server image pulls in ModemManager via fwupd, consumes 25MiB RAM in every container

I've also just discovered that in addition to the second-largest running process (ModemManager), fwupd is responsible for the third-largest running process (udisksd). Perhaps it would be expedient to revisit the inclusion of fwupd in the seed used for cloud and container images?

One possible solution is to split the fwupd package along it's possible plugins into multiple packages.
However I tend to agree that it has no use in a cloud or container seed.

I also agree libmm-glib0 shouldn't recommend modem manager.

fwupd it happens pulls in not only ModemManager but also udisks2, so there are two daemons running in every container as a result of fwupd's presence.

Having discussed with the CPC team, it doesn't make sense to include fwupd in any cloud or container images, unless there's a particular partner image that's used on baremetal and exposes devices for firmware updates.

So since fwupd is only a recommends of ubuntu-server, we can and should just remove this package during the image build.

Leaving the ubuntu-meta task open because we probably do want to refactor the seeds so that such removals are not necessary during the image build.

This bug was fixed in the package livecd-rootfs - 2.771

---------------
livecd-rootfs (2.771) kinetic; urgency=medium

  [ Steve Langasek ]
  * Drop support for building i386 images aside from the launchpad builder
    images.
  * Remove fwupd from the cloud images. LP: #1981109.

  [ Michael Hudson-Doyle ]
  * Fix some issues with the netboot tarballs:
    - Include the signed shim (oops).
    - Make the kernel path on disk and in the bootloader config match (more
      oops).
    - Make paths more architecture dependent as the code in grubnetXXX.efi to
      probe a platform dependent path first doesn't work.

  [ Alexandre Ghiti ]
  * Install wpasupplicant by default as for now, most of the RISC-V boards
    embed a Wifi chipset (LP: #1983008)

 -- Steve Langasek <email address hidden> Mon, 25 Jul 2022 12:49:28 -0700

This fix was incomplete; because all of these packages were installed as part of a task (ubuntu-server), they are all marked as manually installed. So additional changes are needed to remove the packages pulled in by fwupd.

This bug was fixed in the package livecd-rootfs - 2.774

---------------
livecd-rootfs (2.774) kinetic; urgency=medium

  * Remove modemmanager and udisks2 from cloud images in addition to fwupd.
    The use of tasks at install means all packages are marked manually
    installed in the apt database, so removing fwupd does not remove its
    dependencies. LP: #1981109.

 -- Steve Langasek <email address hidden> Thu, 04 Aug 2022 11:24:55 -0700

Is this means fwupd will also be removed from stock server image?

No, this is only about removing it from container and cloud images.

got it, thank you.

Updated the bug description to be SRUable.

Hello Steve, or anyone else affected,

Accepted livecd-rootfs into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/livecd-rootfs/2.765.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Tested by building a GCE Jammy image using livecd-rootfs from the proposed pocket. I checked the package manifest of the build and can confirm that fwupd, modemmanager, and udisks2 are not installed.

I won't change the "verification-needed-jammy" tag yet as the other clouds will be checked too.

Verified Oracle image build by building Jammy image using livecd-rootfs from source (https://launchpad.net/ubuntu/+source/livecd-rootfs/2.765.13). I checked that fwupd was still installed (required for Oracle bare-metal), and the modemmanager and udisk2 are not installed.

I won't change the "verification-needed-jammy" tag yet as AWS will be checked too.

AWS images are built and tested with proposed pocket.
Images manifest file didn't list fwupd, udisk2 and modemmanager as installed.

This bug was fixed in the package livecd-rootfs - 2.765.13

---------------
livecd-rootfs (2.765.13) jammy; urgency=medium

  [ Heinrich Schuchardt ]
  * Backporting patches to support new RISC-V platforms (LP: #1997233)
  * Add support for the LicheeRV board (SUBARCH=licheerv)
  * Add support for the PolarFire Icicle Kit board (SUBARCH=icicle)
  * Reduce initrd size for Nezha and LicheeRV boards
  * Use efi=debug earlycon on kernel command line

livecd-rootfs (2.765.12) jammy; urgency=medium

  * Remove fwupd, modemmanager, and udisks2 from the cloud images.
    LP: #1981109.

 -- Łukasz 'sil2100' Zemczak <email address hidden> Mon, 21 Nov 2022 11:18:14 +0100

The verification of the Stable Release Update for livecd-rootfs has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Package fwupd-signed is still installed, is it needed? Checked in https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img and https://cloud-images.ubuntu.com/mantic/current/mantic-server-cloudimg-amd64.img.

Status changed to 'Confirmed' because the bug affects multiple users.

> Package fwupd-signed is still installed, is it needed?

It is probably not needed, but did not need to be removed from the images to resolve this bug, which was about the extra daemons being started out of the box and consuming memory in instances. modemmanager, udisks, and fwupd have successfully been removed.

Feel free to open a separate bug report about removing fwupd-signed from the cloud images.