Bug#938929: Dependency problem with iptables and libvirt-daemon-system
On 26 Jul 2023 12:24:00 + Patrick Schleizer wrote: > libvirt upstream no longer depends on iptables for years. > > source: > https://gitlab.com/libvirt/libvirt/-/issues/406#note_1176654618 > > Should be trivial and safe to switch to nftables? Next to the Build-Depends on iptables, there's also an explicit Depends added to the libvirt-daemon-system binary package. I think it would be good to switch both to nftables, especially now that we're (still) in the middle of the Trixie development cycle. Or at least add nftables as (preferred) optional dependency to iptables. *If* any issues pop up, there's plenty of time to fix it. Now almost 5 years ago, the iptables package added the following to its Description: "The iptables/xtables framework has been replaced by nftables. You should consider migrating now." signature.asc Description: This is a digitally signed message part.
Bug#938929: Dependency problem with iptables and libvirt-daemon-system
Hey folks, just set up a new KVM host on Bullseye and ran into the same problems. Our automation purges iptables after setting up nftables to have clean slate which also would remove libvirt-daemon-system here. As I don't use any networking related features offered by libvirt I would consider it great if there wouldn't be a hard dependency on any related packages. Maybe the dependency on iptables could become a recommends? Thanks and best regards, Max
Bug#938929: Dependency problem with iptables and libvirt-daemon-system
Same here. Removing IPtables also removes libvirt-daemon-sytem. If you want a hardenend system all packages which are not used must be removed. So leaving IPtables installed is not an option. The following packages will be REMOVED: iptables* libvirt-daemon-system* 0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded. After this operation, 3,063 kB disk space will be freed. I am using. ii libvirt-daemon-system 6.0.0-4 ii libvirt-daemon-system-systemd 6.0.0-4 /W
Bug#938929: Dependency problem with iptables and libvirt-daemon-system
Control: severity -1 normal Control: tags -1 moreinfo Hi, On Fri, Aug 30, 2019 at 12:45:16PM +0200, Julian Hyordey wrote: > apt show libvirt-daemon-system > Package: libvirt-daemon-system > Version: 5.0.0-4 > Priority: optional > Section: admin > Source: libvirt > Maintainer: Debian Libvirt Maintainers < > pkg-libvirt-maintain...@lists.alioth.debian.org> > Installed-Size: 466 kB > Depends: debconf (>= 0.5) | debconf-2.0, libacl1 (>= 2.2.23), libapparmor1 (>= > 2.6~devel), libaudit1 (>= 1:2.2.1), libblkid1 (>= 2.16), libc6 (>= 2.14), > libcap-ng0 (>= 0.7.9), libdbus-1-3 (>= 1.9.14), libdevmapper1.02.1 (>= > 2:1.02.20), libgnutls30 (>= 3.6.5), libnl-3-200 (>= 3.2.7), libnl-route-3-200 > (>= 3.2.7), libnuma1 (>= 2.0.11), libselinux1 (>= 2.0.82), libvirt0 (>= > 5.0.0), > libxml2 (>= 2.7.4), libyajl2 (>= 2.0.4), adduser, gettext-base, lsb-base, > libvirt-clients (= 5.0.0-4), libvirt-daemon (= 5.0.0-4), iptables (>= 1.8.1-1) > | firewalld, logrotate, policykit-1 > [...] > . > So If I want to migrate from iptables to nftables on my KVM hypervisor, I > can't > remove iptables without removing libvirt-daemon-system. A bit annoying for an > hypervisor. Can't you just install nftables, use it, and leave iptables installed? Ivo
Bug#938929: Dependency problem with iptables and libvirt-daemon-system
Package: libvirt-daemon-system Version: 5.0.0-4 Severity: grave File: /usr/sbin/libvirtd apt show libvirt-daemon-system Package: libvirt-daemon-system Version: 5.0.0-4 Priority: optional Section: admin Source: libvirt Maintainer: Debian Libvirt Maintainers < pkg-libvirt-maintain...@lists.alioth.debian.org> Installed-Size: 466 kB Depends: debconf (>= 0.5) | debconf-2.0, libacl1 (>= 2.2.23), libapparmor1 (>= 2.6~devel), libaudit1 (>= 1:2.2.1), libblkid1 (>= 2.16), libc6 (>= 2.14), libcap-ng0 (>= 0.7.9), libdbus-1-3 (>= 1.9.14), libdevmapper1.02.1 (>= 2:1.02.20), libgnutls30 (>= 3.6.5), libnl-3-200 (>= 3.2.7), libnl-route-3-200 (>= 3.2.7), libnuma1 (>= 2.0.11), libselinux1 (>= 2.0.82), libvirt0 (>= 5.0.0), libxml2 (>= 2.7.4), libyajl2 (>= 2.0.4), adduser, gettext-base, lsb-base, libvirt-clients (= 5.0.0-4), libvirt-daemon (= 5.0.0-4), iptables (>= 1.8.1-1) | firewalld, logrotate, policykit-1 [...] . So If I want to migrate from iptables to nftables on my KVM hypervisor, I can't remove iptables without removing libvirt-daemon-system. A bit annoying for an hypervisor. Maybe linked to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935313 ? Not sure, so I submit. Regards,
