858648 – libguestfs can not be installed with recent iptables

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 858648 - libguestfs can not be installed with recent iptables

Summary: libguestfs can not be installed with recent iptables

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libguestfs
Sub Component:
Version:	6.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Richard W.M. Jones
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	889538
TreeView+	depends on / blocked

Reported:	2012-09-19 10:08 UTC by Fabian Deutsch
Modified:	2018-11-30 19:17 UTC (History)
CC List:	6 users (show)
Fixed In Version:	libguestfs-1.16.30-4.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	889538 (view as bug list)
Environment:
Last Closed:	2013-02-21 08:38:51 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0324	0	normal	SHIPPED_LIVE	libguestfs bug fix and enhancement update	2013-02-20 20:54:42 UTC

Description Fabian Deutsch 2012-09-19 10:08:09 UTC

Description of problem:
There are currently problems between libguestfs and iptables (might be related to bug #747068)

Version-Release number of selected component (if applicable):
libguestfs-1.16.30-2.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. 
2.
3.
  
Actual results:
libguestfs can not be installed

Expected results:
libguestfs installs fine

Additional info:
    Error creating Live CD : Failed to build transaction : 1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libiptc.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libip4tc.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libxtables.so.4
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libipq.so.0
    1:libguestfs-1.16.30-2.el6.x86_64 requires /lib64/libip6tc.so.0

Comment 2 Richard W.M. Jones 2012-09-19 10:20:16 UTC

This is caused by the change to iptables in bug 747068.

The new iptables package (only in RHEL 6.4, not in Fedora)
uses alternatives in %post to set up symlinks to all of
the binaries and libraries.  It's pretty crazy:

$ rpm -q --scripts -p iptables-1.4.7-7.el6.x86_64.rpm 
postinstall scriptlet (using /bin/sh):
/sbin/ldconfig
/sbin/chkconfig --add iptables
/usr/sbin/alternatives --install /sbin/iptables iptables /sbin/iptables-1.4.7 90 \
        --slave /sbin/iptables-multi sbin-iptables-multi /sbin/iptables-multi-1.4.7 \
        --slave /sbin/iptables-restore sbin-iptables-restore  /sbin/iptables-restore-1.4.7 \
        --slave /sbin/iptables-save sbin-iptables-save /sbin/iptables-save-1.4.7 \
        --slave /bin/iptables-xml bin-iptables-xml /bin/iptables-xml-1.4.7 \
        --slave /usr/share/man/man8/iptables-restore.8.gz man-iptables-restore /usr/share/man/man8/iptables-restore-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables-save.8.gz man-iptables-save /usr/share/man/man8/iptables-save-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables-xml.8.gz man-iptables-xml /usr/share/man/man8/iptables-xml-1.4.7.8.gz \
        --slave /usr/share/man/man8/iptables.8.gz man-iptables /usr/share/man/man8/iptables-1.4.7.8.gz \
        --slave /lib64/xtables lib-xtables /lib64/xtables-1.4.7 \
        --slave /lib64/libip4tc.so.0 libip4tc0 /lib64/libip4tc.so.0-1.4.7 \
        --slave /lib64/libip4tc.so.0.0.0 libip4tc000 /lib64/libip4tc.so.0.0.0-1.4.7 \
        --slave /lib64/libip6tc.so.0 libip6tc0 /lib64/libip6tc.so.0-1.4.7 \
        --slave /lib64/libip6tc.so.0.0.0 libip6tc000 /lib64/libip6tc.so.0.0.0-1.4.7 \
        --slave /lib64/libiptc.so.0 libiptc0 /lib64/libiptc.so.0-1.4.7 \
        --slave /lib64/libiptc.so.0.0.0 libiptc000 /lib64/libiptc.so.0.0.0-1.4.7 \
        --slave /lib64/libipq.so.0 libipq0 /lib64/libipq.so.0-1.4.7 \
        --slave /lib64/libipq.so.0.0.0 libipq000 /lib64/libipq.so.0.0.0-1.4.7 \
        --slave /lib64/libxtables.so.4 libxtables4 /lib64/libxtables.so.4-1.4.7 \
        --slave /lib64/libxtables.so.4.0.0 libxtables400 /lib64/libxtables.so.4.0.0-1.4.7 \
        --slave /etc/rc.d/init.d/iptables iptables-init /etc/rc.d/init.d/iptables-1.4.7 \
        --initscript iptables-1.4.7

As a result there is no longer any /sbin/iptables binary, nor any
libraries, until after the %post script has run.  This makes the
binary and libraries effectively invisible to libguestfs.

I suspect the simplest thing here is just to block iptables when
building the appliance, ie: add ^iptables to appliance/excludelist.in.

Comment 3 Mike Burns 2012-09-19 13:23:14 UTC

Note that this also blocks all building of RHEV-H in 6.4 effectively stopping all ability to test patches until it is fixed.

Comment 4 Richard W.M. Jones 2012-09-20 07:18:21 UTC

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4891185

I've fired off this build which:
* Should build against new krb5-libs (added as a build-override)
* Masks iptables package entirely from the appliance.

It's still building and I haven't really tested it at all.

Comment 5 Richard W.M. Jones 2012-09-20 07:31:57 UTC

Well that failed because qemu is now broken in RHEL 6:

DEBUG util.py:256:  2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 from build has depsolving problems
DEBUG util.py:256:    --> Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  Error: Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-img-0.12.1.2-2.295.el6_3.2.x86_64 (build)
DEBUG util.py:256:  Error: Missing Dependency: libusbredirparser.so.0()(64bit) is needed by package 2:qemu-kvm-0.12.1.2-2.295.el6_3.2.x86_64 (build)

Presumably this needs some other build overrides?

Comment 6 Richard W.M. Jones 2012-09-20 07:35:47 UTC

I don't understand why that fails because both qemu &
usbredir-0.5.1-1.el6 seem to be tagged into RHEL-6.4-temp-override
already.

I kicked off another build just in case the first was
an anomaly:

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4891235

Comment 7 Richard W.M. Jones 2012-09-24 16:40:14 UTC

I finally managed to get a successful build:

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789

Comment 8 Wei Shi 2012-09-25 05:20:32 UTC

(In reply to comment #7)
> I finally managed to get a successful build:
> 
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789

I failed again with the new packages.

[root@amd-5600-4-1 libguestfs_new]# yum localinstall *.rpm
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Local Package Process
Examining libguestfs-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-1.16.30-3.el6.x86_64
Marking libguestfs-1.16.30-3.el6.x86_64.rpm to be installed
Examining libguestfs-tools-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-tools-1.16.30-3.el6.x86_64
Marking libguestfs-tools-1.16.30-3.el6.x86_64.rpm to be installed
Examining libguestfs-tools-c-1.16.30-3.el6.x86_64.rpm: 1:libguestfs-tools-c-1.16.30-3.el6.x86_64
Marking libguestfs-tools-c-1.16.30-3.el6.x86_64.rpm to be installed
Examining perl-Sys-Guestfs-1.16.30-3.el6.x86_64.rpm: 1:perl-Sys-Guestfs-1.16.30-3.el6.x86_64
Marking perl-Sys-Guestfs-1.16.30-3.el6.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package libguestfs.x86_64 1:1.16.30-3.el6 will be installed
--> Processing Dependency: /lib64/libip4tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libip6tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libipq.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libiptc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libxtables.so.4 for package: 1:libguestfs-1.16.30-3.el6.x86_64
---> Package libguestfs-tools.x86_64 1:1.16.30-3.el6 will be installed
---> Package libguestfs-tools-c.x86_64 1:1.16.30-3.el6 will be installed
---> Package perl-Sys-Guestfs.x86_64 1:1.16.30-3.el6 will be installed
--> Processing Dependency: /lib64/libip4tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libxtables.so.4 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libiptc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libipq.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Processing Dependency: /lib64/libip6tc.so.0 for package: 1:libguestfs-1.16.30-3.el6.x86_64
--> Finished Dependency Resolution
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libip4tc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libipq.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libip6tc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libiptc.so.0
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
Error: Package: 1:libguestfs-1.16.30-3.el6.x86_64 (/libguestfs-1.16.30-3.el6.x86_64)
           Requires: /lib64/libxtables.so.4
           Available: iptables-1.4.7-5.1.el6_2.x86_64 (RHEL-Server-6)
               Not found
           Installed: iptables-1.4.7-7.el6.x86_64 (installed)
               Not found
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Comment 9 Wei Shi 2012-09-25 05:55:16 UTC

(In reply to comment #8)
> (In reply to comment #7)
> > I finally managed to get a successful build:
> > 
> > http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789
> 
> I failed again with the new packages.
> 
> [root@amd-5600-4-1 libguestfs_new]# yum localinstall *.rpm

1. prepare a RHEL6.3 host(kernel 2.6.32-279.el6.x86_64)
2. remove libguestfs packages
3. update iptables to 1.4.7-7.el6.x86_64
4. update latest krb5-libs
5. install latest libguestfs packages 1.16.30-3.el6.x86_64

Comment 11 Richard W.M. Jones 2012-09-25 16:01:10 UTC

(In reply to comment #8)
> (In reply to comment #7)
> > I finally managed to get a successful build:
> > 
> > http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4902789
> 
> I failed again with the new packages.

I agree, this fails for me too.  For some reason adding
the iptables package to the exclude list didn't work.

Comment 12 Richard W.M. Jones 2012-09-25 16:04:52 UTC

Doh, that's because I didn't actually add the patch
to the spec file.  Let's try this one again ...

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=4907320

Comment 13 Richard W.M. Jones 2012-09-25 16:25:31 UTC

Please try libguestfs 1.16.30-4.el6.  I have tested it
locally and it works for me.

Comment 14 Wei Shi 2012-09-26 01:32:05 UTC

(In reply to comment #13)
> Please try libguestfs 1.16.30-4.el6.  I have tested it
> locally and it works for me.

The new packages 1.16.30-4 have been installed successfully.

Comment 15 Wei Shi 2012-09-26 01:36:52 UTC

(In reply to comment #14)
> (In reply to comment #13)
> > Please try libguestfs 1.16.30-4.el6.  I have tested it
> > locally and it works for me.
> 
> The new packages 1.16.30-4 have been installed successfully.

[root@amd-5600-4-1 libguestfs_new]# rpm -qa  | grep libguestfs
python-libguestfs-1.16.30-4.el6.x86_64
libguestfs-tools-c-1.16.30-4.el6.x86_64
libguestfs-tools-1.16.30-4.el6.x86_64
libguestfs-1.16.30-4.el6.x86_64
[root@amd-5600-4-1 libguestfs_new]# rpm -qa | grep iptables
iptables-1.4.7-7.el6.x86_64
iptables-ipv6-1.4.7-7.el6.x86_64
[root@amd-5600-4-1 libguestfs_new]# rpm -qa | grep krb5-lib
krb5-libs-1.10.3-5.el6.x86_64

Comment 17 Mohua Li 2012-11-07 06:43:58 UTC

this bug fixed in the recent 6.4 build,  libguestfs-1.16.32-2.el6.x86_64

Comment 19 errata-xmlrpc 2013-02-21 08:38:51 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0324.html

Note You need to log in before you can comment on or make changes to this bug.