Bug 525153 - firewall-tui requirements are too heavy
firewall-tui requirements are too heavy
Product: Fedora
Classification: Fedora
Component: system-config-firewall (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Fedora Extras Quality Assurance
Depends On:
Blocks: 519838 554536 575256
  Show dependency treegraph
Reported: 2009-09-23 10:47 EDT by Peter Vrabec
Modified: 2010-03-19 16:41 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-29 11:45:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Peter Vrabec 2009-09-23 10:47:22 EDT
Description of problem:

The major differences between results of minimal platform project 
in F11 and F12 are:
* new SUID binary (consolehelper) 
* new running service(messagebus)

We need to get rid of these but our problem are dependencies. system-config-firewall-tui is force installed by anaconda because anaconda needs lokkit.

This is dependencie tree:
486K     ┌─<+dbus                      1.2.16-4.fc12.i686
540K     ├─< dbus-glib                 0.82-2.fc12.i686
2.0M     │       ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M     │   ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
773K     ├─< dbus-python               0.83.0-6.fc12.i686
3.1M     ├─< policycoreutils           2.0.68-1.fc12.i686
279K ┌─<+dbus-libs                 1.2.16-4.fc12.i686

2.0M     ┌─< system-config-firewall-tui 1.2.17-1.fc12.noarch
4.6M ┌─< system-config-network-tui 1.5.97-2.fc12.noarch
755K usermode                  1.100-4.i686

Can you create separate - individual package for lokkit, that would be required by anaconda, but it won't require: system-config-network-tui-> usermode & dbus.

Additional info:
Comment 1 Thomas Woerner 2009-09-23 11:50:43 EDT
system-config-firewall-tui has no direct dependency to usermode and dbus. It has a dependency to system-config-network-tui, because it is using parts of it to get information about network interfaces for the tui.

In principle it is possible to separate lokkit, but planed it to create a new firewall system for F-13 and EL-6.1, which will depend on dbus even for command line interfaces. There will be one institution in the system, that will decide what can and can't be done and from whom to prevent conflicts on the netfilter kernel level.

Therefore dropping the dbus requirement will be only a limited time solution.

What do you think about this?
Comment 2 Steve Grubb 2009-09-23 12:13:48 EDT
What we really need is for anaconda to not require s-c-firewall-tui, but lokkit so that it does not drag in all these dependencies. This way the TUI is not installed and you can hook that up to dbus without affecting the minimal install. Would the utility, lokkit, be getting a dbus hookup, too?
Comment 3 Thomas Woerner 2009-09-23 12:29:34 EDT
Yes, this is planned.
Comment 4 Peter Vrabec 2009-09-24 10:21:43 EDT
I'm fine with this limited time solution. There is not only one benefit of separate lokkit. Would be possible to make this real for F12/RHEL6?
Comment 5 Thomas Woerner 2009-09-29 11:45:00 EDT
Fixed in rawhide (and F-12) in package system-config-firewall-1.2.20-1 or newer.

Please have a look at system-config-firewall-base. It contains the base components and also the command line tool lokkit.

Note You need to log in before you can comment on or make changes to this bug.