Hide Forgot
Description of problem: In rawhide or F25 do: $ rpm -e --nodeps iptables-services iptables then try to install iptables-services: $ dnf install iptables-services it ends with: Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. Not debugged closely, however cause might be this funky stuff in iptables spec file: %package services Requires: %{name} = %{version}-%{release} # provide and obsolete old main package Provides: %{name} = 1.4.16.1 Obsoletes: %{name} < 1.4.16.1 %{name} expands to iptables, so iptables-services itself provides iptables of one version and then requires iptables of a different version (sic!). I don't understand why that make sense, however at least I think this might confuse dnf. btw: same issue is seen with yum-deprecated. This causes kickstart based installs of Fedora 25 to crash if iptables-services is included as package to install.
Even more strange: dnf download iptables-services and then dnf localinstall works: $ dnf localinstall iptables-services-1.6.0-2.fc25.x86_64.rpm [snip] Installed: iptables-services.x86_64 1.6.0-2.fc25 iptables.x86_64 1.6.0-2.fc25 Those this mean createrepo data about iptables-services is wrong?
Indeed, $ rpm -qp --requires iptables-services-1.6.0-2.fc25.x86_64.rpm |grep iptables config(iptables-services) = 1.6.0-2.fc25 iptables = 1.6.0-2.fc25 while createrepo_c -d . gives only: <rpm:requires> <rpm:entry name="/bin/bash"/> <rpm:entry name="/bin/sh" pre="1"/> <rpm:entry name="/bin/sh"/> <rpm:entry name="systemd" pre="1"/> <rpm:entry name="systemd"/> </rpm:requires>
createrepo works fine: <rpm:requires> <rpm:entry name="/bin/bash"/> <rpm:entry name="/bin/sh"/> <rpm:entry name="/bin/sh" pre="1"/> <rpm:entry name="iptables" flags="EQ" epoch="0" ver="1.6.0" rel="2.fc25"/> <rpm:entry name="systemd"/> <rpm:entry name="systemd" pre="1"/> </rpm:requires>
This is caused by a logic in createrepo_c which excludes from requires items which are already available in provides: https://github.com/rpm-software-management/createrepo_c/blob/master/src/parsehdr.c#L360-L365 This logic works only with dep names and doesn't take versions and flags into account. This could be solved by taking the version and flags into consideration. Thomas, I wonder why does RPM "iptables-services-1.6.0-2.fc25.x86_64.rpm" [1]: A) provides "iptables = 1.4.16.1" while requires "iptables = 1.6.0-2.fc25"? Is that intentional? B) Provides and requires "config(iptables-services) = 1.6.0-2.fc25" in the same time? Provide a require the same dep doesn't make a sense to me. [1] http://koji.fedoraproject.org/koji/rpminfo?rpmID=7893164
Any updates here?
can't update fedora 25: dnf --disablerepo=\* --enablerepo=updates --enablerepo=fedora -y upgrade Last metadata expiration check: 0:01:11 ago on Sun Feb 19 14:54:12 2017. Dependencies resolved. ================================================================================ Package Arch Version Repository Size ================================================================================ Upgrading: iptables x86_64 1.6.0-3.fc25 updates 416 k iptables-libs x86_64 1.6.0-3.fc25 updates 87 k Reinstalling: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k Skipping packages with broken dependencies: iptables-services x86_64 1.6.0-3.fc25 updates 53 k Transaction Summary ================================================================================ Upgrade 2 Packages Skip 1 Package Total size: 557 k Downloading Packages: Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'.
Here is a scratch build with a patch [1] that should fix the issue: https://koji.fedoraproject.org/koji/taskinfo?taskID=17965516 Chris, could you please try to install the build and let me know, if that fixed your issue? [1] https://github.com/rpm-software-management/createrepo_c/commit/375cb752bc2ce1e2d7ecb898f926b5f33933b9f0
Hi Tomas, I also have this issue. The scratch build doesn't resolve the issue for me. dnf install ./createrepo_c-0.11.1-1.fc25.x86_64.rpm ./createrepo_c-libs-0.11.1-1.fc25.x86_64.rpm Last metadata expiration check: 1:57:18 ago on Mon Feb 20 14:19:45 2017. Dependencies resolved. ================================================================================================================================================================================ Package Arch Version Repository Size ================================================================================================================================================================================ Installing: createrepo_c x86_64 0.11.1-1.fc25 @commandline 74 k createrepo_c-libs x86_64 0.11.1-1.fc25 @commandline 94 k drpm x86_64 0.3.0-3.fc25 fedora 67 k Transaction Summary ================================================================================================================================================================================ Install 3 Packages Total size: 235 k Total download size: 67 k Installed size: 520 k Is this ok [y/N]: y Downloading Packages: drpm-0.3.0-3.fc25.x86_64.rpm 3.0 MB/s | 67 kB 00:00 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 400 kB/s | 67 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : drpm-0.3.0-3.fc25.x86_64 1/3 Installing : createrepo_c-libs-0.11.1-1.fc25.x86_64 2/3 /sbin/ldconfig: relative path `1' used to build cache warning: %post(createrepo_c-libs-0.11.1-1.fc25.x86_64) scriptlet failed, exit status 1 Non-fatal POSTIN scriptlet failure in rpm package createrepo_c-libs Non-fatal POSTIN scriptlet failure in rpm package createrepo_c-libs Installing : createrepo_c-0.11.1-1.fc25.x86_64 3/3 Verifying : createrepo_c-libs-0.11.1-1.fc25.x86_64 1/3 Verifying : createrepo_c-0.11.1-1.fc25.x86_64 2/3 Verifying : drpm-0.3.0-3.fc25.x86_64 3/3 Installed: createrepo_c.x86_64 0.11.1-1.fc25 createrepo_c-libs.x86_64 0.11.1-1.fc25 drpm.x86_64 0.3.0-3.fc25 dnf update Last metadata expiration check: 1:57:28 ago on Mon Feb 20 14:19:45 2017. Dependencies resolved. Reinstalling: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k Skipping packages with broken dependencies: iptables-services x86_64 1.6.0-3.fc25 updates 53 k Transaction Summary ================================================================================================================================================================================ Install 2 Packages Upgrade 64 Packages Skip 1 Package otal 4.5 MB/s | 47 MB 00:10 Delta RPMs reduced 76.3 MB of updates to 47.3 MB (38.1% saved) Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'.
Tomas, to clarify, not just install, but run createrepo_c on a mirror of the updates repo (which I do have)? If the former, Ed has shown that doesn't work; if the latter, I'd appreciate a full command line to run to keep all metadata intact. Thanks, Chris
Hi All, Since F25 uses firewalld, I decided to remove the ip tables! dnf remove iptables-services-1.6.0-2.fc25.x86_64 Dependencies resolved. ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Removing: iptables-services x86_64 1.6.0-2.fc25 @@commandline 24 k system-config-firewall noarch 1.2.29-12.fc21 @fedora 577 k system-config-firewall-base noarch 1.2.29-12.fc21 @fedora 2.3 M system-config-firewall-tui noarch 1.2.29-12.fc21 @fedora 59 k Transaction Summary ==================================================================================================== Remove 4 Packages Installed size: 2.9 M Is this ok [y/N]: y Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Erasing : system-config-firewall-1.2.29-12.fc21.noarch 1/4 Erasing : system-config-firewall-tui-1.2.29-12.fc21.noarch 2/4 Erasing : system-config-firewall-base-1.2.29-12.fc21.noarch 3/4 Erasing : iptables-services-1.6.0-2.fc25.x86_64 4/4 Verifying : system-config-firewall-1.2.29-12.fc21.noarch 1/4 Verifying : system-config-firewall-base-1.2.29-12.fc21.noarch 2/4 Verifying : system-config-firewall-tui-1.2.29-12.fc21.noarch 3/4 Verifying : iptables-services-1.6.0-2.fc25.x86_64 4/4 Removed: iptables-services.x86_64 1.6.0-2.fc25 system-config-firewall.noarch 1.2.29-12.fc21 system-config-firewall-base.noarch 1.2.29-12.fc21 system-config-firewall-tui.noarch 1.2.29-12.fc21 Complete! So then I installed my updates! dnf --refresh update Opera packages 967 kB/s | 12 kB 00:00 google-chrome 78 kB/s | 3.8 kB 00:00 PlayOnLinux Official repository 2.6 MB/s | 80 kB 00:00 Dependencies resolved. ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: kernel x86_64 4.9.10-200.fc25 updates 95 k kernel-core x86_64 4.9.10-200.fc25 updates 20 M kernel-debug-devel x86_64 4.9.10-200.fc25 updates 11 M kernel-modules x86_64 4.9.10-200.fc25 updates 22 M libidn2 i686 0.16-1.fc25 updates 86 k ostree-libs x86_64 2017.2-2.fc25 updates 255 k ......... Removed: kernel.x86_64 4.9.7-201.fc25 kernel-core.x86_64 4.9.7-201.fc25 kernel-debug-devel.x86_64 4.9.7-201.fc25 kernel-modules.x86_64 4.9.7-201.fc25 Installed: kernel.x86_64 4.9.10-200.fc25 kernel-core.x86_64 4.9.10-200.fc25 kernel-debug-devel.x86_64 4.9.10-200.fc25 kernel-modules.x86_64 4.9.10-200.fc25 libidn2.i686 0.16-1.fc25 ostree-libs.x86_64 2017.2-2.fc25 Complete! Then I try to reinstall. dnf install system-config-firewall Last metadata expiration check: 0:07:24 ago on Tue Feb 21 10:15:16 2017. Dependencies resolved. ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: iptables-services x86_64 1.6.0-2.fc25 fedora 54 k system-config-firewall noarch 1.2.29-12.fc21 fedora 119 k system-config-firewall-base noarch 1.2.29-12.fc21 fedora 415 k system-config-firewall-tui noarch 1.2.29-12.fc21 fedora 39 k Transaction Summary ==================================================================================================== Install 4 Packages Total download size: 627 k Installed size: 2.9 M Is this ok [y/N]: y Downloading Packages: (1/4): system-config-firewall-1.2.29-12.fc21.noarch.rpm 1.6 MB/s | 119 kB 00:00 (2/4): iptables-services-1.6.0-2.fc25.x86_64.rpm 2.3 MB/s | 54 kB 00:00 (3/4): system-config-firewall-tui-1.2.29-12.fc21.noarch.rpm 408 kB/s | 39 kB 00:00 (4/4): system-config-firewall-base-1.2.29-12.fc21.noarch.rpm 3.9 MB/s | 415 kB 00:00 ---------------------------------------------------------------------------------------------------- Total 2.6 MB/s | 627 kB 00:00 Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Why do we see F21 packages, I guess these need to be updated? This must be a problem in this issue... I also guess since firewalld is the replacement of the iptables, these packages are not updated anymore. Maybe this helps people?
I have a complex firewall configured with iptables. Switching to firewalld is complex and I'm not ready for, but I see the writing on the wall...I'll have to make time soon. :-) Ed: no worries on the .fc21 in the package release, it is normal for packages to be "brought forward".
Hi Chris, Understand where you are, that's some work. What terrifies me a bit, is that I see these issues on quite recently installed F25 workstations nothing fancy, and I would guess there would be a lot of people having these problems other then the few here.
For what it is worth, I am trying to upgrade from F24 to F25 and I have a scary missing dep about iptables: $ sudo dnf system-upgrade download --refresh --releasever=25 [...] Running transaction check Error: transaction check vs depsolve: iptables = 1.6.0-2.fc25 is needed by iptables-services-1.6.0-2.fc25.x86_64 To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'. You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix the issue. Download complete! Use 'dnf system-upgrade reboot' to start the upgrade. The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. I do not dare trigger the "system-upgrade reboot". Could it be related to this bug?
Yes this might very well be related with this issue and it looks the same. If you don't use ip tables ( or use no firewall at all ) and use firewalld, you can remove the package and run the upgrade again, this will solve the issue. If you do use ip tables I think you need to keep watching this issue until a fixed will be proposed.
$ sudo dnf remove iptables [sudo] password for lrineau: Dependencies resolved. Error: The operation would result in removing the following protected packages: dnf, systemd. ... I will wait! (Remember my current system is F24.)
And if you just remove iptables-services instead?
The command `dnf remove iptables-services` only removes that package, without error. And then the "transaction check" and the "transaction test" of `dnf system-upgrade download --refresh --releasever=25` both finish without any error. Thanks.
This message is a reminder that Fedora 25 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 25. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '25'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 25 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
I believe the mentioned commit: https://github.com/rpm-software-management/createrepo_c/commit/375cb752bc2ce1e2d7ecb898f926b5f33933b9f0 resolves this bz. The way I see it: Using package with: Requires: %{name} = 2 Provides: %{name} = 1 Obsoletes: %{name} < 1 createrepo_c with the commit ran on the example package generates correct primary.xml with necessary requires section, without it the requires section is missing.
The fix is already in Fedora 29 and newer, therefore, I am closing this. If you can still reproduce this bug with a repository that was generated with the latest createrepo_c, please don't hesitate to reopen this bug report.