Bug 798369 - ipset conflicts with xtables-addons
ipset conflicts with xtables-addons
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: ipset (Show other bugs)
16
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Mathieu Bridon
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-28 13:15 EST by Lubos Stanek
Modified: 2012-06-05 18:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-05 18:29:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubos Stanek 2012-02-28 13:15:36 EST
Description of problem:
RPMFusion provides a combined package wih ipset netfilter extension in the packages xtables-addons.

Transaction Check Error:
  file /usr/lib64/libipset.so.1.0.0 from install of ipset-6.9.1-2.fc16.x86_64
conflicts with file from package xtables-addons-1.41-1.fc16.x86_64

How reproducible:
Install ipset and xtables-addons.

  
Actual results:
Transaction Check Error:
  file /usr/lib64/libipset.so.1.0.0 from install of ipset-6.9.1-2.fc16.x86_64
conflicts with file from package xtables-addons-1.41-1.fc16.x86_64


Expected results:
The packages should not conflict.

Additional info:
The RPMFusion package provide also the init script for the ipset extension.
Please provide a similar solution.

See also:
https://bugzilla.rpmfusion.org/show_bug.cgi?id=2201
Comment 1 Mathieu Bridon 2012-02-28 20:53:40 EST
Thanks, I didn't know about that package in RPMFusion.

I think to resolve the conflict, the RPMFusion package should either add a "Conflict: ipset" or stop providing ipset.

However, what is this init script about? What does it do? I've never used it, we use ipset without it here, so I'm curious, can you give me more informations? :)

Also, I can't just blindly take the init script as it is since we're now supposed to use systemd unit files for everything in Fedora, but if you can explain to me what the service is supposed to do, I can cook up a unit quickly.
Comment 2 Lubos Stanek 2012-02-29 13:29:08 EST
This goes beyond my possibilities. Packagers from RPMFusion are approved Fedora packagers. You should resolve conflicts without problems.

The init script is similar to the one provided by iptables (a possibility of saving the state).
Just have a look at the sysconfig file and the init script in the RPMFusion package.
Comment 3 Mathieu Bridon 2012-03-01 02:36:37 EST
(In reply to comment #2)
> This goes beyond my possibilities. Packagers from RPMFusion are approved Fedora
> packagers. You should resolve conflicts without problems.

But Fedora packagers are not all RPMFusion packagers.

I'm not a RPMFusion packager, there's nothing I can do about the xtables-addons package.

Finally, one of the RPMFusion founding principles is:
    Both repositories contain only add-on packages and not replacements
    in relation to the base package set. Whereby the base package set is
    defined as: RHEL/CentOS + EPEL or Fedora (Fedora 7+)

As such, it is the xtables-addons package that needs to not conflict with the ipset package from Fedora.

I admit it would have been nice if I had warned the RPMFusion maintainer of xtables-addons when I pushed ipset in Fedora, so we could solve the conflict before it caused problems. Unfortunately, to do that, a Fedora packager would have to know everything that is in RPMFusion, which is not a small task.

So yes, I involuntarily caused a tricky situation, and someone else now has to fix it. Sorry about that.

> The init script is similar to the one provided by iptables (a possibility of
> saving the state).
> Just have a look at the sysconfig file and the init script in the RPMFusion
> package.

Files in /etc/sysconfig are Fedora-/RHEL-specific and as such tend to be deprecated in favor of upstreamable, cross-distribution solutions. That's one more reason I can't just take what's in xtables-addons right now.

I'll try to have a look, but probably won't have the time very soon. That's why I asked if you could provide an explanation of what it does, since you seem to use it, as it would have saved me a significant time, so I could fix this part of the issue much faster.
Comment 4 Nicolas Chauvet (kwizart) 2012-06-05 18:29:43 EDT
xtables-addons was updated to 1.42 in F-16 so it can use the 6.11 ipset that match the current fedora kernel in F-16.

Note You need to log in before you can comment on or make changes to this bug.