Bug 858648 - libguestfs can not be installed with recent iptables
libguestfs can not be installed with recent iptables
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libguestfs (Show other bugs)
6.4
Unspecified Unspecified
urgent Severity urgent
: rc
: ---
Assigned To: Richard W.M. Jones
Virtualization Bugs
:
Depends On:
Blocks: 889538
  Show dependency treegraph
 
Reported: 2012-09-19 06:08 EDT by Fabian Deutsch
Modified: 2013-03-13 04:55 EDT (History)
6 users (show)

See Also:
Fixed In Version: libguestfs-1.16.30-4.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 889538 (view as bug list)
Environment:
Last Closed: 2013-02-21 03:38:51 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Fabian Deutsch 2012-09-19 06:08:09 EDT
Description of problem:
There are currently problems between libguestfs and iptables (might be related to bug #747068)

Version-Release number of selected component (if applicable):
libguestfs-1.16.30-2.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. 
2.
3.
  
Actual results:
libguestfs can not be installed

Expected results:
libguestfs installs fine

Additional info:
    Error creating Live CD : Failed to build transaction : 1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libiptc.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libip4tc.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libxtables.so.4
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libipq.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libip6tc.so.0
Comment 2 Richard W.M. Jones 2012-09-19 06:20:16 EDT
This is caused by the change to iptables in bug 747068.

The new iptables package (only in RHEL 6.4, not in Fedora)
uses alternatives in %post to set up symlinks to all of
the binaries and libraries.  It's pretty crazy:

$ rpm -q --scripts -p iptables-1.4.7-7.el6.x86_64.rpm 
postinstall scriptlet (using /bin/sh):
/sbin/ldconfig
/sbin/chkconfig --add iptables
/usr/sbin/alternatives --install /sbin/iptables iptables /sbin/iptables-1.4.7 90 \
        --slave /sbin/iptables-multi sbin-iptables-multi /sbin/iptables-multi-1.4.7 \
        --slave /sbin/iptables-restore sbin-iptables-restore  /sbin/iptables-restore-1.4.7 \
        --slave /sbin/iptables-save sbin-iptables-save /sbin/iptables-save-1.4.7 \
        --slave /bin/iptables-xml bin-iptables-xml /bin/iptables-xml-1.4.7 \
        --slave /usr/share/man/man8/iptables-restore.8.gz man-iptables-restore /usr/share/man/man8/iptables-restore-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables-save.8.gz man-iptables-save /usr/share/man/man8/iptables-save-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables-xml.8.gz man-iptables-xml /usr/share/man/man8/iptables-xml-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables.8.gz man-iptables /usr/share/man/man8/iptables-1.4.7.8.gz \
        --slave /lib64/xtables lib-xtables /lib64/xtables-1.4.7 \
        --slave /lib64/libip4tc.so.0 libip4tc0 /lib64/libip4tc.so.0-1.4.7 \
        --slave /lib64/libip4tc.so.0.0.0 libip4tc000 /lib64/libip4tc.so.0.0.0-1.4.7 \
        --slave /lib64/libip6tc.so.0 libip6tc0 /lib64/libip6tc.so.0-1.4.7 \
        --slave /lib64/libip6tc.so.0.0.0 libip6tc000 /lib64/libip6tc.so.0.0.0-1.4.7 \
        --slave /lib64/libiptc.so.0 libiptc0 /lib64/libiptc.so.0-1.4.7 \
        --slave /lib64/libiptc.so.0.0.0 libiptc000 /lib64/libiptc.so.0.0.0-1.4.7 \
        --slave /lib64/libipq.so.0 libipq0 /lib64/libipq.so.0-1.4.7 \
        --slave /lib64/libipq.so.0.0.0 libipq000 /lib64/libipq.so.0.0.0-1.4.7 \
        --slave /lib64/libxtables.so.4 libxtables4 /lib64/libxtables.so.4-1.4.7 \
        --slave /lib64/libxtables.so.4.0.0 libxtables400 /lib64/libxtables.so.4.0.0-1.4.7 \
        --slave /etc/rc.d/init.d/iptables iptables-init /etc/rc.d/init.d/iptables-1.4.7 \
        --initscript iptables-1.4.7

As a result there is no longer any /sbin/iptables binary, nor any
libraries, until after the %post script has run.  This makes the
binary and libraries effectively invisible to libguestfs.

I suspect the simplest thing here is just to block iptables when
building the appliance, ie: add ^iptables to appliance/excludelist.in.
Comment 3 Mike Burns 2012-09-19 09:23:14 EDT
Note that this also blocks all building of RHEV-H in 6.4 effectively stopping all ability to test patches until it is fixed.
Comment 4 Richard W.M. Jones 2012-09-20 03:18:21 EDT
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4891185

I've fired off this build which:
* Should build against new krb5-libs (added as a build-override)
* Masks iptables package entirely from the appliance.

It's still building and I haven't really tested it at all.
Comment 5 Richard W.M. Jones 2012-09-20 03:31:57 EDT
Well that failed because qemu is now broken in RHEL 6:

DEBUG util.py:256:  2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  Error: Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  Error: Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 (build)

Presumably this needs some other build overrides?
Comment 6 Richard W.M. Jones 2012-09-20 03:35:47 EDT
I don't understand why that fails because both qemu &
usbredir-0.5.1-1.el6 seem to be tagged into RHEL-6.4-temp-override
already.

I kicked off another build just in case the first was
an anomaly:

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4891235
Comment 7 Richard W.M. Jones 2012-09-24 12:40:14 EDT
I finally managed to get a successful build:

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789
Comment 8 Wei Shi 2012-09-25 01:20:32 EDT
(In reply to comment #7)
> I finally managed to get a successful build:
> 
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789

I failed again with the new packages.

[root@amd-5600-4-1 libguestfs_new]# yum localinstall *.rpm
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Local Package Process
Examining libguestfs-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-1.16.30-3.el6.x86_64
Marking libguestfs-1.16.30-3.el6.x86_64.rpm to be installed
Examining libguestfs-tools-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-tools-1.16.30-3.el6.x86_64
Marking libguestfs-tools-1.16.30-3.el6.x86_64.rpm to be installed
Examining libguestfs-tools-c-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-tools-c-1.16.30-3.el6.x86_64
Marking libguestfs-tools-c-1.16.30-3.el6.x86_64.rpm to be installed
Examining perl-Sys-Guestfs-1.16.30-3.el6.x86_64.rpm: 1:perl-Sys-Guestfs-1.16.30-3.el6.x86_64
Marking perl-Sys-Guestfs-1.16.30-3.el6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package libguestfs.x86_64 1:1.16.30-3.el6 will be installed
--> Processing Dependency: /lib64/libip4tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libip6tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libipq.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libiptc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libxtables.so.4 for package: 1:libguestfs-1.16.30-3.el6.x86_64
---> Package libguestfs-tools.x86_64 1:1.16.30-3.el6 will be installed
---> Package libguestfs-tools-c.x86_64 1:1.16.30-3.el6 will be installed
---> Package perl-Sys-Guestfs.x86_64 1:1.16.30-3.el6 will be installed
--> Processing Dependency: /lib64/libip4tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libxtables.so.4 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libiptc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libipq.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libip6tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Finished Dependency Resolution
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libip4tc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libipq.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libip6tc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libiptc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libxtables.so.4
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
Comment 9 Wei Shi 2012-09-25 01:55:16 EDT
(In reply to comment #8)
> (In reply to comment #7)
> > I finally managed to get a successful build:
> > 
> > http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789
> 
> I failed again with the new packages.
> 
> [root@amd-5600-4-1 libguestfs_new]# yum localinstall *.rpm

1. prepare a RHEL6.3 host(kernel 2.6.32-279.el6.x86_64)
2. remove libguestfs packages
3. update iptables to 1.4.7-7.el6.x86_64
4. update latest krb5-libs
5. install latest libguestfs packages 1.16.30-3.el6.x86_64
Comment 11 Richard W.M. Jones 2012-09-25 12:01:10 EDT
(In reply to comment #8)
> (In reply to comment #7)
> > I finally managed to get a successful build:
> > 
> > http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789
> 
> I failed again with the new packages.

I agree, this fails for me too.  For some reason adding
the iptables package to the exclude list didn't work.
Comment 12 Richard W.M. Jones 2012-09-25 12:04:52 EDT
Doh, that's because I didn't actually add the patch
to the spec file.  Let's try this one again ...

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4907320
Comment 13 Richard W.M. Jones 2012-09-25 12:25:31 EDT
Please try libguestfs 1.16.30-4.el6.  I have tested it
locally and it works for me.
Comment 14 Wei Shi 2012-09-25 21:32:05 EDT
(In reply to comment #13)
> Please try libguestfs 1.16.30-4.el6.  I have tested it
> locally and it works for me.

The new packages 1.16.30-4 have been installed successfully.
Comment 15 Wei Shi 2012-09-25 21:36:52 EDT
(In reply to comment #14)
> (In reply to comment #13)
> > Please try libguestfs 1.16.30-4.el6.  I have tested it
> > locally and it works for me.
> 
> The new packages 1.16.30-4 have been installed successfully.

[root@amd-5600-4-1 libguestfs_new]# rpm -qa  | grep libguestfs
python-libguestfs-1.16.30-4.el6.x86_64
libguestfs-tools-c-1.16.30-4.el6.x86_64
libguestfs-tools-1.16.30-4.el6.x86_64
libguestfs-1.16.30-4.el6.x86_64
[root@amd-5600-4-1 libguestfs_new]# rpm -qa | grep iptables
iptables-1.4.7-7.el6.x86_64
iptables-ipv6-1.4.7-7.el6.x86_64
[root@amd-5600-4-1 libguestfs_new]# rpm -qa | grep krb5-lib
krb5-libs-1.10.3-5.el6.x86_64
Comment 17 Mohua Li 2012-11-07 01:43:58 EST
this bug fixed in the recent 6.4 build,  libguestfs-1.16.32-2.el6.x86_64
Comment 19 errata-xmlrpc 2013-02-21 03:38:51 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0324.html

Note You need to log in before you can comment on or make changes to this bug.