Bug 525153 - firewall-tui requirements are too heavy
Summary: firewall-tui requirements are too heavy
Alias: None
Product: Fedora
Classification: Fedora
Component: system-config-firewall
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 519838 554536 575256
TreeView+ depends on / blocked
Reported: 2009-09-23 14:47 UTC by Peter Vrabec
Modified: 2010-03-19 20:41 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-29 15:45:00 UTC
Type: ---

Attachments (Terms of Use)

Description Peter Vrabec 2009-09-23 14:47:22 UTC
Description of problem:

The major differences between results of minimal platform project 
in F11 and F12 are:
* new SUID binary (consolehelper) 
* new running service(messagebus)

We need to get rid of these but our problem are dependencies. system-config-firewall-tui is force installed by anaconda because anaconda needs lokkit.

This is dependencie tree:
486K     ┌─<+dbus                      1.2.16-4.fc12.i686
540K     ├─< dbus-glib                 0.82-2.fc12.i686
2.0M     │       ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M     │   ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
773K     ├─< dbus-python               0.83.0-6.fc12.i686
3.1M     ├─< policycoreutils           2.0.68-1.fc12.i686
279K ┌─<+dbus-libs                 1.2.16-4.fc12.i686

2.0M     ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
755K usermode                  1.100-4.i686

Can you create separate - individual package for lokkit, that would be required by anaconda, but it won't require: system-config-network-tui-> usermode & dbus.

Additional info:

Comment 1 Thomas Woerner 2009-09-23 15:50:43 UTC
system-config-firewall-tui has no direct dependency to usermode and dbus. It has a dependency to system-config-network-tui, because it is using parts of it to get information about network interfaces for the tui.

In principle it is possible to separate lokkit, but planed it to create a new firewall system for F-13 and EL-6.1, which will depend on dbus even for command line interfaces. There will be one institution in the system, that will decide what can and can't be done and from whom to prevent conflicts on the netfilter kernel level.

Therefore dropping the dbus requirement will be only a limited time solution.

What do you think about this?

Comment 2 Steve Grubb 2009-09-23 16:13:48 UTC
What we really need is for anaconda to not require s-c-firewall-tui, but lokkit so that it does not drag in all these dependencies. This way the TUI is not installed and you can hook that up to dbus without affecting the minimal install. Would the utility, lokkit, be getting a dbus hookup, too?

Comment 3 Thomas Woerner 2009-09-23 16:29:34 UTC
Yes, this is planned.

Comment 4 Peter Vrabec 2009-09-24 14:21:43 UTC
I'm fine with this limited time solution. There is not only one benefit of separate lokkit. Would be possible to make this real for F12/RHEL6?

Comment 5 Thomas Woerner 2009-09-29 15:45:00 UTC
Fixed in rawhide (and F-12) in package system-config-firewall-1.2.20-1 or newer.

Please have a look at system-config-firewall-base. It contains the base components and also the command line tool lokkit.

Note You need to log in before you can comment on or make changes to this bug.