Re: [PATCH v2 27/27] RFC: spec: change iptables/ebtables from Requires to Recommends, add nftables

Laine Stump <laine@xxxxxxxxxx> · Tue, 23 Apr 2024 11:58:00 -0400

On 4/23/24 6:46 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:35PM -0400, Laine Stump wrote:
We really shouldn't be requiring ebtables and iptables any more, since
they don't always need to be used. Likewise, we probably should at
least Recommend nftables, even though it's pretty much always
installed already anyway.

(Changing Requires to Recommends for the nwfilter package is a bit
premature, since it currently will always require iptables and
ebtables to function properly, but changing those to Recommends leads
to a much smaller list of dependent packages removed by "dnf rm
iptables/ebtables").

Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
---
  libvirt.spec.in | 7 ++++---
  1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 05f7a7e7c0..66b328671d 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -592,7 +592,8 @@ Summary: Network driver plugin for the libvirtd daemon
  Requires: libvirt-daemon-common = %{version}-%{release}
  Requires: libvirt-libs = %{version}-%{release}
  Requires: dnsmasq >= 2.41
-Requires: iptables
+Recommends: iptables
+Recommends: nftables

Or we use a bool expression:

    Requires: (iptables or nftables)

which guarantees at least one is present and thus no possibility of
a broken install

TIL.


  
  %description daemon-driver-network
  The network driver plugin for the libvirtd daemon, providing
@@ -603,8 +604,8 @@ bridge capabilities.
  Summary: Nwfilter driver plugin for the libvirtd daemon
  Requires: libvirt-daemon-common = %{version}-%{release}
  Requires: libvirt-libs = %{version}-%{release}
-Requires: iptables
-Requires: ebtables
+Recommends: iptables
+Recommends: ebtables

This looks premature since we've not provided an nft backend option
for nwfilter. Thus the only effect of this change is to guarantee
the ability to create a broken instalation

Yeah, I only left it in here because this is an RFC patch, and I was 
curious how much it would reduce the side-effect package removals when 
someone did "dnf rm ebtables iptables" (a lot, it turns out).


When the time comes though we would do

    Requires: (iptables or nftables)
    Requires: (ebtables if iptables)

If only specfiles had a way to slap the admin with a rubber chicken "if 
iptables"...
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx







