Created attachment 2045491 [details] DNF log Description of problem: The server update is blocked by the iptables-legacy requiring iptables-libs-1.8.10-2 and the iptables-libs itself being updatable to 1.8.10-4. Version-Release number of selected component (if applicable): 1.8.10-2.2.el9 How reproducible: Have iptables-libs 1.8.10-2.el9 installed along with iptables-legacy 1.8.10-2.2.el9. Update is then blocked.
is there any way to raise this in priority? it should be a pretty simple rebuild against the latest version and the number of watchers on this bug indicate a fair amount of interest
Bug seems to be fixed at this point. Seems to be fixed by letting iptables-libs provide a lower version: dnf repoquery --provides iptables-libs Last metadata expiration check: 0:05:43 ago on Wed 25 Sep 2024 01:29:28 PM CEST. iptables-libs = 1.8.10-2.el9 iptables-libs = 1.8.10-4.el9_4 iptables-libs(x86-32) = 1.8.10-2.el9 iptables-libs(x86-32) = 1.8.10-4.el9_4 iptables-libs(x86-64) = 1.8.10-2.el9 iptables-libs(x86-64) = 1.8.10-4.el9_4 [...]
sadly as of this morning I'm not seeing the same updated provides in the UBI9 version of iptables-libs: [root@f33af735ab8d /]# dnf repoquery --provides iptables-libs Extra Packages for Enterprise Linux 9 - x86_64 12 MB/s | 23 MB 00:01 Red Hat Universal Base Image 9 (RPMs) - BaseOS 1.3 MB/s | 524 kB 00:00 Red Hat Universal Base Image 9 (RPMs) - AppStream 8.3 MB/s | 2.1 MB 00:00 Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder 1.2 MB/s | 278 kB 00:00 iptables-libs = 1.8.10-4.el9_4 iptables-libs(x86-32) = 1.8.10-4.el9_4 iptables-libs(x86-64) = 1.8.10-4.el9_4 ... snipped ... so I still think the proper solution would be a rebuild of the iptables-legacy package against the newer iptables-libs package(s)
Not sure if this would help other users or not, but I had a legacy setup with /etc/sysconfig/iptables, and the "iptables-services" RPM that loads and saves these rules, and was also waiting for a fix to this bug. I discovered that replacing: * iptables-services * iptables-legacy * iptables-legacy-libs with: * iptables-nft-services * iptables-nft was sufficient to move to supported baseos and appstream RPMs and accomplish the same thing as the legacy iptables-services RPM, with no other configuration changes besides re-enabling the iptables service with "systemctl enable iptables".
Any chance this can be prioritized? It is blocking several upgrades.
PR welcome. It's been a busy month with conference travel, and since I manage a Stream fleet at work, not RHEL UBI, it is hard to otherwise prioritize issues like this
(In reply to Michel Lind from comment #6) > PR welcome. It's been a busy month with conference travel, and since I > manage a Stream fleet at work, not RHEL UBI, it is hard to otherwise > prioritize issues like this I've sent a PR here: https://src.fedoraproject.org/rpms/iptables-epel/pull-request/3 Built locally with mock, tested ok.
Taking time off from PTO to do this
FEDORA-EPEL-NEXT-2024-6734f8a3cf (iptables-epel-1.8.10-5.1.el9.next) has been submitted as an update to Fedora EPEL 9 Next. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-NEXT-2024-6734f8a3cf
FEDORA-EPEL-2024-f377ada79a (iptables-epel-1.8.10-4.1.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f377ada79a
FEDORA-EPEL-NEXT-2024-6734f8a3cf has been pushed to the Fedora EPEL 9 Next testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-NEXT-2024-6734f8a3cf See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-f377ada79a has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f377ada79a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-NEXT-2024-6734f8a3cf (iptables-epel-1.8.10-5.1.el9.next) has been pushed to the Fedora EPEL 9 Next stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2024-f377ada79a (iptables-epel-1.8.10-4.1.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.