Red Hat Bugzilla – Bug 525153
firewall-tui requirements are too heavy
Last modified: 2010-03-19 16:41:24 EDT
Description of problem:
The major differences between results of minimal platform project
in F11 and F12 are:
* new SUID binary (consolehelper)
* new running service(messagebus)
We need to get rid of these but our problem are dependencies. system-config-firewall-tui is force installed by anaconda because anaconda needs lokkit.
This is dependencie tree:
486K ┌─<+dbus 1.2.16-4.fc12.i686
540K ├─< dbus-glib 0.82-2.fc12.i686
2.0M │ ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M │ ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
773K ├─< dbus-python 0.83.0-6.fc12.i686
3.1M ├─< policycoreutils 2.0.68-1.fc12.i686
279K ┌─<+dbus-libs 1.2.16-4.fc12.i686
2.0M ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
755K usermode 1.100-4.i686
Can you create separate - individual package for lokkit, that would be required by anaconda, but it won't require: system-config-network-tui-> usermode & dbus.
system-config-firewall-tui has no direct dependency to usermode and dbus. It has a dependency to system-config-network-tui, because it is using parts of it to get information about network interfaces for the tui.
In principle it is possible to separate lokkit, but planed it to create a new firewall system for F-13 and EL-6.1, which will depend on dbus even for command line interfaces. There will be one institution in the system, that will decide what can and can't be done and from whom to prevent conflicts on the netfilter kernel level.
Therefore dropping the dbus requirement will be only a limited time solution.
What do you think about this?
What we really need is for anaconda to not require s-c-firewall-tui, but lokkit so that it does not drag in all these dependencies. This way the TUI is not installed and you can hook that up to dbus without affecting the minimal install. Would the utility, lokkit, be getting a dbus hookup, too?
Yes, this is planned.
I'm fine with this limited time solution. There is not only one benefit of separate lokkit. Would be possible to make this real for F12/RHEL6?
Fixed in rawhide (and F-12) in package system-config-firewall-1.2.20-1 or newer.
Please have a look at system-config-firewall-base. It contains the base components and also the command line tool lokkit.