On Tue, Apr 30, 2024 at 01:44:16PM -0400, Laine Stump wrote:
> This makes it possible to uninstall iptables, as long as nftables is
> installed.
>
> Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
> ---
> libvirt.spec.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 05f7a7e7c0..55f32172b3 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -592,7 +592,7 @@ Summary: Network driver plugin for the libvirtd daemon
> Requires: libvirt-daemon-common = %{version}-%{release}
> Requires: libvirt-libs = %{version}-%{release}
> Requires: dnsmasq >= 2.41
> -Requires: iptables
> +Requires: (iptables or nftables)
I know I suggested this last time, but looking again I wonder if we
ought to be more opinionated. While from a technical POV we can use
either, both RHEL and Fedora default to nftables for quite a while
now.
IOW, shoudl we do
%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41
Requires: nftables
%else
Requires: iptbles
%endif
users still get to choose to use either nftbles or iptables but we
force install of the package we consider to be the default. This
would reduce chances of a user making a mistake only having iptables
installed, at the time they instal libvirt, when they would really
be quite happy with the default of nftables.
The only downside is that non-default deployments would have both
nftables & iptables RPMs present, but that feels harmless given
the size of the packages is tiny.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
