Re: [PATCH v4 27/30] spec: require either iptables or nftables if network driver is installed
On Tue, Apr 30, 2024 at 01:44:16PM -0400, Laine Stump wrote:
This makes it possible to uninstall iptables, as long as nftables is
installed.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
libvirt.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 05f7a7e7c0..55f32172b3 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -592,7 +592,7 @@ Summary: Network driver plugin for the libvirtd daemon
Requires: libvirt-daemon-common = %{version}-%{release}
Requires: libvirt-libs = %{version}-%{release}
Requires: dnsmasq >= 2.41
-Requires: iptables
+Requires: (iptables or nftables)
I know I suggested this last time, but looking again I wonder if we
ought to be more opinionated. While from a technical POV we can use
either, both RHEL and Fedora default to nftables for quite a while
now.
IOW, shoudl we do
%if 0%{?rhel} >= 10 || 0%{?fedora} >= 41
Requires: nftables
%else
Requires: iptbles
%endif
users still get to choose to use either nftbles or iptables but we
force install of the package we consider to be the default. This
would reduce chances of a user making a mistake only having iptables
installed, at the time they instal libvirt, when they would really
be quite happy with the default of nftables.
The only downside is that non-default deployments would have both
nftables & iptables RPMs present, but that feels harmless given
the size of the packages is tiny.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|