Bug 523709
| Summary: | do not force install system-config-firewall-tui | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Peter Vrabec <pvrabec> |
| Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | anaconda-maint-list, mvadkert, sgrubb, vanmeeuwen+fedora |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-10-07 15:23:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 519838, 554536, 575256 | ||
|
Description
Peter Vrabec
2009-09-16 14:07:08 UTC
system-config-firewall-tui is required to install lokkit, which is required for anaconda to set up the firewall config on the installed system. thnx. for explanation, Chris. It's also clear to me that anaconda guidelines say that standard tools should be used whenever it's possible.
But I'm still curios why system-config-firewall-tui is NOT installed on F11 (minimal install). What cause this change? I have looked into the code and I can see same thing in both F11 & F12
# anaconda requires several programs on the installed system to complete
# installation, but we have no guarantees that some of these will be
# installed (they could have been removed in kickstart). So we'll force
# it.
def selectAnacondaNeeds(self):
for pkg in ['authconfig', 'chkconfig', 'mkinitrd', 'system-config-firewall-tui']:
I think the ideal solution would be if all system-config-* tools provide library interface. Do you know if there is any effort for this?
Do you realize that installing s-c-firewall-tui requires s-c-network-tui which requires dbus-python which requires dbus-libs which requires dbus ... Altogether, this drags in about 23 Mb of packages to the minimal install. Would it be possible to uninstall all these packages if s-c-firewall-tui has not been asked for? No, lokkit is required on the installed system so that anaconda can chroot over and run it. We need to do that so there's any iptables configuration at all when the system is initially booted. It's not a matter of the user asking for it to be installed or not. If you really want to have fewer things to audit, you could get lokkit broken out into its own subpackage and then anaconda would only need to require that. Anyway, dbus is a critical component of a Fedora system these days. More and more system components are requiring it and it's listed as a critical path package. So, you really can't help but have it and any security auditing you're doing needs to take this into consideration. Keep in mind that NetworkManager is the preferred method of configuring the network these days and it requires dbus. (In reply to comment #4) > No, lokkit is required on the installed system so that anaconda can chroot over > and run it. We need to do that so there's any iptables configuration at all > when the system is initially booted. It's not a matter of the user asking for > it to be installed or not. If you really want to have fewer things to audit, > you could get lokkit broken out into its own subpackage and then anaconda would > only need to require that. system-config-firewall-base that provides lokkit is available now, can you use it in anaconda, please. see: https://bugzilla.redhat.com/show_bug.cgi?id=525153 Done. Now if this needs to be in F-12 and RHEL-6 as well, we're going to need the new system-config-firewall-base package put into that tree before the anaconda part can be committed on those branches. Right now, it's only on head. |