On 4/23/24 6:46 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:35PM -0400, Laine Stump wrote:
We really shouldn't be requiring ebtables and iptables any more, since they don't always need to be used. Likewise, we probably should at least Recommend nftables, even though it's pretty much always installed already anyway.
(Changing Requires to Recommends for the nwfilter package is a bit premature, since it currently will always require iptables and ebtables to function properly, but changing those to Recommends leads to a much smaller list of dependent packages removed by "dnf rm iptables/ebtables").
Signed-off-by: Laine Stump <laine@redhat.com> --- libvirt.spec.in | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in index 05f7a7e7c0..66b328671d 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -592,7 +592,8 @@ Summary: Network driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} Requires: dnsmasq >= 2.41 -Requires: iptables +Recommends: iptables +Recommends: nftables
Or we use a bool expression:
Requires: (iptables or nftables)
which guarantees at least one is present and thus no possibility of a broken install
TIL.
%description daemon-driver-network The network driver plugin for the libvirtd daemon, providing @@ -603,8 +604,8 @@ bridge capabilities. Summary: Nwfilter driver plugin for the libvirtd daemon Requires: libvirt-daemon-common = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} -Requires: iptables -Requires: ebtables +Recommends: iptables +Recommends: ebtables
This looks premature since we've not provided an nft backend option for nwfilter. Thus the only effect of this change is to guarantee the ability to create a broken instalation
Yeah, I only left it in here because this is an RFC patch, and I was curious how much it would reduce the side-effect package removals when someone did "dnf rm ebtables iptables" (a lot, it turns out).
When the time comes though we would do
Requires: (iptables or nftables) Requires: (ebtables if iptables)
If only specfiles had a way to slap the admin with a rubber chicken "if iptables"...