.noarch
Changes queued for next boot. Run "systemctl reboot" to start a reboot
+ rm -f /etc/yum.repos.d/rancher-k3s-common.repo
+ remove_uninstall

I have tested it successfully on Fedora CoreOS 43, openSUSE MicroOS and Ubuntu 24.04.

Testing

I don't know if this is already covered by tests. I assume a failure would be hard to notice anyway because the script does not run with set -e.

Linked Issues

#13710

User-Facing Change

k3s-uninstall.sh: fix removal of k3s-selinux package on Fedora CoreOS

Further Comments

The command remove in rpm-ostree seems to be an alias for uninstall. Using remove would further simplify the script but the alias is undocumented, therefore I chose against using it.

[brandond]

lgtm; one nit

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.76%. Comparing base (abc7cc8) to head (ba176bd).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13711      +/-   ##
==========================================
- Coverage   21.79%   21.76%   -0.04%     
==========================================
  Files         191      191              
  Lines       15539    15556      +17     
==========================================
- Hits         3386     3385       -1     
- Misses      11702    11720      +18     
  Partials      451      451              

Flag	Coverage Δ
unittests	21.76% <ø> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dereknola]

This EOF is short circuiting the entire logic for removing the selinux RPM

Test this by running INSTALL_K3S_SH_INCLUDE_SELINUX_RPM=true ./install.sh and check the uninstall script, there is no additional logic around selinux anymore.

Suggested change

EOF

[becarusys]

I am not entirely sure what you mean.
Setting UNINSTALL_K3S_SH_INCLUDE_SELINUX_RPM to any value on a supported distro with selinux has no effect, as the variable gets overwritten anyway after the package install and before the uninstall script creation.
Perhaps you meant INSTALL_K3S_SKIP_SELINUX_RPM="true"? In that case excluding uninstall logic was intentional, but I did not consider that it would potentially break airgap uninstalls like you mentioned in the other comment.

[dereknola]

Adding this may breaks airgap uninstalls, where the k3s-selinux rpm may have been installed separately before running this install script.

I think we should retain the original (we always run the uninstall if the package manager is available). Really you just want to be smarter about "which package manager are we using.

[becarusys]

That is a good point. I thought of it as a feature, but for others it might be a breaking change.

If we always want to execute the removal logic I can think of three options:

1. check for available package managers how it is currently done, but simply check rpm-ostree before the others. Quick & dirty, but is probably already enough to fix k3s-uninstall.sh: k3s-selinux package removal fails on Fedora CoreOS #13710.
2. Use logic similar to the install logic. Might be cleaner, flexible and more predictable, but increases code duplication (compared to my current implementation).
3. Combine both: First try to match any configured distro like in option 2, but continue with "guessing" like in option 1 if no match occurs.

Which option would you prefer, or do you have another suggestion?

[becarusys]

I went with option 3 and updated the PR, feedback is appreciated :)

[becarusys]

Fixed one oversight, \$rpm_ostree_uninstall_cmd instead of rpm_ostree_uninstall_cmd as it is a variable.