669848 – anaconda should not always drag in system-config-firewall-base

Bug 669848 - anaconda should not always drag in system-config-firewall-base

Summary: anaconda should not always drag in system-config-firewall-base

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	anaconda
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Anaconda Maintenance Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-01-15 00:31 UTC by Curtis Doty
Modified:	2011-01-21 14:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-01-21 14:20:14 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Curtis Doty 2011-01-15 00:31:28 UTC

In pyanaconda/yuminstall.py:YumBackend().selectAnacondaNeeds() there is a dependency on system-config-firewall-base which then also drags in iptables-ipv6.

Minimalist kickstart installs don't need this and may have these options which are unfortunately ignored:

%packages
-system-config-firewall-base

However, that kickstart config is unfortunately ignored and the package is installed anyways along with any unneeded dependencies it has.

Workaround is to forcibly remove them in %post, but this is ugly and wastes time.

Comment 1 Chris Lumens 2011-01-15 15:12:31 UTC

This is required to set up the firewall, so we're not going to remove the package requirement.

Comment 2 Curtis Doty 2011-01-15 16:47:01 UTC

But in this kickstart scenario:

firewall --disabled
%packages
-system-config-firewall-base

It really doesn't need to be installed. Maybe something like this?

(untested)
    def selectAnacondaNeeds(self):
        for pkg in ['authconfig', 'chkconfig']:
            self.selectPackage(pkg)
        if anaconda.firewall:
            self.selectPackage('system-config-firewall-base')

Thanks for considering.

Comment 3 Chris Lumens 2011-01-21 14:20:14 UTC

The thing is, we also use lokkit (included in s-c-f-b) to disable the firewall.  This has the advantage of anaconda not needing to know what the default state of the firewall config as shipped.  This really is a bit of a corner case, and you've already got a workaround.

Note You need to log in before you can comment on or make changes to this bug.